Re: [Samba] Active directory - Unclean shutdown
Hello, thanks for hint! I will try the release candidate. I can't change these registry keys by policy, they are regarding some security issue's. Regards, Bjoern -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Germ van Eck Gesendet: Montag, 1. Oktober 2012 21:35 An: samba@lists.samba.org Betreff: Re: [Samba] Active directory - Unclean shutdown Hello, Connecting to a share using Windows 7 should work fine. We do this a lot. Maybe you need some registry changes that are also needed for joining Windows 7 to a Samba domain. http://wiki.samba.org/index.php/Windows7#Windows_7_Registry_settings Regarding Samba 4, there is now a release candidate out, and I think it is wiser to use this over an older beta release. http://ftp.samba.org/pub/samba/rc/ Regards, Gerben Op 01-10-12 15:58, bjoern.bec...@easycash.de schreef: Hello, i try to connect samba with my active directory. I was able to join the domain successfully and my winbindd running fine. With samba 3.4.3 and samba 3.6.7 i get the following error when i try to connect to a share from a windows 7 box: [2012/10/01 15:01:14, 4] smbd/vfs.c:753(vfs_ChDir) vfs_ChDir to / [2012/10/01 15:01:14, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/10/01 15:01:14, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2012/10/01 15:01:14, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/01 15:01:14, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/10/01 15:01:14, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2012/10/01 15:01:14, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) [2012/10/01 15:01:14, 3] smbd/server.c:216(remove_child_pid) smbd/server.c:216 Unclean shutdown of pid 28928 In my despair i try the same with samba 4.0.0beta8 and it works but unfortunately unstable. I be able to map the share but when i try to access the samba server getting PANIC. I suppose that i have to use samba 4 because i need smbv2? I thought that samba 3.5.* supporting smb v2 too. Is there any posibility to run this setup with samba 3.*? Regards, Bjoern -- Station to Station handtekening Gerben van Eck - Software Engineer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active directory - Unclean shutdown
Hello, Connecting to a share using Windows 7 should work fine. We do this a lot. Maybe you need some registry changes that are also needed for joining Windows 7 to a Samba domain. http://wiki.samba.org/index.php/Windows7#Windows_7_Registry_settings Regarding Samba 4, there is now a release candidate out, and I think it is wiser to use this over an older beta release. http://ftp.samba.org/pub/samba/rc/ Regards, Gerben Op 01-10-12 15:58, bjoern.bec...@easycash.de schreef: Hello, i try to connect samba with my active directory. I was able to join the domain successfully and my winbindd running fine. With samba 3.4.3 and samba 3.6.7 i get the following error when i try to connect to a share from a windows 7 box: [2012/10/01 15:01:14, 4] smbd/vfs.c:753(vfs_ChDir) vfs_ChDir to / [2012/10/01 15:01:14, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/10/01 15:01:14, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2012/10/01 15:01:14, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/01 15:01:14, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/10/01 15:01:14, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2012/10/01 15:01:14, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) [2012/10/01 15:01:14, 3] smbd/server.c:216(remove_child_pid) smbd/server.c:216 Unclean shutdown of pid 28928 In my despair i try the same with samba 4.0.0beta8 and it works but unfortunately unstable. I be able to map the share but when i try to access the samba server getting PANIC. I suppose that i have to use samba 4 because i need smbv2? I thought that samba 3.5.* supporting smb v2 too. Is there any posibility to run this setup with samba 3.*? Regards, Bjoern -- Station to Station handtekening Gerben van Eck - Software Engineer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active directory - Unclean shutdown
On Mon, 2012-10-01 at 13:58 +, bjoern.bec...@easycash.de wrote: Hello, i try to connect samba with my active directory. I was able to join the domain successfully and my winbindd running fine. With samba 3.4.3 and samba 3.6.7 i get the following error when i try to connect to a share from a windows 7 box: [2012/10/01 15:01:14, 4] smbd/vfs.c:753(vfs_ChDir) vfs_ChDir to / [2012/10/01 15:01:14, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/10/01 15:01:14, 5] auth/token_util.c:522(debug_nt_user_token) NT user token: (NULL) [2012/10/01 15:01:14, 5] auth/token_util.c:548(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/10/01 15:01:14, 5] smbd/uid.c:368(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/10/01 15:01:14, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2012/10/01 15:01:14, 3] smbd/server.c:845(exit_server_common) Server exit (failed to receive smb request) [2012/10/01 15:01:14, 3] smbd/server.c:216(remove_child_pid) smbd/server.c:216 Unclean shutdown of pid 28928 Aside from looking a little scary, are you aware of any actual problem with your install? In my despair i try the same with samba 4.0.0beta8 and it works but unfortunately unstable. I be able to map the share but when i try to access the samba server getting PANIC. I suppose that i have to use samba 4 because i need smbv2? I thought that samba 3.5.* supporting smb v2 too. There have been some PANICs reported with Samba 4.0, and most of them have been dealt with. We have a new lock ordering restriction (designed to prevent deadlocks by ensuring that locks are taken and returned in the same, correct order at all times), and on some failure paths the auto-cleanup does things in the wrong order. The most visible one of these was fixed for rc1 as I understand it, and rc2 is due out in the next few days. If you can still reproduce a panic on v4-0-test or (if you want to follow the master series master) then please file a bug. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory member server
Hi Steven, Thanks for the feedback. I made some changes based on your config files and was still able to add the client to the domain using a local domain admin account. However, I am still unable to connect to the server from a windows machine and authenticate using an account from either domain. Wbinfo -u does not seem to list users from our authentication domain which may be the cause of the problem. Just to update I am running Debian (Lenny) for the server. Thanks James -Original Message- From: Steven Schlegel [mailto:steven.schlegel1...@googlemail.com] Sent: 14 June 2011 17:37 To: James Osbourn Subject: Re: [Samba] Active Directory member server Hi James, maybe the following configuration (examples) helps you out. I have the following packages installed: rpm -qa | grep -e samba -e krb5* | sort = output: krb5-auth-dialog-0.7-1 krb5-devel-1.6.1-36.el5 krb5-libs-1.6.1-36.el5 krb5-libs-1.6.1-36.el5 krb5-workstation-1.6.1-36.el5 ldb-tools-3.4.9-42.el5 libwbclient0-3.4.9-42.el5 libwbclient-devel-3.4.9-42.el5 libsmbclient0-3.4.9-42.el5 libsmbclient-devel-3.4.9-42.el5 pam_krb5-2.2.14-10 pam_krb5-2.2.14-10 samba3-3.4.9-42.el5 samba-cifsmount-3.4.9-42.el5 samba3-client-3.4.9-42.el5 samba3-doc-3.4.9-42.el5 samba3-utils-3.4.9-42.el5 samba3-winbind-3.4.9-42.el5 My krb5.conf looks like this: [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] default_realm = WIREDBRAIN.LCL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 600 forwardable = true proxiable = true default_keytab_name = FILE:/etc/krb5.keytab [realms] WIREDBRAIN.LCL = { kdc = dchh01.wiredbrain.lcl master_kdc = dchh01.wiredbrain.lcl admin_server = dchh01.wiredbrain.lcl #default_domain = WIREDBRAIN.LCL } TRIPEDBRAIN.LCL = { kdc = rootdc01.tripedbrain.lcl } [domain_realm] .wiredbrain.lcl = WIREDBRAIN.LCL wiredbrain.lcl = WIREDBRAIN.LCL .tripedbrain.lcl = TRIPEDBRAIN.LCL tripedbrain.lcl = TRIPEDBRAIN.LCL [login] krb4_convert = true krb4_get_tickets = true [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = true } And my smb.conf looks like this: [global] workgroup = WIREDBRAIN realm = WIREDBRAIN.LCL password server = * preferred master = no server string = Linux AD Member-Server security = ads encrypt passwords = yes local master = no log level = 1 log file = /var/log/samba/%m max log size = 50 #printcap name = cups #printcap = cups winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = \\ winbind refresh tickets = yes winbind offline logon = true winbind trusted domains only = no map untrusted to domain = Yes allow trusted domains = yes obey pam restrictions = no idmap backend = tdb idmap uid = 1-60 idmap gid = 1-60 passdb backend = tdbsam ;template primary group = domain users template shell = /bin/bash winbind nss info = rfc2307 client use spnego = yes client ntlmv2 auth = yes restrict anonymous = 2 As you can see I have two domains in my environment, named as WIREDBRAIN.LCL and TRIPEDBRAIN.LCL. Between those domains, an interdomain-trust has been created. After your configurations you need to initiate the net ads join command: net ads join -U Administrator and if this was successfull you need to create a kerberos keytab: net ads keytab create Now you can test your setup with the following commands: wbinfo -u - should give you a list of all users in your domains wbinfo -g - same like wbinfo -u (for groups) For my environment, I also need to edit the nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind Try kinit and smbclient to see if kerberos works and of course with samba. Best regards, Steven 2011/6/14 James Osbourn james.osbo...@citrix.com: I am trying to setup samba as a Windows front end to a CUPS print server. We seem to be having some problems getting the server registered in the domain and for users to be able to connect to the server. Our problems seems to stem from the fact that we add our machines to one domain which has a one way trust to a different domain which is where all of the user account reside and authentication is handled. I was able to get the net adc join command to work by using the primary domain administrator credentials. Any help on getting the correct runes into my smb.conf and krb5.conf files greatly appreciated. My krb5.conf file is as follows [libdefaults] default_realm = X.NET dns_lookup_realm = false dns_lookup_kdc = false
Re: [Samba] Active directory in Ubuntu
