[Samba] Re: Samba PDC Ldap integration
Thanks guys I fixed the problem, it was not actually a software problem. The switch the server was on was stuffed, It kept dropping out. Thanks for all your help On Jan 3, 2008 3:01 PM, Andy <[EMAIL PROTECTED]> wrote: > Hello all > > I have set up a Debian etch server with a samba and ldap integration. > >domain master = yes >domain logons = yes >os level = 33 >preferred master = yes >local master = yes >passdb backend = ldapsam:ldap://localhost/ > >ldap admin dn = cn=admin,dc=test,dc=net > >ldap suffix =dc=test,dc=net >ldap user suffix = ou=users >ldap machine suffix = ou=machines >ldap group suffix = ou=groups > >ldap password sync = yes > > I have added the machine into LDAP as a samba 3 machine. > I have added a user to the domain admins group. > > When I try to connect a PC to the domain a error message pops up saying > "the following error occurred attempting to join the domain "test": The > specific network name is no longer available" > > Would some know the cause of this? > > -- > REGARDS, > Andy Z > > -- REGARDS, Andy Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba pdc & ldap without roaming profiles
Theres a difference between whats in the smb.conf and whats stored with the user entries in the ldap backend. Thanks anyway. bob_bipbip schrieb: to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba pdc & ldap without roaming profiles
to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please?=> For your profiles.]
Ok, ill see if i can setup a wiki which i will maintain, i'v got the servers etc, but i'm not so in to buildin a web site, i'll notify the samba list when ready. I use only debian for my servers and setup, i have lots of experience with login scrips etc. atm on windows and novell platforms, i have running debian with samba, ldap, cups, acl,etc3, pnp print setup (raw printing), fax is in progress, kix login script, use of usrmgr, and ldapadmin. Im trying to integrate postfix and exchange 4linux into it, and also i'mlokking at the hula project. When ready i'll put a howto for this on my wiki. Greetz louis -Original Message- >From: "Gerald (Jerry) Carter"<[EMAIL PROTECTED]> >Sent: 07-10-05 18:15:01 >To: "Craig White"<[EMAIL PROTECTED]> >Cc: "samba@lists.samba.org" >Subject: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please?=> For your profiles.] >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Craig White wrote: > >> I wonder if having some sort of wiki on samba web site wouldn't be >> useful for things like logon scripts and registry settings to be >> shared/discussed so they had their own longevity and current >> appropriateness as email archives don't often reflect the changing >> nature of things and sometimes the samba documentation has different >> objectives. > >We've talked about it before but there is a fear that a >wiki would turn into a propogation mechanism for Samba >urban legends. Someone (or a team of people) would need >act as editors. Truthfully, if it were done right, it >would be probably be a good thing. But if it weren't >it would be a really bad thing. > >It's definitley too much for the developers to take on. > > > >cheers, jerry >= >Alleviating the pain of Windows(tm) --- http://www.samba.org >GnuPG Key- http://www.plainjoe.org/gpg_public.asc >"There's an anonymous coward in all of us." --anonymous >-BEGIN PGP SIGNATURE- >Version: GnuPG v1.4.0 (GNU/Linux) >Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > >iD8DBQFDRp8FIR7qMdg1EfYRApmYAJ9CrvBqWk/ZMHgAmfLGAoBm6jlrIACfcMxD >VUqUozi8hudDVzpivApFjyM= >=EQBj >-END PGP SIGNATURE- >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: wiki.samba.org ? [was Re: Re: SAMBA/PDC + LDAP HELP please? => For your profiles.]
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRsHpIR7qMdg1EfYRAqDnAKC2y+4gW5ZawOjSQ4V/h9RFEAlWkgCg1h4I 5KHpupjaqWNbMKZa95guBJ0= =tieJ -END PGP SIGNATURE- I'm new, but I'd help where I could. Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.]