Copying samba-technical. On 1 November 2010 02:54, Christopher Chan christopher.c...@bradbury.edu.hk wrote: On Friday, October 29, 2010 01:53 AM, Dale Schroeder wrote: Tommie, To emulate an Active Directory DC, you will have to use Samba 4. Note that Samba 4 is still in alpha, but some have reported using it successfully in production environments. http://wiki.samba.org/index.php/Samba4 Does Samba 4 have to be a sole AD master or can it participate in a multi-master role with an existing AD environment? Samba 4 can work as one of the DCs in an existing AD environment and replicate changes to and from the other DCs. I itching to be able to finally not use any Microsoft based software on the servers. The Windows 2000 AD just serves logon scripts, group policies and printing. It is safe to assume that all these are available with the latest alpha? I think the best practice at the moment is to use e.g. a Samba 3 member server for file and print. I am using Samba only for authentication, though, so haven't tried it one way or the other. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active directory in Ubuntu
On Friday, October 29, 2010 01:53 AM, Dale Schroeder wrote: Tommie, To emulate an Active Directory DC, you will have to use Samba 4. Note that Samba 4 is still in alpha, but some have reported using it successfully in production environments. http://wiki.samba.org/index.php/Samba4 Does Samba 4 have to be a sole AD master or can it participate in a multi-master role with an existing AD environment? I itching to be able to finally not use any Microsoft based software on the servers. The Windows 2000 AD just serves logon scripts, group policies and printing. It is safe to assume that all these are available with the latest alpha? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active directory in Ubuntu
Tommie, To emulate an Active Directory DC, you will have to use Samba 4. Note that Samba 4 is still in alpha, but some have reported using it successfully in production environments. http://wiki.samba.org/index.php/Samba4 Dale On 10/28/2010 11:43 AM, Tomas Alberto Ramirez Andujar wrote: Hi, My name is Tommie, I am new to tthe list...greetings to you all. I have a couple of quetions. Our college network is running on Debian and Ubuntu, we are trying to migrate the rest of the services to Ubuntu... the Active Directory is the one that is still using windows. My questions are: How can i substitute the windows Active Directory by Samba? How can i migrate Active Directory users to Debian/Ubuntu? Tommie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Hi, Casey Allen Shobe wrote: which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, echo %LOGONSERVER% at the DOS prompt will tell you. but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. I believe that you can use the option init logon delay To forcibly make remote Sambas announce reply more slowly to broadcasts and make them less likely to become the logon server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David dva...@bentley.edu wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
Set will tell you which logon server has handled the clients logon. Look for LOGONSERVER: There could be something wrong with our local DC. Run DCDIAG and check the event viewer for errors in directory service and DNS. From: Casey Allen Shobe [mailto:ca...@shobe.info] Sent: Tuesday, March 09, 2010 4:12 PM To: Vaudo, David Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory domain controller authentication order Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David dva...@bentley.edumailto:dva...@bentley.edu wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.orgmailto:samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.orgmailto:samba-boun...@lists.samba.org] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.orgmailto:samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.infomailto:ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Casey Allen Shobe ca...@shobe.infomailto:ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory domain controller authentication order
I'm having the same problem with the wrong DC being used. I think it might be the Kerberos setup on the Unix box that's at fault, as it only points to the offsite DC not the local one, though it could allow for multiple. Our support organisation is investigating ... On Wed 10/03/10 7:51 AM , Vaudo, David dva...@bentley.edu sent: Set will tell you which logon server has handled the clients logon. Look for LOGONSERVER: There could be something wrong with our local DC. Run DCDIAG and check the event viewer for errors in directory service and DNS. From: Casey Allen Shobe [ca...@shobe.info [1]] Sent: Tuesday, March 09, 2010 4:12 PM To: Vaudo, David Cc: samba@lists.samba.org [2] Subject: Re: [Samba] Active Directory domain controller authentication order Thanks, I've found the following, as I only have read-only access to the sites and services stuff: * Our subnet is associated with our site definition. * Under our site -- Servers, only the local domain controller is listed. I also googled around and found out about set l on the command line, which shows our local DC. But I'm not sure how useful this is, because the VPN tunnel has been broken for a couple days and the logins are more recent than that. On Tue, Mar 9, 2010 at 3:38 PM, Vaudo, David wrote: Make sure the subnets in AD Sites and Services are correctly configured. I believe they perform to functions: 1. To control DC replication traffic between sites. 2. To make clients authenticate with local domain controllers first. Thanks David -Original Message- From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org [5]] On Behalf Of Casey Allen Shobe Sent: Tuesday, March 09, 2010 3:31 PM To: samba@lists.samba.org Subject: [Samba] Active Directory domain controller authentication order Hello, I'm curious if anybody knows how to configure the order in which domain controllers are contacted by clients for authentication purposes and other such stuff. I've a situation where it seems that all our Windows computers are attempting to authenticate off of a remote server before the local one, which is backwards. I'm not even certain where to check what they are actually attempting to authenticate against, but whenever a VPN tunnel we have to an upstream office breaks, logins and file share browsing and other stuff slows to a crawl. Thanks for any hints, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [9] -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba [11] Links: -- [1] mailto:ca...@shobe.info [2] mailto:samba@lists.samba.org [3] mailto:dva...@bentley.edu [4] mailto:samba-boun...@lists.samba.org [5] mailto:samba-boun...@lists.samba.org [6] mailto:samba-boun...@lists.samba.org [7] mailto:samba@lists.samba.org [8] mailto:ca...@shobe.info [9] https://lists.samba.org/mailman/options/samba [10] mailto:ca...@shobe.info [11] https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 7:31 AM, Casey Allen Shobe ca...@shobe.info wrote: Hi, I'm using a domain where the DNS is hosted by a couple of domain controllers on the network, outside of my control. I do have ability to work with group policy and active directory users and computers. I was able to join a samba/linux computer to the domain using 'net rpc join -S IP of local DC/DNS server'. This caused an entry for the computer to show up in Active Directory, however the name is in lower-case letters whereas all the Windows computers show up in upper-case, and if I view properties on the object, it doesn't show any details like an O/S or anything else. I am then able to resolve the samba host by name just like I can for Windows computers *from a Windows computer only*. While a linux computer is capable of resolving windows hosts by name since it's using the Windows DC as the DNS server, for whatever reason it cannot resolve samba hosts by name. Can anybody please point out what I'm doing wrong or what else I need to do to get this working? Also, is it possible to register multiple names in Windows DNS for an IP with Samba? When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. If looking in DNS management does not show you machine in the forward zone, try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 10:55 AM, Robert LeBlanc rob...@leblancnet.us wrote: When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Well, prior to reading this I actually got things changed over to use security = ads insead of domain, and re-joined the domain using kerberos. The DNS issue was exactly the same. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. No, I did not. I deleted it using active directory users and groups before rejoining with kerberos also. If looking in DNS management does not show you machine in the forward zone, How can I check for sure? wbinfo -I and -N work, btw, but not DNS resolution. I do not have any access to the Windows DNS stuff as it runs on servers I cannot log in to. Well, actually, I have a non-admin login right on one of them, but I don't think I can do anything useful with that. try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. That command hung for long time, then finally returned: DNS update failed! I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. I deleted the computer from AD, and pre-created it using uppercase letters, then re-joined the domain using net ads join. Now DNS resolution seems to work! If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. I'm assuming this is something on the Windows DC that is outside of my control. Is it possible to set up a (linux-based) DNS server for our site that can resolve some custom things I put in, but passes anything it doesn't know an answer for (e.g. any Windows hostname) to the Windows DNS? Cheers, -- Casey Allen Shobe ca...@shobe.info -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory DNS Registration
On Thu, Dec 3, 2009 at 9:34 AM, Casey Allen Shobe ca...@shobe.info wrote: On Thu, Dec 3, 2009 at 10:55 AM, Robert LeBlanc rob...@leblancnet.uswrote: When you use net ads join to join the computer to the domain, it should register the machine in DNS as well. Well, prior to reading this I actually got things changed over to use security = ads insead of domain, and re-joined the domain using kerberos. The DNS issue was exactly the same. Since you say that the machine object shows the name in lowercase, I assume you did not create the object previously. No, I did not. I deleted it using active directory users and groups before rejoining with kerberos also. If looking in DNS management does not show you machine in the forward zone, How can I check for sure? wbinfo -I and -N work, btw, but not DNS resolution. I do not have any access to the Windows DNS stuff as it runs on servers I cannot log in to. Well, actually, I have a non-admin login right on one of them, but I don't think I can do anything useful with that. I don't have login access to our DCs, but have been granted access to DNS. I open up DNS management on my Windows XP workstation, then select one of the DCs as the DNS server, I can then do any DNS work without having to login to the DC. If this is still not an option, then I would make heavy use of the dig command on Linux. try on the Samba server sudo net ads dns register -P That will try to register the machine again in DNS. That command hung for long time, then finally returned: DNS update failed! I wonder if this may have to do with the domain requiring secure updates, it seems that this would work since you have Kerberos working correctly. I would look through the logs, maybe bumping up the debug level while running the above command. You won't need to disjoin or rejoin to see the DNS errors. I haven't had to do much in the way of DNS debugging here as it works just fine in our environment. I'm not sure if pre-creating the object will cause problems as I have not pre-created objects in my domain. I deleted the computer from AD, and pre-created it using uppercase letters, then re-joined the domain using net ads join. Now DNS resolution seems to work! This seems fishy and doesn't make sense, as we don't have to so this here. I would try some of the above things as it may help pinpoint the real problem and fix it for future Samba installs. If you need additional IP's or CNAMEs, you may have to enter those manually in DNS management. I'm assuming this is something on the Windows DC that is outside of my control. Is it possible to set up a (linux-based) DNS server for our site that can resolve some custom things I put in, but passes anything it doesn't know an answer for (e.g. any Windows hostname) to the Windows DNS? Please see my above comment, you AD admin may feel comfortable delegating certian DNS rights to get your job done. I would much prefer that over a split horizon DNS, or delegated zone if your site has it's own sub-domain. It get too difficult to manage multiple DNS servers. We have a delegated DNS zone for our AD domain, and our clients all use our Linux DNS servers by default. The reason, that DNS was set-up a long time ago and not everyone on campus uses the Active Directory. Client | Linux DNS (school.edu, delegates school.local to AD DCs) | Windows DNS (school.local) Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory and Samba as fileserver
We have a Gentoo box running Samba and is a member of the Active Directory domain. This Gentoo box is going to be a fileserver. I want our users to login to their computer using Active Directory for authentication. The computers are all members of the Active Directory domain. I setup Samba to use Winbind. All is working smoothly (ie. wbinfo, smbclient, getent, etc) I can also access the shared drive and login to a machine without a problem using Active Directory accounts. The authentication is working as it should. For some odd reason, I can't figure out how to give permissions to all users the ability to make changes/add new folders on the shared drive. I am getting access denied even when the users or group are valid users of the shared drive per smb.conf. Any help would be greatly appreciated. This is a very similar set up to what I'm running. You will need to make sure the files on the shared drive are owned by AD groups that your users belong to. You will probably also want to force create mode = 664 or the like to ensure files are always group-writable, otherwise people won't be able to edit other people's files in the same group. Without more information on your specific issue it's difficult to suggest anything else. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Active Directory Integration Problems
Brian, Which logs should I be checking? The following output comes from the winbindd.log. I replaced the FQDN of the domain controller in the second to last line of the log file. It was in the format SERVERNAME.domain.name [2009/07/13 09:16:40, 0] lib/util_sock.c:write_data(564) write_data: write failure. Error = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:write_socket(158) write_socket: Error writing 104 bytes to socket 17: ERRNO = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:cli_send_smb(188) Error writing 104 bytes to client. -1 (Connection reset by peer) [2009/07/13 09:16:40, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine (FQDN to domain controller). Error was Write error: Connection reset by peer -Original Message- From: gregorcy [mailto:brian.grego...@utah.edu] Sent: Friday, July 10, 2009 12:56 PM To: David Armstrong Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory Integration Problems David Armstrong wrote: Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = 2CP\darmstrong,buexec,test,itadmin write list = 2CP\darmstrong,buexec,test,itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? Sounds like my first suggestion was wrong, maybe try uping the idmap setting. idmap backend = rid:CHEMENG=500-1 idmap uid = 500-1 idmap gid = 500-1 Is there anything in the logs? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
failure. Error = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:write_socket(158) write_socket: Error writing 104 bytes to socket 17: ERRNO = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:cli_send_smb(188) Error writing 104 bytes to client. -1 (Connection reset by peer) [2009/07/13 09:16:40, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine (FQDN to domain controller). Error was Write error: Connection reset by peer -Original Message- From: gregorcy [mailto:brian.grego...@utah.edu] Sent: Friday, July 10, 2009 12:56 PM To: David Armstrong Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory Integration Problems David Armstrong wrote: Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = 2CP\darmstrong,buexec,test,itadmin write list = 2CP\darmstrong,buexec,test,itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? Sounds like my first suggestion was wrong, maybe try uping the idmap setting. idmap backend = rid:CHEMENG=500-1 idmap uid = 500-1 idmap gid = 500-1 Is there anything in the logs? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
HI:) what permission you used for the folder: /home/CHE-shares/faculty ? Thanks:) Gabi On Fri, Jul 10, 2009 at 12:20 AM, gregorcybrian.grego...@utah.edu wrote: [test] path = /home/2CP/darmstrong valid users = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin write list = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin read list = Try setting up your share like this, I am not sure that you need the quotes except of groups with spaces in them. [faculty] comment = CHE Faculty Share path = /home/CHE-shares/faculty browseable = yes read only = yes inherit permissions = yes write list = @CHEMENG+Domain Admins, @CHEMENG+Faculty valid users = @CHEMENG+Domain Admins, @CHEMENG+Faculty admin users = @CHEMENG+Domain Admins -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
David Armstrong wrote: Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = 2CP\darmstrong,buexec,test,itadmin write list = 2CP\darmstrong,buexec,test,itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? Sounds like my first suggestion was wrong, maybe try uping the idmap setting. idmap backend = rid:CHEMENG=500-1 idmap uid = 500-1 idmap gid = 500-1 Is there anything in the logs? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
[test] path = /home/2CP/darmstrong valid users = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin write list = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin read list = Try setting up your share like this, I am not sure that you need the quotes except of groups with spaces in them. [faculty] comment = CHE Faculty Share path= /home/CHE-shares/faculty browseable = yes read only = yes inherit permissions = yes write list = @CHEMENG+Domain Admins, @CHEMENG+Faculty valid users = @CHEMENG+Domain Admins, @CHEMENG+Faculty admin users = @CHEMENG+Domain Admins -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering 801.585.7170 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Active Directory Integration Problems
Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = 2CP\darmstrong,buexec,test,itadmin write list = 2CP\darmstrong,buexec,test,itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? -Original Message- From: Gary Greene [mailto:ggre...@minervanetworks.com] Sent: Thursday, July 09, 2009 2:38 PM To: gregorcy; David Armstrong Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory Integration Problems On 7/9/09 2:20 PM, gregorcy brian.grego...@utah.edu wrote: [test] path = /home/2CP/darmstrong valid users = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin write list = 2CP\darmstrong,2CP\buexec,2CP\test,itadmin read list = Try setting up your share like this, I am not sure that you need the quotes except of groups with spaces in them. [faculty] comment = CHE Faculty Share path= /home/CHE-shares/faculty browseable = yes read only = yes inherit permissions = yes write list = @CHEMENG+Domain Admins, @CHEMENG+Faculty valid users = @CHEMENG+Domain Admins, @CHEMENG+Faculty admin users = @CHEMENG+Domain Admins The domain portion of the user isn't needed if you have 'winbind use default domain = true' in your config. The quotes are however required since Samba and the NSS stack on Linux cannot (or at least not from my experience) handle escapes. -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active directory and winbind RID/SID to uid and gid maping across several linux servers