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. baah, some time ago I asked the same question :) when I couldn't join XP machines to the domain (where Windows 2000 was working fine) - I spent a couple of hours trying to figure out what's wrong (some old wins.dat / browse.dat on that test server was the cause). But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? that's the whole beauty of wiki (at least mediawiki I used, and which is used by wikipedia.org): - you can easily see "recent changes" (new pages/articles, changes on pages, who made them etc.) - you can easily compare changes (i.e. compare the state of an article/page we have now with the state we had previously) - so it's just a matter of seconds to spot if someone posted crap or something valuable I think the most important thing (and the hardest, too) would be to design good categories to post articles in (some articles would be of course in multiple categories), like: - different Samba versions (2, 3, 4...) - backends - printing - configuration - installation etc. Basically, lots of categories could come from Samba HOWTO, but wouldn't be just the articles copied/pasted from the HOWTO, but something posted by the users, and eventually commented, corrected etc. I could imagine myself commenting the sign'n'seal hack :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.]
Gerald (Jerry) Carter schrieb: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Craig White wrote: > > >> I wonder if having some sort of wiki on samba web site wouldn't be >> useful for things like logon scripts and registry settings to be >> shared/discussed so they had their own longevity and current >> appropriateness as email archives don't often reflect the changing >> nature of things and sometimes the samba documentation has different >> objectives. > > > > We've talked about it before but there is a fear that a > wiki would turn into a propogation mechanism for Samba > urban legends. Someone (or a team of people) would need > act as editors. Truthfully, if it were done right, it > would be probably be a good thing. But if it weren't > it would be a really bad thing. > > It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: > Gerald (Jerry) Carter schrieb: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Craig White wrote: >> >> >>> I wonder if having some sort of wiki on samba web site wouldn't be >>> useful for things like logon scripts and registry settings to be >>> shared/discussed so they had their own longevity and current >>> appropriateness as email archives don't often reflect the changing >>> nature of things and sometimes the samba documentation has different >>> objectives. >> >> >> We've talked about it before but there is a fear that a >> wiki would turn into a propogation mechanism for Samba >> urban legends. Someone (or a team of people) would need >> act as editors. Truthfully, if it were done right, it >> would be probably be a good thing. But if it weren't >> it would be a really bad thing. >> >> It's definitley too much for the developers to take on. > > IMHO Samba wiki could be a great source of info for both new and > advanced users. > > Why should Samba wiki turn into something bad, if lots of other open > source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRsHpIR7qMdg1EfYRAqDnAKC2y+4gW5ZawOjSQ4V/h9RFEAlWkgCg1h4I 5KHpupjaqWNbMKZa95guBJ0= =tieJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
On Friday 07 October 2005 07:51, Louis van Belle wrote: > realy, > > thank you for notifing me.. > > but why is this then in the manual > http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html > Windows XP Service Pack 1 > There is a security check new to Windows XP (or maybe only Windows XP > service pack 1). > It can be disabled via a group policy in the Active Directory. The policy > is called: > Computer Configuration\Administrative Templates\System\User Profiles\ > Do not check for user ownership of Roaming Profile Folders > ( is same as CompatibleRUPSecurity"=dword:0001 ) > And yes this is also in SP2. This was user contributed documentation. The HOWTO document is a broad collection of tips, explanations, hints, and detailed explanations of the inner workings of Samba. I have re-read the chapter and believe the information is still useful, though it could do with some updating. Please take note though, the HOWTO is NOT a deployment guide. Is anyone volunteering to review and revise this chapter? I do not have time right now. Detailed example configurations for Samba, support software and Windows clients is provided in the book "Samba-3 by Example" ISBN 013188221X, available from Amazon.Com and in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf "Samba3 by Example" is a prescriptive guidance document that provides detailed, step-by-step, deployment information for complete networking solutions. The book, "The Official Samba-3 HOWTO and Reference Guide" is NOT a deployment guide, but it provides detailed documentation of the various capabilities and components of Samba - without showing detailed deployment steps. Cheers, John T. > > I used this to avoid problems, and it works for me. > As i see in the sambalist lots of people have the same problems and > questions > so therefor i give them my working config, And this is what i did. > that of the requiresignorseal / signsecurechannel i didnt know, > so im going to test this in my 2e office location. thank you voor notifing > me for that. > > the "ExcludeProfileDirs" is used in my default user profile. > and this are the default directories : > Geschiedenis, Local Settings, Temp en Temporary Internet Files > > default there is also "Local Settings".. and i want these to move also > in to the profile dir on the server, there are files in i need > when users move to an other pc. > for example. > %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( > extend.dat ) > Stores a reference to which extensions (addins) you have loaded. > > %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials > Contains setting of my users, so i excluded this out of the > excludeprofiledir > > just some comment.. > > Louis > > >-Oorspronkelijk bericht----- > >Van: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] > >Namens Craig White > >Verzonden: vrijdag 7 oktober 2005 14:39 > >Aan: samba@lists.samba.org > >Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => > >For your profiles. > > > >On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: > >> when this is done. > >> > >> add 2 registry keys. > >> /cut_here > >> REGEDIT4 > >> ; do not roam the following folders > >> [HKEY_CURRENT_USER\Software\Microsoft\Windows > > > >NT\CurrentVersion\Winlogon] > > > >> "ExcludeProfileDirs"="Temporary Internet Files;History;Temp" > > > >;-- > >--- > > > >> ; force Windows XP Professional clients to accept Samba as a PDC > > > >[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ > >Parameters] > > > >> "requiresignorseal"=dword: > >> "signsecurechannel"=dword: > > > >;-- > >--- > > > >> ; Do not check for user ownership of Roaming Profile Folders > >> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] > >> "CompatibleRUPSecurity"=dword:0001 > >> /cut_here > > > >- > >I hate to see people encouraged to apply unnecessary fixes that were > >suggested to work around issues that were created as temporary > >solutions > >to the moving target of Windows. > > > >requiresignorseal / signsecurechannel issues have long since been fixed > >in Samba - no need for those registry changes - this was a Samba 2.x > >issue. > > &
wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: > I wonder if having some sort of wiki on samba web site wouldn't be > useful for things like logon scripts and registry settings to be > shared/discussed so they had their own longevity and current > appropriateness as email archives don't often reflect the changing > nature of things and sometimes the samba documentation has different > objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRp8FIR7qMdg1EfYRApmYAJ9CrvBqWk/ZMHgAmfLGAoBm6jlrIACfcMxD VUqUozi8hudDVzpivApFjyM= =EQBj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
On Fri, 2005-10-07 at 15:51 +0200, Louis van Belle wrote: > realy, > > thank you for notifing me.. > > but why is this then in the manual > http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html > Windows XP Service Pack 1 > There is a security check new to Windows XP (or maybe only Windows XP > service pack 1). > It can be disabled via a group policy in the Active Directory. The policy is > called: > Computer Configuration\Administrative Templates\System\User Profiles\ > Do not check for user ownership of Roaming Profile Folders > ( is same as CompatibleRUPSecurity"=dword:0001 ) > And yes this is also in SP2. > > I used this to avoid problems, and it works for me. > As i see in the sambalist lots of people have the same problems and > questions > so therefor i give them my working config, And this is what i did. > that of the requiresignorseal / signsecurechannel i didnt know, > so im going to test this in my 2e office location. thank you voor notifing > me for that. > > the "ExcludeProfileDirs" is used in my default user profile. > and this are the default directories : > Geschiedenis, Local Settings, Temp en Temporary Internet Files > > default there is also "Local Settings".. and i want these to move also > in to the profile dir on the server, there are files in i need > when users move to an other pc. > for example. > %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( > extend.dat ) > Stores a reference to which extensions (addins) you have loaded. > > %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials > Contains setting of my users, so i excluded this out of the > excludeprofiledir > > just some comment.. - good points - perhaps John Terpstra might want to comment on the 'CompatibleRUPSecurity' registry setting and continuity of this setting. I haven't bothered with it and haven't had any issues. I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
realy, thank you for notifing me.. but why is this then in the manual http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html Windows XP Service Pack 1 There is a security check new to Windows XP (or maybe only Windows XP service pack 1). It can be disabled via a group policy in the Active Directory. The policy is called: Computer Configuration\Administrative Templates\System\User Profiles\ Do not check for user ownership of Roaming Profile Folders ( is same as CompatibleRUPSecurity"=dword:0001 ) And yes this is also in SP2. I used this to avoid problems, and it works for me. As i see in the sambalist lots of people have the same problems and questions so therefor i give them my working config, And this is what i did. that of the requiresignorseal / signsecurechannel i didnt know, so im going to test this in my 2e office location. thank you voor notifing me for that. the "ExcludeProfileDirs" is used in my default user profile. and this are the default directories : Geschiedenis, Local Settings, Temp en Temporary Internet Files default there is also "Local Settings".. and i want these to move also in to the profile dir on the server, there are files in i need when users move to an other pc. for example. %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( extend.dat ) Stores a reference to which extensions (addins) you have loaded. %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials Contains setting of my users, so i excluded this out of the excludeprofiledir just some comment.. Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens Craig White >Verzonden: vrijdag 7 oktober 2005 14:39 >Aan: samba@lists.samba.org >Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => >For your profiles. > >On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: > >> when this is done. >> >> add 2 registry keys. >> /cut_here >> REGEDIT4 >> ; do not roam the following folders >> [HKEY_CURRENT_USER\Software\Microsoft\Windows >NT\CurrentVersion\Winlogon] >> "ExcludeProfileDirs"="Temporary Internet Files;History;Temp" >> >> >;-- >--- >> ; force Windows XP Professional clients to accept Samba as a PDC >> >[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ >Parameters] >> "requiresignorseal"=dword: >> "signsecurechannel"=dword: >> >> >;-- >--- >> ; Do not check for user ownership of Roaming Profile Folders >> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] >> "CompatibleRUPSecurity"=dword:0001 >> /cut_here >> >- >I hate to see people encouraged to apply unnecessary fixes that were >suggested to work around issues that were created as temporary >solutions >to the moving target of Windows. > >requiresignorseal / signsecurechannel issues have long since been fixed >in Samba - no need for those registry changes - this was a Samba 2.x >issue. > >I am pretty certain that the 'CompatibleRUPSecurity' registry patch >isn't needed any longer as well, I think that was an issue created from >original release of WinXP SP1 > >The 'ExcludeProfileDirs' - those folders should have been excluded >automatically. > >Craig > > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: > when this is done. > > add 2 registry keys. > /cut_here > REGEDIT4 > ; do not roam the following folders > [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] > "ExcludeProfileDirs"="Temporary Internet Files;History;Temp" > > ;- > ; force Windows XP Professional clients to accept Samba as a PDC > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] > "requiresignorseal"=dword: > "signsecurechannel"=dword: > > ;- > ; Do not check for user ownership of Roaming Profile Folders > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] > "CompatibleRUPSecurity"=dword:0001 > /cut_here > - I hate to see people encouraged to apply unnecessary fixes that were suggested to work around issues that were created as temporary solutions to the moving target of Windows. requiresignorseal / signsecurechannel issues have long since been fixed in Samba - no need for those registry changes - this was a Samba 2.x issue. I am pretty certain that the 'CompatibleRUPSecurity' registry patch isn't needed any longer as well, I think that was an issue created from original release of WinXP SP1 The 'ExcludeProfileDirs' - those folders should have been excluded automatically. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.
Hi, For the profile problems. This is my working config. in the smb.conf (global setting ) ## MISC PROFILE logon script = logon.cmd logon home = \\%L\%U logon path = \\%L\profiles\%U logon drive = P: and [profiles] path = /home/samba/profiles comment = Profiel omgeving read only = no create mask = 0600 directory mask = 0700 ## browseable = yes can be no also, but i need it to be browsable. ## if you want it browsable but not shown, add a $ behind [profiles$] ## and same in the logon path above. browseable = Yes guest ok = Yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" when this is done. add 2 registry keys. /cut_here REGEDIT4 ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"="Temporary Internet Files;History;Temp" ;- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword: "signsecurechannel"=dword: ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity"=dword:0001 /cut_here this wil work, and many thanks for who help me out some time ago ;-) Louis >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens Ryan Taylor >Verzonden: donderdag 6 oktober 2005 17:56 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Re: SAMBA/PDC + LDAP HELP please? > >Ok, I figured it out!! Thank you for the help and for others >the change was >in /etc/ldap.conf and I had: >rootbinddn = cn=root,ou=???,dc=beefylinux,dc=com >i removed the ou=group after root and changed "rootbinddn" to >just "binddn" >and that did it.. > >Everything works great except for the profiles which the >windows machine >doesn't seem to know about >%L variable. I imagine this is because I am on Samba 3.0.10 >not 3.0.20a so >maybe its a new variable... > >Anyway, just wanted to say Thank you to everyone for the help. >The microsoft >rep. assigned to out company >is not going to be happy next week when time to renew!! ha, i love it. > >--Ryan Taylor >[EMAIL PROTECTED] >Micro Consultants >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA/PDC + LDAP HELP please?