Dale, Thanks for the information and the link. We are just now trying to implement this and we have not implemented this on any production servers. I need to talk with my security person to see if we have/planning to have trusted domains. If we do then I will have to go with the ldap/ADS solution that was in the link you gave. Thanks again, Reece Dale Schroeder wrote: Reece, idmap backend = rid:MYDOMAIN=15000-2 will create consistent mappings, _*but*_ be aware that enabling this parameter will break all your existing mappings, and you will have to reset permissions on your Redhat servers. Obviously, this is not desirable on production systems. However, once this is done, you will continue to have the same mappings on any existing and similarly configured future Samba servers. Only you can determine if it is worth the time and effort to do this. We have four servers configured this way, and users have the same uid/gid on each system. Comparison of idmap backends: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2598850 Dale Reece Dike wrote: We are using a windows server 2003 active directory as our single sign on server. I have been able to get our RHEL4U6 servers to authenticate with active directory. My concern is that the RID mapping to unix uid/gid range (15000-2) is stored locally on each machine in a tdb database. So far all of the servers have produced the same mapping, but I do not think it is guarantied. I think the fact that I do a wbinfo -u and wbinfo -g as part of the setup and there have been no users/groups added to active directory has made the mappings the same. I know that the uid/gid are not being store in active directory(I did a 'dsquery * -scope base -attrib *' on my id in active directory). Is there any way to guaranty the RID to uid/gid mapping across several servers? Thanks, Reece Dike Here is my smb.conf [global] workgroup = MYDOMAIN server string = Samba Server Version %v security = ADS password server = 68.216.162.90 realm = MYDOMAIN.COM passdb backend = tdbsam load printers = yes cups options = raw template shell = /bin/false server signing = autos idmap uid = 15000-2 idmap gid = 15000-2 winbind enum groups = yes winbind enum users = yes winbind separator = + winbind use default domain = no template homedir = /homes/%D/%U template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [usbshare] comment = Backups and Stuff path = /usbdrive valid users = +MYDOMAIN+Domain Users read only = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory member problem
Frank Van Damme wrote: Hello I have added a Linux member server (my laptop) to our production Windows 2003 ADS domain (with net ads join, not net rpc join). Yet, when I browse to it from an Xp client (member of the domain) I still get a username/password dialog. What works: - wbinfo -g and wbinfo -u show usernames and passwords (without DOMAIN+ prefix) - getent passwd works - smbclient and logging in to the member server with a valid domain username/pwd works What does not work: # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret I can see the host in AD users and computers but something still seems to be wrong with the machine account... how do I start to troubleshoot this? If wbinfo -t fails, then you have not joined the domain. This is usually due to wrong time. See this: http://www.aeronetworks.ca/LinuxActiveDirectory.html for troubleshooting tips. Cheers, Herman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory
On 8/1/07, Adriatik Allamani [EMAIL PROTECTED] wrote: So. How can I organize and configure the Cent OS to use it as Active Directory Server, and to open all the existing users there, and then to shut down the win2000 Server and to Activate the CentOS as domain controller? I want to use Red Hat Enterprise Linux 5.0.0. And Samba 4.0 Samba 4 is not out yet; the Samba 4 Technical Previews are not recommended for production use. I'm not aware of any docs or howtos on how to migrate from Windows AD to Samba 4 AD. (I *think* that I've seen comments about the Samba team working to get full-fledged AD replication working in Samba 4, which would mean that migrating to Samba should be as simple as promoting a Samba 4 DC then demoting the Windows DC. But I don't know that Samba 4 can do that yet.) Samba 3.x cannot serve as an Active Directory domain controller. It can serve as a NT4-style domain controller, but I suspect that you would need to rejoin all of your computers to switch from a Windows AD domain to a Samba NT domain. If your Active Directory domain is still in mixed mode, then I imagine that you could at least migrate users using Samba's net vampire command (http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html), but it's not something that I've tried. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active directory, winbind, and distribution groups (as opposed to security groups)
On Wed, 2007-03-21 at 13:41 +0100, Vincent Deffontaines wrote: Greetings, This is about a samba installation plugged on Active directory. I would like to bounce on : http://lists.samba.org/archive/samba/2005-January/099472.html I understand distribution groups are not real groups, as Unix people mean them. Distribution groups are, by design, only related to mailing lists, or so. My question is pretty simple : Is there a way to list the security groups of a domain? getent group as well as wbinfo -g list both security and distribution groups. Either a command line switch on wbinfo, or a smb.conf parameter would be good, in order to list only security groups. Since I have not found this in the docs, does this exist? Does this question make sense? If getent group lists distribution groups, we may have a bug, are you sure of that? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active directory, winbind, and distribution groups (as opposed to security groups)
simo wrote: On Wed, 2007-03-21 at 13:41 +0100, Vincent Deffontaines wrote: Greetings, This is about a samba installation plugged on Active directory. I would like to bounce on : http://lists.samba.org/archive/samba/2005-January/099472.html I understand distribution groups are not real groups, as Unix people mean them. Distribution groups are, by design, only related to mailing lists, or so. My question is pretty simple : Is there a way to list the security groups of a domain? getent group as well as wbinfo -g list both security and distribution groups. Either a command line switch on wbinfo, or a smb.conf parameter would be good, in order to list only security groups. Since I have not found this in the docs, does this exist? Does this question make sense? If getent group lists distribution groups, we may have a bug, are you sure of that? Simo. Versions in use here are : - Windows server 2003 SP1 - Samba / winbind 3.0.14a (from debian sarge). I just tested it with 3.0.22 (from ubuntu dapper), and distribution groups *don't* show up. Sorry for opening the topic before testing this on a recent release. This topic is closed AFAI am concerned, and hopefully contains keywords for future generations ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory integration without NSS support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 P. L. wrote: Yes. I have MIT Kerberos installed and working on my embedded Linux system. kinit is running fine and I can join an AD domain. If I manually create the Unix and Samba user (matching the AD users and passwords) on my embedded Linux Samba server, my Windows AD member servers then can access the Samba shares with SSO, otherwise the shares are not accessible. Based on my limited knowledge on Samba, I thought Winbind is supposed to automatically create the Unix user and Samba user. Since my Linux system doesn't support NSS, my guess is that Winbind may not be able to do its job, so I would like some help on getting winbind to work without NSS. Winbindd does assume the existences of NSS and relies upon it. If you want to work around this try modifying sys_getpwnam() to implement a NSS like look order in samba/source/lib/system.c cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF/nfzIR7qMdg1EfYRArPTAKDoLfDCDqqi4Pi4CNjYJn3ywctDUACfY05h rJekUEakgmLBqIn1Rt98D9s= =XZc+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory integration without NSS support
Does your system supports kerberos? Venlig Hilsen (Best Regards) stud. med. Rune Tønnesen P. L. skrev: Hi, My embedded linux system doesn't support NSS. Is there a way to configure Samba/winbind to work with Windows 2003 Active Directory without using NSS? I can successfully join an AD domain, but AD users can't access the Samba shares. Thanks, Sam Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory integration without NSS support
Yes. I have MIT Kerberos installed and working on my embedded Linux system. kinit is running fine and I can join an AD domain. If I manually create the Unix and Samba user (matching the AD users and passwords) on my embedded Linux Samba server, my Windows AD member servers then can access the Samba shares with SSO, otherwise the shares are not accessible. Based on my limited knowledge on Samba, I thought Winbind is supposed to automatically create the Unix user and Samba user. Since my Linux system doesn't support NSS, my guess is that Winbind may not be able to do its job, so I would like some help on getting winbind to work without NSS. Thanks, Sam --- Rune Tønnesen [EMAIL PROTECTED] wrote: Does your system supports kerberos? Venlig Hilsen (Best Regards) stud. med. Rune Tønnesen P. L. skrev: Hi, My embedded linux system doesn't support NSS. Is there a way to configure Samba/winbind to work with Windows 2003 Active Directory without using NSS? I can successfully join an AD domain, but AD users can't access the Samba shares. Thanks, Sam Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains. http://farechase.yahoo.com/promo-generic-14795097 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Get your own web address. Have a HUGE year through Yahoo! Small Business. http://smallbusiness.yahoo.com/domains/?p=BESTDEAL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory Group Policy
No, thats not possible. Samba 3 basically acts as sort of an NT 4 style DC. It doesn't support Group Policys. I think there was some discussion of this though with samba 4, but not sure. On Wednesday 14 March 2007 4:56 am, Erdenebat Gantomor wrote: I'm very new to Samba. Is it possible to work as replacement of Win2003 DC? And can i configure Windows Server 2003 Group Policy using Samba? Let me introduce some quick tips and information. -- Best regards, Erdenebat Guntomor/ /mailto:[EMAIL PROTECTED] -- Cody Jarrett IT Freedom® [EMAIL PROTECTED] Office: 512.419.0070 Fax: 512.419.0080 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory for users authentication only?
John Snowdon said: SNIP I assume, perhaps naively, that this is because Samba is purely looking up group information for my account from winbind? If so, what do I need to modify so that Samba ignores group information from winbind and purely uses /etc/group? I've encountered a similar problem and opened a bug report. https://bugzilla.samba.org/show_bug.cgi?id=4353 Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active directory usergroups to use with samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/16/2007 09:44 AM, [EMAIL PROTECTED] escreveu: Hi, I have a Samba 3 server which authenticate in AD. Is it possible to map windows usergroups against UNIX ones? Hmmm... yes it is, but I'm not sure if it is in the way you want it. :-) Did you try to setup winbind? Sounds more with what you want. You can also check Samba By Example (and of course, Samba Official HOWTO), they have a lot of important information and examples about this. http://samba.org/samba/docs/ In the logs, I see several SIDs whenever an user authenticate itself, but I don't know how to use them. For example, here is my [global] [global] dos charset = iso-8859-1 unix charset = iso-8859-1 workgroup = INFELEC realm = REALM.LOCAL netbios name = LINUXSA netbios aliases = LINUXSAMBA server string = Serveur Samba %v security = ADS password server = passwd1 passwd2 username map = /etc/samba/smbusers password level = 8 username level = 8 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no Does anyone can help me? I hope this info helps you. ;) Matthieu LUSSEAUD LATelec - Service informatique Pôle systèmes unix Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFrk9lCj65ZxU4gPQRAriBAJ4/05fHnA3Yzrwt3UjzHksZCcGTqwCeLkGT YvOZCqpW1W6ZsjPL6K6lC2o= =TQ/p -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] active directory with Samba
Josu Lazkano Lete wrote: hello, this is my first letter. sorry about my english. i am trying to configure a samba and ldap server to auteticate windows and linux clients. can some one help me? i am new in linux, i need some howtos. thanks for all. Go to samba.org and look at the Samba Howto Collection and Samba by Example documents. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] active directory with Samba
El Miércoles, 3 de Enero de 2007 14:08, Josu Lazkano Lete escribió: hello, this is my first letter. sorry about my english. i am trying to configure a samba and ldap server to auteticate windows and linux clients. can some one help me? i am new in linux, i need some howtos. Look the idealx samba howto. Worked great for me. http://sourceforge.net/project/showfiles.php?group_id=166108 Hmmm... your name ¿from Basque Country? -- Asier. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory Primary group dont' show users
this is not fully implemented yet. See here: http://groups.google.com.au/group/linux.samba/browse_thread/thread/ a464f34c32de1184/4d20dc2e81cd2034? lnk=stq=samba+domain+users+group+no+membersrnum=3hl=en#4d20dc2e81cd20 34 cheers GS On 23 Jun 2006, at 20:44, Ashish Tyagi wrote: Hi all I have configured samba 3.0.11 in a windows 2003 domain as a domain member (security=ads).issue is, when i issue command getent group |grep domain users it shows DOMAIN+domain users:x:1004: it don't shows any user in this group while this group contains all the users in domain.it is primary group of all the users. if i set primary group of a user to something else then it shows user in 'domain user' group. Thanks Ashish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active directory authentification with Samba
I went in the Samba settings and went in the security tab. I selected ADS, added the IP of my AD server and added my Kerberos realm (found it by running ksetup on my AD server). But since I've done that, I can't even access the server. The message tells me that the server is not accessible or that I might not have permission. It also mentions that configuration information can't be read from the domain controller. What am I missing? (Yes, I'm trying to read the doc... 943 pages, ugh) Simon -Original Message- From: Rob Tanner [mailto:[EMAIL PROTECTED] Sent: 11 avril, 2006 20:23 To: Simon Renshaw Cc: samba@lists.samba.org Subject: Re: [Samba] Active directory authentification with Samba Use security = ADS or security = DOMAIN On 04/11/2006 01:17 PM, Simon Renshaw wrote: Hi, I looked at the doc but I can't find what I'm looking for. I have 1 Linux server (CentOS 4.3) running Samba 3.0.10 in a Windows 2003 AD domain. I modified Samba's conf file to point it to our WINS server. We can access the share using \\servername. So far so good. Is there a way to use AD to authenticate the users instead of the Samba users that are on the server? Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active directory authentification with Samba
The samba home page (in SWAT) has a section at the bottom called Books. Click on Samba 3 by Example. Then click on Active Directory, Kerberos ans Security. Go through that material and make sure you've set everything up correctly. It has a lot of step by step info. -- Rob Simon Renshaw said the following on 04/13/2006 08:44 AM: I went in the Samba settings and went in the security tab. I selected ADS, added the IP of my AD server and added my Kerberos realm (found it by running ksetup on my AD server). But since I've done that, I can't even access the server. The message tells me that the server is not accessible or that I might not have permission. It also mentions that configuration information can't be read from the domain controller. What am I missing? (Yes, I'm trying to read the doc... 943 pages, ugh) Simon -Original Message- From: Rob Tanner [mailto:[EMAIL PROTECTED] Sent: 11 avril, 2006 20:23 To: Simon Renshaw Cc: samba@lists.samba.org Subject: Re: [Samba] Active directory authentification with Samba Use security = ADS or security = DOMAIN On 04/11/2006 01:17 PM, Simon Renshaw wrote: Hi, I looked at the doc but I can't find what I'm looking for. I have 1 Linux server (CentOS 4.3) running Samba 3.0.10 in a Windows 2003 AD domain. I modified Samba's conf file to point it to our WINS server. We can access the share using \\servername. So far so good. Is there a way to use AD to authenticate the users instead of the Samba users that are on the server? Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active directory authentification with Samba
You mean this? http://us4.samba.org/samba/docs/man/Samba-Guide/kerberos.html Or do you mean something the HOWTO section? While there are indeed a lot of examples in it, it seems to deal with Windows shares under a Samba domain. No my situation. Or there is too much fluff and I just missed it. I will rephrase what I want to do. I want to share / (read and write) and make it available to everybody that is in the Domain Users group of AD. Simple, no? So in my smb.conf file, the share will look like that? [root] path = / writeable = yes guest ok = yes valid users = @MONTREAL\Domain Users But the Domain Users group is in the Users OU. Should I put Montreal\Users\Domain Users instead? I have only 1 Linux server and 5-6 users so security (or the lack of it) is not a problem. Oh, and I never used SWAT. Thanks! Simon From: Rob Tanner [mailto:[EMAIL PROTECTED] Sent: 13 avril, 2006 12:59 To: Simon Renshaw Cc: samba@lists.samba.org Subject: Re: [Samba] Active directory authentification with Samba The samba home page (in SWAT) has a section at the bottom called Books. Click on Samba 3 by Example. Then click on Active Directory, Kerberos ans Security. Go through that material and make sure you've set everything up correctly. It has a lot of step by step info. -- Rob Simon Renshaw said the following on 04/13/2006 08:44 AM: I went in the Samba settings and went in the security tab. I selected ADS, added the IP of my AD server and added my Kerberos realm (found it by running ksetup on my AD server). But since I've done that, I can't even access the server. The message tells me that the server is not accessible or that I might not have permission. It also mentions that configuration information can't be read from the domain controller. What am I missing? (Yes, I'm trying to read the doc... 943 pages, ugh) Simon -Original Message- From: Rob Tanner [mailto:[EMAIL PROTECTED] Sent: 11 avril, 2006 20:23 To: Simon Renshaw Cc: samba@lists.samba.org Subject: Re: [Samba] Active directory authentification with Samba Use security = ADS or security = DOMAIN On 04/11/2006 01:17 PM, Simon Renshaw wrote: Hi, I looked at the doc but I can't find what I'm looking for. I have 1 Linux server (CentOS 4.3) running Samba 3.0.10 in a Windows 2003 AD domain. I modified Samba's conf file to point it to our WINS server. We can access the share using \\servername. So far so good. Is there a way to use AD to authenticate the users instead of the Samba users that are on the server? Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active directory authentification with Samba
Use security = ADS or security = DOMAIN On 04/11/2006 01:17 PM, Simon Renshaw wrote: Hi, I looked at the doc but I can't find what I'm looking for. I have 1 Linux server (CentOS 4.3) running Samba 3.0.10 in a Windows 2003 AD domain. I modified Samba's conf file to point it to our WINS server. We can access the share using \\servername. So far so good. Is there a way to use AD to authenticate the users instead of the Samba users that are on the server? Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory and Native Mode - NEw to Samba
On Mon, 2006-02-06 at 09:44 +1100, Ledesma, Pedro wrote: Hi, I would like to get some information about samba v2.x and Active directory Native mode. Samba 2.x is quite old now. Our Windows 2003 domain function is currently set to interim mode, we would like to raise the function level to Native. I am wondering if this will break users accessing samba shares. Depending on your setup, probably. I strongly suggest upgrading to Samba 3.0.21b, our latest release. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active Directory authentication fails
Sorry, that would be helpful, wouldn't it. ;-) #=== Global Settings = [global] workgroup = INNOVA realm = INNOVA.LOCAL winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes server string = Backup Server log file = /var/log/samba/%m.log max log size = 50 security = ADS password server = rome.innova.local encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins bcast dns proxy = no # Share Definitions == [london] comment = London backup path = /backups/london valid users = @INNOVA\cburke public = yes writable = yes create mask = 0765 admin users = @INNOVA\cburke Chip Burke -Original Message- From: Joseph Krueger [mailto:[EMAIL PROTECTED] Sent: Thursday, January 05, 2006 8:20 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Active Directory authentication fails Please include smb.conf Chip Burke wrote: I am trying to get Samba to authenticate to a Win2k DC. The error I consistently get is Failed to verify incoming ticket Using wbinfo I can pull the user and groups from the DC. Using krb5 I can get a good ticket from the DC. I have the winbind options in my smb.conf exactly as listed in the docs. The Linux box did a net join ads no sweat. After sitting a while, I no longer get the same error on the Linux box, but the Windows clients get There are currently no logon servers available to service the logon request. I imagine something isn't happy with how the Samba box is getting SIDs or something like that from the Windows DC. How do I begin to troubleshoot? Chip Burke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory and Samba 3.0.20
Does TACOMANEWS allow anonymous binding to it Active Directory LDAP? If not you need to set a authuser (wbinfo --set-auth-user). Also you can determine if it support anonymous bind or not by running simply queries using ldapsearch with and without -D option. On 12/20/05, Rich Bonfoey [EMAIL PROTECTED] wrote: This is a new install with a very novice samba user . We are running samba 3.0.20 on a Solaris 9 server. We have 3 domains controllers - 1 old NT and 1Win 2000 Active Directory and 1 Win 2003 Active Directory. The support group that administers the domains, have a limited skill set. If its not Windows they have nothing to contribute. The Domain Controllers are called TACOMANEWS - Win 22000 TACOMA - Win 2003 IS_DEPT - NT4 When running wbinfo -m on TACOMANEWS it sees IS_DEPT and TACOMA When running wbinfo -m on IS_DEPT it sees TACOMA When running wbinfo -m on TACOMA it sees TACOMANEWS and TACOMA Checking users in all the domains, the only users that are seen are the ones in the IS_DEPT and TACOMA. Even when joined to TACOMANEWS, it shows no users for this domain. There are at least 80 users in the TACOMANEWS domain. I think there should be users showing for TACOMANEWS, but our support group does not know why. Can anyone offer some insight or point me to some documentation on the issue. I have googled a lot but haven't found what I need. Samba is running as a member of a domain. Below is my smb.conf file, this is very generic. Thanks for any and all help [global] force directory mode = 775 create mode = 777 acl compatibility = auto dns proxy = no force create mode = 775 encrypt passwords = yes idmap gid = 1-2 socket options = TCP_NODELAY max log size = 50 password server = * idmap uid = 1-2 writeable = yes directory mode = 777 security = DOMAIN winbind use default domain = yes server string = zThorin workgroup = TACOMANEWS local master = no log level = 1 print command = lpr -h -r -P%p %s netbios name = zthorin log file = /usr/local/samba/var/%m.log os level = 20 [Fango] path = /fango/gongo printable = no public = yes create mask = 777 directory mask = 777 Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology Richard Bonfoey The News Tribune Information Systems Successfully Meeting the Business Needs of The News Tribune through Information Technology -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