Ok, I figured it out!! Thank you for the help and for others the change was in /etc/ldap.conf and I had: rootbinddn = cn=root,ou=???,dc=beefylinux,dc=com i removed the ou=group after root and changed "rootbinddn" to just "binddn" and that did it.. Everything works great except for the profiles which the windows machine doesn't seem to know about %L variable. I imagine this is because I am on Samba 3.0.10 not 3.0.20a so maybe its a new variable... Anyway, just wanted to say Thank you to everyone for the help. The microsoft rep. assigned to out company is not going to be happy next week when time to renew!! ha, i love it. --Ryan Taylor [EMAIL PROTECTED] Micro Consultants -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP, cannot access LDAP when not root (SOLVED)
On Tue, 2005-09-27 at 16:34 -0400, David Clymer wrote: > I'm using Debian Sarge, Samba (3.1.14a) with the ldapsam backend, and > OpenLDAP (2.2.23). > > When attempting to join an Windows XP+SP2 computer (BILLGATES) to my > domain (WORKGROUP), using the Administrator account, I am told by > windows: 'Access denied.' > > The logs (attached) seem to indicate that the user Administrator is > being authenticated (which would have? to use LDAP), but when It goes to > add the computer to the domain, it fails. Apparently because samba is > unable to access LDAP: > > smbldap_open: cannot access LDAP when not root.. > > nobody and Administrator are the only users on the domain. > > An interesting phenomenon that I've observed (perhaps it is related?): > > testbox:/etc/samba# pdbedit -L > Administrator:998:Administrator > nobody:65534:nobody > testbox:/etc/samba# net -U Administrator rpc group members 'Domain Computers' > Password: > WORKGROUP\BILLGATES$ > testbox:/etc/samba# net -U Administrator rpc group members 'Domain Admins' > Password: > WORKGROUP\Administrator > testbox:/etc/samba# net -U Administrator rpc group members 'Administrators' > Password: > [2005/09/27 16:05:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) > cli_pipe: return critical error. Error was Call timed out: server did not > respond after 1 milliseconds > Couldn't list alias members > > I don't understand why Administrators group listing fails, while the > others don't. > > Google searches yielded a bunch of similar problems for early versions > of samba 3.0, related to modification of user groups. However that bug > was supposedly fixed, and I've seen no reports of it occuring in later > versions. There are no open bugs, that I could find, related to this on > bugzilla.samba.org. > > Is there any type of (mis)configuration that could result in the same > sort of symptom? > > attached is my smb.conf, smbldap.conf, and my samba log output (debug > level=4) > > I would be very grateful for any ideas, FMs to R, magic wands, etc. that > anyone might have to offer. > The FM to (re)R was the smb.conf man page ;o) The solution: add this to smb.conf: enable privileges = yes This allows you to grant special privileges to users (see man smb.conf for more detail) reload the samba config: $ smbcontrol smbd reload-config and grant the necessary rights to Administrator: $ net -U Administrator rpc rights list SeMachineAccountPrivilege Add machines to domain SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeRemoteShutdownPrivilege Force shutdown from a remote system SeDiskOperatorPrivilege Manage disk shares $ net -U Administrator rpc rights list Administrator $ net -U Administrator rpc rights grant Administrator SeMachineAccountPrivilege Successfully granted rights. Now one can add machines to the domain. Better yet, the administrator account does _not_ have to have a uid of 0! -davidc -- Under-Achievers Anonymous has an 11-step program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + PDC + LDAP (Sun One DS 5.2, Messaging and Identity)
Hafiz Abdul Rehman [EMAIL PROTECTED] wrote: > > I am planing to install Samba as PDC for Windows XP Machines and LDAP > (Sun ONE DS 5.2 + Messaging + Identity ) as backend sam > if some one have already setup this kind of environment and can write > down the steps in which order i have to install and configure products > what would be great I'd suggest thinking about the design a bit more - the basic question is: what is the purpose of Sun Messaging and Identity Servers ? The latter might be highly useful (at least judging from specs) when integrating with legacy MS Active Directory but I can't think of any use of the former ;-) The Directory Server is a very solid and feature rich Ldap implementation though. What you will need to "tweak": - uploading the samba schema - configuring the TLS for secure communication with samba If you're going to deploy samba on Solaris I'd suggest compiling with openldap libraries. But do not switch the whole solaris ldap client side to it. The native tools are very mature and can be configured easily with DS in a secure way (because of "proxyagent"). Let us know if you have any specific problem. Cheers, -- Michal Kurowski <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP group mappings
On Thursday 30 December 2004 10:34, David Sonenberg wrote: > Alright now that samba can talk to LDAP I have a blank slate. I know I > need to setup group mappings, but I'm a little confused about this. > Since it's an ldap backend do the groups need to have unix counterparts? > Should I use the net groupmap command to add the mappings or should I > use an LDIF file? David, This subject comes up on this list ad nauseum! I am responding in full in the hope that we can get this sorted out so that others who do their homework before asking here will find the answers they need. I have tried to document this in the Samba-HOWTO-Collection and in the Samba-Guide ("Samba-3 by Example" books). Suggest you check out chapter 6 of the book, "Samba-4 by Example". You can download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf If you get lost give me a shout. If the documentation is not clear enough and has too much fog-factor, please promise us all that when this becomes clear to you you will help to improve the documentation. Feedback, improvement in clarifty and corrections are always welcome. For the record: = If you use LDAP with Samba it is essential that ALL your UNIX (POSIX) accounts (both for users and for groups) are in the LDAP backend. Samba requires the SambaSAM account data also in LDAP. It is NOT possible with Samba to have only the SambaSAM account information in LDAP and not the UNIX accounts in LDAP. Additionally, it is essential that all accounts will translate unambiguously between Windows credentials and UNIX credentials. This means that any UID must translate to exactly one (and one only) MS Windows SID. Every SID must translate (map) to precisely one UID or GID. Every GID must map to precisely one SID and vica versa. The "net groupmap" utility provides the connection between a Windows NT Group and the UNIX (POSIX) group. What this does is it tells Samba that when a Windows user accesses the Samba server that user will be treated by the UNIX operating system as if he is accessing UNIX directly as the mapped account. For Example: A Windows user is called 'billyboy' and is a member of Windows groups "Domain Users", "Engineers", and "Goodguys", and his primary group is "Goodguys". In your LDAP based POSIX backend the UNIX account is called 'billyboy' with UID = 1106. Group mappings are set so that: Windows NT Group== UNIX group - "Domain Users" -> users (group id = 500) "Domain Guests" -> nobody (group id = 65534) "Domain Admins" -> root (group id = 0) "Engineers" -> engineers (group id = 1211) "Goodguys" -> goodguys (group id = 1235) Then for all UNIX file system access the user 'billyboy' will have the following UNIX credentials: UID: 1106 Primary group ID: 1235 Additional group memberships IDs: 500, 1211 That is the information that should be returned if you execute in a UNIX shell: id billyboy You can manually populate your LDAP database using an LDIF file to set all this up, but if you use the Idealx scripts this is all neatly done for you. I hope that helps to explain the connections. Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP group mappings
c) -Original Message- From: Adam Tauno Williams [mailto:[EMAIL PROTECTED] Sent: Thursday, December 30, 2004 12:42 PM To: David Sonenberg Cc: samba@lists.samba.org Subject: Re: [Samba] PDC + LDAP group mappings > Alright now that samba can talk to LDAP I have a blank slate. I know > I need to setup group mappings, but I'm a little confused about this. > Since it's an ldap backend do the groups need to have unix counterparts? Yes, it is group mapping; you must have group to map to. > Should I use the net groupmap command to add the mappings or should I > use an LDIF file? You must use net groupmap unless you want to calculate the SIDs/RIDs yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP group mappings
> Alright now that samba can talk to LDAP I have a blank slate. I know I > need to setup group mappings, but I'm a little confused about this. > Since it's an ldap backend do the groups need to have unix counterparts? Yes, it is group mapping; you must have group to map to. > Should I use the net groupmap command to add the mappings or should I > use an LDIF file? You must use net groupmap unless you want to calculate the SIDs/RIDs yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
On Monday 27 December 2004 13:44, Adam Tauno Williams wrote: > > it instructs to run /sbin/splapindex -f /splapd.conf When I run this I > > get the following error: > > /etc/openldap/schema/samba.schema: line 423: AttributeType not found: > > "gidNumber" > > slapindex: bad configuration file! > > samba.schema requires the posix/nis schema from RFC2307 to be loaded > first, this is a dependency. Fix your schema includes. > > > Attached are my slapd.conf and samba.schema (modified for security.) > > There is no need to send your samba.schema, everone's is the same. Not quite! The Samba schema has changed over time. Samba 2.x, 3.0.0-3.0.5, 3.0.6-current are different schemas. Not everyone is using the latest version of Samba: In fact, over 60% of the Samba installed base is at least one generation out of date! I do not want to sound like I am nit-picking, but this is an important point. You must use the version of the schema that matches your version of Samba. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
; EQUALITY caseExactIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) > > attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' > DESC 'A string list option' > EQUALITY caseIgnoreMatch > SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) > > > attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' > SUP name ) > > attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' > DESC 'Privileges List' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) > > attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' > DESC 'Trust Password Flags' > EQUALITY caseIgnoreIA5Match > SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) > > > ### > ## objectClasses used by Samba 3.0 schema ## > ### > > ## The X.500 data model (and therefore LDAPv3) says that each entry can > ## only have one structural objectclass. OpenLDAP 2.0 does not enforce > ## this currently but will in v2.1 > > ## > ## added new objectclass (and OID) for 3.0 to help us deal with > backwards > ## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry > ## > objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top > AUXILIARY > DESC 'Samba 3.0 Auxilary SAM Account' > MUST ( uid $ sambaSID ) > MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet > $ > sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ > sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ >displayName $ sambaHomePath $ sambaHomeDrive $ > sambaLogonScript $ > sambaProfilePath $ description $ sambaUserWorkstations $ > sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial > $ > sambaBadPasswordCount $ sambaBadPasswordTime $ > sambaPasswordHistory $ sambaLogonHours)) > > ## > ## Group mapping info > ## > objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top > AUXILIARY > DESC 'Samba Group Mapping' > MUST ( gidNumber $ sambaSID $ sambaGroupType ) > MAY ( displayName $ description $ sambaSIDList )) > > ## > ## Trust password for trust relationships (any kind) > ## > objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top > STRUCTURAL > DESC 'Samba Trust Password' > MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) > MAY ( sambaSID $ sambaPwdLastSet )) > > ## > ## Whole-of-domain info > ## > objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top > STRUCTURAL > DESC 'Samba Domain Information' > MUST ( sambaDomainName $ > sambaSID ) > MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ > sambaAlgorithmicRidBase ) ) > > ## > ## used for idmap_ldap module > ## > objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top > AUXILIARY > DESC 'Pool for allocating UNIX uids/gids' > MUST ( uidNumber $ gidNumber ) ) > > > objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top > AUXILIARY > DESC 'Mapping from a SID to an ID' > MUST ( sambaSID ) > MAY ( uidNumber $ gidNumber ) ) > > objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top > STRUCTURAL > DESC 'Structural Class for a SID' > MUST ( sambaSID ) ) > > objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top > AUXILIARY > DESC 'Samba Configuration Section' > MAY ( description ) ) > > objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top > STRUCTURAL > DESC 'Samba Share Section' > MUST ( sambaShareName ) > MAY ( description ) ) > > objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top > STRUCTURAL > DESC 'Samba Configuration Option' > MUST ( sambaOptionName ) > MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ > > sambaStringListoption $ description ) ) > > > objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top > AUXILIARY > DESC 'Samba Privilege' > MUST ( sambaSID ) > MAY ( sambaPrivilegeList ) ) > > > > David Sonenberg > Systems / Network Administrator > Stroz Friedberg, LLC > 15 Maiden Lane, Suite 1208 > New York, NY 10038 > 212.981.6527 (o) | 917.495.4918 (c) > > -Original Message- > From: Paul Gienger [mailto:[EMAIL PROTECTED] > Sent: Monday, December 27, 2004 3:35 PM > To: David Sonenberg > Cc: samba@lists.samba.org > Subject: Re: [Samba] PDC + LDAP > > >Attached are my slapd.conf and samba.schema (modified for security.) > > Attachments are stripped by this (and dare I say most) list(s). Since > it's all just text, why not paste it in at the end of your post. > > -- > -- > Paul GiengerOffice: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax:701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP
> include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/samba.schema > include /etc/openldap/schema/nis.schema Order is important, schema files have dependencies. samba.schema requires nis.schema, thus nis.schema must be included first. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
> it instructs to run /sbin/splapindex -f /splapd.conf When I run this I > get the following error: > /etc/openldap/schema/samba.schema: line 423: AttributeType not found: > "gidNumber" > slapindex: bad configuration file! samba.schema requires the posix/nis schema from RFC2307 to be loaded first, this is a dependency. Fix your schema includes. > Attached are my slapd.conf and samba.schema (modified for security.) There is no need to send your samba.schema, everone's is the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP
165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList )) ## ## Trust password for trust relationships (any kind) ## objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL DESC 'Samba Trust Password' MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet )) ## ## Whole-of-domain info ## objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase ) ) ## ## used for idmap_ldap module ## objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) ) objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY DESC 'Samba Privilege' MUST ( sambaSID ) MAY ( sambaPrivilegeList ) ) David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane, Suite 1208 New York, NY 10038 212.981.6527 (o) | 917.495.4918 (c) -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Monday, December 27, 2004 3:35 PM To: David Sonenberg Cc: samba@lists.samba.org Subject: Re: [Samba] PDC + LDAP >Attached are my slapd.conf and samba.schema (modified for security.) > > Attachments are stripped by this (and dare I say most) list(s). Since it's all just text, why not paste it in at the end of your post. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
Attached are my slapd.conf and samba.schema (modified for security.) Attachments are stripped by this (and dare I say most) list(s). Since it's all just text, why not paste it in at the end of your post. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/LDAP
Le Wed, Jan 28, 2004 at 10:36:59AM +0100, asky a ecrit: > Hi, > > I'm using Redhat 8.0, samba-3.0, openladp-2.0.25 and sambatools-0.8.3 to > setup a PDC. > When I run smbldap-populate I get the following error: I think that the masterDN and masterPw defined in /etc/smbldap-tools/smbldap_bind.conf does not allow the account to have write access in the directory, is he ? -- Jérôme > [EMAIL PROTECTED] root]# smbldap-populate > Using builtin directory structure > adding new entry: dc=nijacol,dc=net > failed to add entry: Already exists at /usr/local/sbin/smbldap-populate > line 384, line 2. > adding new entry: ou=Users,dc=nijacol,dc=net > failed to add entry: Already exists at /usr/local/sbin/smbldap-populate > line 384, line 3. > adding new entry: ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 4. > adding new entry: ou=Computers,dc=nijacol,dc=net > failed to add entry: Already exists at /usr/local/sbin/smbldap-populate > line 384, line 5. > adding new entry: uid=Administrators,ou=Users,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 6. > adding new entry: uid=nobody,ou=Users,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 7. > adding new entry: cn=Domain Admins,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 8. > adding new entry: cn=Domain Users,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 9. > adding new entry: cn=Domain Guests,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 16. > adding new entry: cn=Print Operators,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 17. > adding new entry: cn=Backup Operators,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 18. > adding new entry: cn=Replicator,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 19. > adding new entry: cn=Domain Computers,ou=Groups,dc=nijacol,dc=net > failed to add entry: no write access to parent at > /usr/local/sbin/smbldap-populate line 384, line 19. > [EMAIL PROTECTED] root]# > > Also, when I shutdown, I can only login from single user mode after > disabling services using authconfig (ldap etc). > I know I'm not doing something right but I just can't figure it out . Any > help would be appreciated. > > Asky > > > > -- > This message has been scanned for viruses and > dangerous content by Nijacol Email Protection Service > ([EMAIL PROTECTED]), and is believed to be clean. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/LDAP
Hi, Looks like you dont have write access to your ldap-directory. Make sure that you have the modified the "smbldap_conf.pm" file to match your LDAP configuration (slapd.conf). Look for "$binddn" Also check your smb.conf LDAP config, has to match too ;-) Best regards //Erik asky wrote: Hi, I'm using redhat 8.0 samba-3.0 and smbatool-0.8.3. when i run smbldap-populat, i get the following errors [EMAIL PROTECTED] root]# smbldap-populate using builtin directory structure adding new entry: dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, line 2. adding new entry: ou=Users,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, line 3. adding new entry: ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 4. adding new entry: ou=Computers,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, line 5. adding new entry: uid=Administratorou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 6. adding new entry: uid=nobody,ou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 7. adding new entry