On Sat, 2005-10-15 at 12:10 +0530, Akshay Guleria wrote: No, although Samba can interact with Kerberos, it can't actually control an AD domain. That's what Samba 4 is for. ok. so finally, when is samba 4 coming !? :) We expect a technology preview in a month or so, but you can download the SVN code now if you want to have a play. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
No, although Samba can interact with Kerberos, it can't actually control an AD domain. That's what Samba 4 is for. ok. so finally, when is samba 4 coming !? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
Akshay Guleria wrote: You can setup Samba3 to honour an MIT kerberos realm (getting the clients to function is a different matter, but possible). You can also have Heimdal backed onto Samba3's LDAP database, which you can populate with the vampire tools. And yes,, the goal of Samba4 is to host an AD-like domain, using the AD protocols. so, as i understand this, one can setup samba+MIT kerberos to achieve authentication and file print services just like AD does. Right!? No, although Samba can interact with Kerberos, it can't actually control an AD domain. That's what Samba 4 is for. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
Akshay Guleria wrote: Hi, I have been working on Windows NT PDC to OpenLDAP+Samba migration project and all is going on well, thanks to idealx. Now, I want to now do migrate MS Windows 2000/2003 based Active Directory to Linux+Samba+OpenLDAP+Kerberos. Somehow, the impression that I am getting having gone through many docs, including those from samba.org is that its not possible till probably version Samba 4 is out. My questions to the list: 1. Is there some way to achieve this migration. Windows AD to Lnux+OpenldapCan someone point me to the right kind of documentation. 2. If its not possible, then is it on the list of features of Samba 4. That is is it going to be there any soon. how soon? :) Thanks Akshay My readings of the docs is that while Samba can't be a DC in an AD domain, there is nothing to stop it from being a DC in an LDAP/Kerberos domain. That is, you can't currently mix Windows DCs and Samba DCs in a domain hierarchy, but you can run one with just Samba. For migration, I believe you can export the Windows information to an LDIF format and then import it into LDAP, but I've never tried it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
On Thu, 2005-10-13 at 06:22 -0400, Gary Dale wrote: Akshay Guleria wrote: Hi, I have been working on Windows NT PDC to OpenLDAP+Samba migration project and all is going on well, thanks to idealx. Now, I want to now do migrate MS Windows 2000/2003 based Active Directory to Linux+Samba+OpenLDAP+Kerberos. Somehow, the impression that I am getting having gone through many docs, including those from samba.org is that its not possible till probably version Samba 4 is out. My questions to the list: 1. Is there some way to achieve this migration. Windows AD to Lnux+OpenldapCan someone point me to the right kind of documentation. 2. If its not possible, then is it on the list of features of Samba 4. That is is it going to be there any soon. how soon? :) Thanks Akshay My readings of the docs is that while Samba can't be a DC in an AD domain, there is nothing to stop it from being a DC in an LDAP/Kerberos domain. You can setup Samba3 to honour an MIT kerberos realm (getting the clients to function is a different matter, but possible). You can also have Heimdal backed onto Samba3's LDAP database, which you can populate with the vampire tools. And yes,, the goal of Samba4 is to host an AD-like domain, using the AD protocols. That is, you can't currently mix Windows DCs and Samba DCs in a domain hierarchy, but you can run one with just Samba. For migration, I believe you can export the Windows information to an LDIF format and then import it into LDAP, but I've never tried it. You would need to munge it, and get the passwords. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
My readings of the docs is that while Samba can't be a DC in an AD domain, there is nothing to stop it from being a DC in an LDAP/Kerberos domain. You can setup Samba3 to honour an MIT kerberos realm (getting the clients to function is a different matter, but possible). You can also have Heimdal backed onto Samba3's LDAP database, which you can populate with the vampire tools. And yes,, the goal of Samba4 is to host an AD-like domain, using the AD protocols. so, as i understand this, one can setup samba+MIT kerberos to achieve authentication and file print services just like AD does. Right!? so, whats the challenge here? - 1. migrating the data from AD to LDAP. munging the passwords and then importing it in LDAP. 2. do i need to re-join the clients to the samba domain. !? 3. for the time being, i think incporporating DNS, DHCP like AD does is out of the scope of our discussion. Haven;t found any thing on web that can help me setting this kind of a thing. Can you please point me to such a documentation. Thanks, Akshay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory to OpenLDAP+Kerberos on Linux
Akshay Guleria wrote: My readings of the docs is that while Samba can't be a DC in an AD domain, there is nothing to stop it from being a DC in an LDAP/Kerberos domain. You can setup Samba3 to honour an MIT kerberos realm (getting the clients to function is a different matter, but possible). You can also have Heimdal backed onto Samba3's LDAP database, which you can populate with the vampire tools. And yes,, the goal of Samba4 is to host an AD-like domain, using the AD protocols. so, as i understand this, one can setup samba+MIT kerberos to achieve authentication and file print services just like AD does. Right!? so, whats the challenge here? - 1. migrating the data from AD to LDAP. munging the passwords and then importing it in LDAP. 2. do i need to re-join the clients to the samba domain. !? 3. for the time being, i think incporporating DNS, DHCP like AD does is out of the scope of our discussion. Haven;t found any thing on web that can help me setting this kind of a thing. Can you please point me to such a documentation. Thanks, Akshay Sorry, those who have been able to do it aren't telling. :( I tried earlier without success. I'd suggest trying first to get LDAP working with Samba before tackling Kerberos. The previous responder suggested that you can use net vampire to populate LDAP. I don't see any reason why it shouldn't work. The difficulty with getting this to work is the different parts weren't designed specifically to work together. You have to configure them to do so. This makes LDAP a big step up from tdb as a samba database. Try the Samba Howto Collection and the Samba By Example documents on www.samba.org. They do cover the topics but maybe not in enough detail for any particular distribution. Expect to do some playing around to get it to work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory and Samba Issue
Try setting the following in your smb.conf client schannel = no M Middleton wrote: I'm running Samba 3 on SuSE 9.1 Enterprise, and I'm trying to get it to connect to my AD server. I followed the instructions in the documentation (a very handy guide, I might add), but when I run wbinfo -u, I get an error message stating error looking up domain users. I've been struggling with this for a few days, and have had no luck troubleshooting. Any advice? Thanks! Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] active directory auth some more
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Iustinian T. wrote: I've been trying for a few days to get a samba server 3.0.13 to work as an adition to some servers inside a Active Directory domain (windows 2003) servers. My first problem is that wbinfo_group.pl does not work anymore after SP1 update to windows domain controllers, it is not capable of getting sig for the group. There were some schannel workarounds in 3.0.14a that are needed to deal with 2003 sp1 DCs. Check the release notes for details. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCw+0lIR7qMdg1EfYRArvQAJ9HSQilzZiuBJy09Lz7dkU4byOmXACeIXnc HimfRok50Gcg4aA4PHMiPA4= =bRm/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory authentication very slow (winbind/PAM)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank Gruman wrote: | I have Samba authenticating to a medium-sized Windows | 2000 Active Directory domain (approx 5000 users). | The authentication times are ranging from 15 to | 30 seconds, and when trying to win acceptance for | Linux as a stable server platform / file and | development code repository, this performance | is unacceptable to many of my peers. It is the | same whether they authenticate through the Apache | engine or if I add authentication to the xdm config | and I login to KDE, or even from command line. Frank, Use ethereal and try to determine where the lag is? Is it actually during the authentication ? Is it a name resolution delay? Or is it during the getpwnam()? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCqY3LIR7qMdg1EfYRAuscAJ9pZfcsuYwjgLLTwxzql+4FgEgf6QCfQNLn L9P2RccV8Wg5zIlJFO2LHCI= =hgO/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory + Samba 3.0.10 - how to deal with owners and permissions
[EMAIL PROTECTED] wrote: Hi. I've a running samba system that works with a ADS auth. All looks like to work. I can get the list of Domain users and groups (wbinfo -u, wbinfo -g), and getent passwd works too. Now I want to share a directory(or volume) and that the DOMAIN/Administrator be the owner of this share to get the control of it. I don't know how samba deals with resource owners and permissions in a AD context? Do I need to change the owner by hand to DOMAIN/Administrator in the samba system to this share? Is it possible to say to samba that this share is owned by DOMAIN/Administrator?. Thanks. I would just leave the filesystem to sort that out: mkdir mydirectory chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =) add the share to samba normally Now when users browse to it (if they have permission) they will be able to see the owner is administrator) This is a nice way to administer the base of a share system: -fileroot (shared as fileroot$, browseable no, read list @ntadmin, write list @ntadmin) -- share1 (shared normally) -- share2 -- share3 -- share4 Like this, i can open up fileroot$ and set permissions on shares easily, also I have a back door to shares that may otherwise lock me out. Hope that helps, H signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory + Samba 3.0.10 - how to deal with ownersand permissions
[EMAIL PROTECTED] wrote: I would just leave the filesystem to sort that out: mkdir mydirectory chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =) add the share to samba normally Now when users browse to it (if they have permission) they will be able to see the owner is administrator) This is a nice way to administer the base of a share system: -fileroot (shared as fileroot$, browseable no, read list @ntadmin, write list @ntadmin) -- share1 (shared normally) -- share2 -- share3 -- share4 Like this, i can open up fileroot$ and set permissions on shares easily, also I have a back door to shares that may otherwise lock me out. Then, do I need to manually (or through an script) change the permissions and ownership of the files? is not there an automatic mechanism? I dont understand what you want? If you have a directory there already, you can change ownership with chmod, if you want all the files in the directory, you can chmod -R /dir/name/* Files created by users will be owned by them, unless you use force user. If you connect to the files through windows, you can set ownership and permissions through the normal windows method. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory integration - where to go next??
Am Donnerstag 20 Januar 2005 16:59 schrieb Gibbs, Simon: If so do I need to create a single repository to store the user mappings that both Samba members use? Again how does this work?? Don't worry. I have not done this, but thereis a paranmeter called idmap backend. Specifying ldap and having the üproper object classes will probably handle your challenge. Check the docs on that. hth dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory, Listing Users in Groups.
On Fri, 19 Nov 2004 16:30:27 -0600, Michael Wray [EMAIL PROTECTED] wrote: I have samba 3.0.8, as a member of 2000AD and 2003AD. I would like to get groups and the members in each group. You can use 'getent group' command. I have a perl script that use, gives the group and name. It is nothing fancy and works for me. ---perl script-- #!/usr/bin/perl # 03.15.04 sharif islam # Provide a group name this looks for the groupname # in the domain then loops through the list of user ids and gets the full name my $usage_string = Find who is in a group USE: ./group.pl GROUPNAME OUTPUT: group name at the top user1 user2 ; # Check for number of args. if ($#ARGV 0) { print $usage_string\n ; exit 0 ; } # get the group name $group = $ARGV[0]; #example: staff:x:621:username1,username2 $cmd = getent group|grep -w $group; $rv = `$cmd` ; if($rv) { @out = split /:/, $rv ; } else { print There's no such group as $group\n; exit 0; } print Group Name: $out[0]\n; print --\n; @names = split /,/, $out[3] ; foreach $netid (@names) { $cmd = getent passwd|grep -w $netid; $rv1 = `$cmd`; if($rv1) { @name = split /:/, $rv1 ; } print $name[4]\n; } -script ends--- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory?
Gustav írta: Can someone tell me if you can set Samba up as the PDC (Primary Domain Controller) for an Active Directory? I would like to replace Windows 2000 AD with Samba on Linux but I cannot find info on how to do this, so I am not sure if it is possible? Any further info or help on this is much appreciated. Regards Gustav Samba 3.x is an NT4 style PDC, Samba 4.x will be an Active Directory domain controler. Samba4 is however in a very experimental stage. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory Migration Tools - breaks samba 2.x.x?
Matthew Western, IT Support, Lonsdale wrote: Hi, We are migrating from an NT domain to a 2003 AD and using the migration tools to nicely move the users across. However, we have just realized that a user created manually can see a samba 2.0.6 server no worries, but a user that has been migrated using the Migration Tools gets an access denied. Is this a typo? *2*.0.6? I doubt that an old version of that vintage has any chance with Windows 2003-AD. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active Directory Migration Tools - breaks samba 2.x.x?
OK. Further info. If I don't migrate the SID on a new user it allows access to the box. Now I've gotta figure out how to generate new SIDs for the users already moved across... And test to see if access still works when the SID isn't migrated across -Original Message- From: Matthew Western, IT Support, Lonsdale Sent: Thursday, 19 August 2004 11:05 AM To: [EMAIL PROTECTED] Subject: [Samba] Active Directory Migration Tools - breaks samba 2.x.x? Hi, We are migrating from an NT domain to a 2003 AD and using the migration tools to nicely move the users across.However, we have just realized that a user created manually can see a samba 2.0.6 server no worries, but a user that has been migrated using the Migration Tools gets an access denied. Anybody come across this one before? It's probably some bodj work around from microsoft that they've plonked in to make it work and samba playing by all the normal rules goes 'huh, that's now allowed'. I thought it might be the SID migration option that we have turned on so all the permissions come across nicely but the test user I migrated, with no SID mig, still did the same thing? Anybody had this and figured a fix? I know how to work around it, but each user migration suddenly becomes a headache if I can't use the migration tools. Thanks Matthew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active Directory Migration Tools - breaks samba 2.x.x?
Sadly it's not a typo. I think we've worked around it for the time being. We have to upgrade to 3.x.x anyway to validate off the AD domain. It was the SID migration that was causing it grief. This box is an alpha running HP Unix and samba 2.0.6. can you believe this systems is an in house system that uses both sockets and lots of mapped drives to chuck it's data everywhere. It's a complete nightmare... -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 August 2004 11:31 AM To: Matthew Western, IT Support, Lonsdale Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Active Directory Migration Tools - breaks samba 2.x.x? Matthew Western, IT Support, Lonsdale wrote: Hi, We are migrating from an NT domain to a 2003 AD and using the migration tools to nicely move the users across. However, we have just realized that a user created manually can see a samba 2.0.6 server no worries, but a user that has been migrated using the Migration Tools gets an access denied. Is this a typo? *2*.0.6? I doubt that an old version of that vintage has any chance with Windows 2003-AD. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Samba 3.0.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hello Everyone, | I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. | | I've compiled and configured all the required code.. and all works so far. I | can do a kinit [EMAIL PROTECTED] and get a ticket from the AD server... | Samba's smbd and nmbd run, winbind complains about credentials. | | Here's my issue. I don't have any control over the AD server. We have a 3rd | party IT support group. And I'm not sure they are adding the samba server in | the AD tree correctly My problem is, our 3rd party IT guys said he added | my machine to the ad domain, but, I can't join, nor is the machine | searchable through MS networking, so, I don't think he added it right. | | My question is: Is there any way to join an AD domain without | having to know the administrators password? If so, how? I've got a bug report in the net command when joining a domain and using a non-default ou for storing the computer accounts? Does this description fit ? If so I can send you a workaround. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBFaFuIR7qMdg1EfYRAlE0AKCZ5MBQBl9rpzJLadVUudWLIp3nsACghlSc Gi35rAcf222HuB38Wdzsu9M= =U/cP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Samba 3.0.4
On Tue, 2004-08-03 at 18:19, [EMAIL PROTECTED] wrote: Hello Everyone, I'm trying to get Samba 3.0.4 under Solaris 8 to join a Windows AD domain. I've compiled and configured all the required code.. and all works so far. I can do a kinit [EMAIL PROTECTED] and get a ticket from the AD server... Samba's smbd and nmbd run, winbind complains about credentials. Here's my issue. I don't have any control over the AD server. We have a 3rd party IT support group. And I'm not sure they are adding the samba server in the AD tree correctly My problem is, our 3rd party IT guys said he added my machine to the ad domain, but, I can't join, nor is the machine searchable through MS networking, so, I don't think he added it right. My question is: Is there any way to join an AD domain without having to know the administrators password? If so, how? You have to either do a net ads join Computers -Sserver once you get Kerberos setup properly, or you have to use key.tabs This is how it has to be done on the Microsoft side. http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Then you just have to follow up and configure samba to use the key.tab -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Active Directory
Newbie...Does Samba clients support Win 2003 Active Directory domains? What would be the minimum release of Samba? Is there a documentation site to say how to setup samba for active directory? Yes, you need the most recent version with the following bugfix: https://bugzilla.samba.org/show_bug.cgi?id=1315 You also need Kerberos installed and configured on your machine (not covered by this mailing list). Once that is done you can modify your smb.conf file with the following lines: workgroup = MYDOMAIN security = ADS realm = MYKERBEROSREALM password server = MYDOMAINCONTROLLER BACKUPDOMAINCONTROLLER -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + Active Directory
[2004/01/05 18:42:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Is there any special configuration I have to do on Active Directory to become AD authentication available to Samba ? Almost certainly, you are running version 3.0.1, which as best I've been able to determine breaks kerberos ticket handling in the case of a Win2k/XP box trying to access SAMBA. Can people seeing this please test 3.0.2pre1 and let me know if it is fixed now? Thanks. I sent a messages yesterday, explaining that my setup now was working fine ... I have a few other things that I think need to be looked at, but they are minor issues Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory
You have to change some security settings in Windows 2003, by default it requires packet signatures, etc. Other people here are more qualified than me. However, here are the changes that I made: In AD: [Default Domain Controller Policy, and possible the local policy on the domain controllers] Disable: Digitally Sign Communication (always) Disable: Digitally Encrypt Secure Channel Data (always) Disable: Require Windows 2000 (or greater) strong key On Thu, 2003-09-25 at 12:23, Russ Haskett wrote: I have dug through some man pages, searched the archives for some time and googled for info on this but nothing yet. I'm sure this has been covered already so all I am really asking for is if someone could point me in the right direction to where I can educate myself on connecting my RedHat 9 workstation to our new Windows 2003 Active Directory file server. I can hit my Samba server and my NT servers without a problem using the following in my /etc/fstab: //winserver/share/home/shares/sharename smbfs credentials=/home/.smbpasswd,workgroup=DOMAIN,uid=500,gid=100 0 0 This even worked fine when I first fired up the 2003 server but it dies on me with the following after I setup Active Directory: [EMAIL PROTECTED] source]# mount /home/shares/sharename 15736: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed [EMAIL PROTECTED] source]# Any pointers to some good educating materials would greatly be appreciated. Thanks, -russ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory
On Tue, 2003-10-21 at 14:00, Jeremy Allison wrote: On Tue, Oct 21, 2003 at 01:51:39PM -0700, Joshua Schmidlkofer wrote: You have to change some security settings in Windows 2003, by default it requires packet signatures, etc. Other people here are more qualified than me. However, here are the changes that I made: In AD: [Default Domain Controller Policy, and possible the local policy on the domain controllers] Disable: Digitally Sign Communication (always) Disable: Digitally Encrypt Secure Channel Data (always) Disable: Require Windows 2000 (or greater) strong key No, you don't have to do this for Samba3 - we support signing out of the box (modulo a couple of minor bugs which Stefan and I have just fixed in CVS :-). Jeremy. *grin* Sorry... Since he didn't specify what version he was using, I thought that he was using 2.2. *oops*. So in the mean time should I disable Signing? I use RedHat, and I am in the middle of the hideous and horrible replacing Kerb. Oh god, the horror, the horror in Rh9. js -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] active directory pains
On Wed, 2003-10-08 at 02:51, David Bear wrote: After googling a bit, it seems that only way samba playes with active directory is with samba 3.x I'f been use samba 2.x with 'pass through' authentication and would like to get rid of the pass through auth cause it seems to cause problems. Yet, I don't know if I can trust samba 3 -- Samba 3.0 adds kerberos support, and a better way to work with active directory servers. For NTLM logins, we still 'pass through' the request, in the same way a Win2k server does. Has anyone been able to get a samba 2.x server to join a an Active Directory domain? This has been standard use of Samba for years now. We just look like an NT4 server. My assumptions are the joining Active Directory is 'different' than joining an nt style 'domain'. It isn't really. For NT4 servers, they think it's an NT4 domain, and continue on with their day. Samba 2.2 looks like NT4 in this respect. The samba.org sites seems to be devoid if documents detailing what I really want... which is 1) having samba auth users against active directory This is all very clearly documented in the Samba 3.0 HOWTO. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Which Samba version is needed?
hi alexander, On Fri, Feb 07, 2003 at 10:06:43AM +0100, Alexander Skwar wrote: Hi! I'd like to setup a Samba server which should do user authentication against an Active Directory. Our AD admins told me, that we do not have Window NT 4.0 Domains available. What I'm trying to accomplish, is that the users can login with the same username/password they use with the AD. Also, if the password is changed in the AD, this change should be reflected on the Samba server. It doesn't have to be the other way arround - ie. the Samba server doesn't have to be able to do password changes. you should set up samba with winbindd to achieve this. http://de.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND The reason is, that I need a way for the Windows users to access files on NFS shares. maybe you should give us more details on this. how do you plan to restrict access to these shares? bye, guenther -- Guenther Deschner [EMAIL PROTECTED] SuSE Linux AGGnuPG: 8EE11688 Berliner Str. 27 phone: +49 (0) 30 / 430944778 D-13507 Berlin fax: +49 (0) 30 / 43732804 msg13861/pgp0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Which Samba version is needed?
You will need samba-3.0 then. It is in alpha, so it is not recommended for production use right now. But I am using it production w/o any issues. It requires samba to be compiled against kerberos and the openldap libraries. It also requires the use of winbindd. Regards, Errol -- Original Message -- From: Alexander Skwar [EMAIL PROTECTED] Date: Fri, 07 Feb 2003 10:06:43 +0100 Hi! I'd like to setup a Samba server which should do user authentication against an Active Directory. Our AD admins told me, that we do not have Window NT 4.0 Domains available. What I'm trying to accomplish, is that the users can login with the same username/password they use with the AD. Also, if the password is changed in the AD, this change should be reflected on the Samba server. It doesn't have to be the other way arround - ie. the Samba server doesn't have to be able to do password changes. The reason is, that I need a way for the Windows users to access files on NFS shares. All this is supposed to work on a HP-UX 11.00 server, but I also do have a RedHat 8.0 server available. So I'm either looking for a HP-UX solution (preferrable with the HP CIFS server) or a Linux solution. Actually, plain OS independant hints are also VERY much appreciated! Thanks a lot, Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (en) Homepage: http://www.iso-top.biz | Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Which Samba version is needed?
So sprach Errol Neal am 2003-02-07 um 06:57:45 -0800 : You will need samba-3.0 then. It is in alpha, so it is not recommended Do I need Samba 3.0, because we do not have Windows NT 4.0 Domains? for production use right now. But I am using it production w/o any issues. It requires samba to be compiled against kerberos and the openldap libraries. It also requires the use of winbindd. Which configure options do I need at minimum? Would the following be sufficient? --with-ads \ --with-krb5=/usr \ --with-ldap \ --with-winbind Also, I'm unclear about the following options: --with-afs Include AFS clear-text auth support --with-dce-dfs Include DCE/DFS clear-text auth support Thanks again, Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.iso-top.biz |Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen Uptime: 11 days 10 hours 40 minutes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory - Which Samba version is needed?
So sprach Guenther Deschner am 2003-02-07 um 11:51:42 +0100 : you should set up samba with winbindd to achieve this. http://de.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND Hmm, what's the command I need to type to join the Active Directory? Would it be: smbpasswd -j europe.delphiauto.net -U Administrator europe.delphiauto.net is the tree of the AD that this server needs to be a member of - I suppose. Or rather, all the users that will login to the server are in this AD tree. So I suppose the server should also be in this AD tree. maybe you should give us more details on this. how do you plan to restrict access to these shares? Good question! Well, we're migrating away from a Unix based network to a Windows network (no, I don't particulary like it, but I can't do anything about it...). In Unix, we restricted access based on the machines. Since all the machines had static IPs, that wasn't a problem. We haven't yet decided how to restrict access in the Windows setup. We're thinking about implementing user based restrictions. But that has yet to be decided... Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (english) Homepage: http://www.iso-top.biz |Jabber: [EMAIL PROTECTED] iso-top.biz - Die günstige Art an Linux Distributionen zu kommen Uptime: 11 days 11 hours 14 minutes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory PDC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Nov 2002, Bjarke Istrup Pedersen wrote: Will Samba 3.0 be able to act as an Win2k PDC (Active Directory) No. Please see the roadmap on http://samba.org/ cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE92QhFIR7qMdg1EfYRAu0IAKDBzYp9lQNr/1OEPHEdV2VLIPQ7VgCffNWF EsrEq8WAwfyQGl7Ghqufh0U= =BG4l -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory user authentication with a Samba Fileserver???
Message: 12 Date: Mon, 7 Oct 2002 12:38:00 -0600 From: Miremont, James [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Active Directory user authentication with a Samba File server??? This is a multi-part message in MIME format. --_=_NextPart_001_01C26E30.A98CBDF8 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable I currently have a file/print server running on a W2K machine that = crashes almost daily and would like to start using Samba as a file = server, instead. Our 5 domain controllers are all setup using native mode so as to not = share active directory with any NT servers. ** If I setup samba on a redhat 8.0 box, can it read and write to our = current active directory for user authentication? FYI, Mandrake 9.0 can do this for you, if you choose 'Windows Domain' as the authentication method (might require an 'expert' install) during installation (unfortunately, not available after install). After installation, you may want to replace the basic /etc/samba/smb.conf configured during the install with a better generic winbind config (/etc/samba/smb-winbind.conf) and just set the 'workgroup' paramter back. You will then have an out-the-box file server. If you want downloadable printer drivers on the machine, you should just have to change the ownership of the driver directory: # chgrp -R 'Domain Admins' /var/lib/samba/printers/* # chmod -R g+w /var/lib/samba/printers/* I want to have a samba server that is apart of our domain and shares its = authentication with the other DCs, I do not want a user database on the = redhat box that is specific to it. So if a user changes their password = on a domain machine somewhere it will replicate to all other DCs, = including the Samba server. I do not want to maintain a seperate = user/password database on the Samba server. No problem. Mandrake 9.0 is probably the easiest way to get this running (IMHO, of course). Buchan -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba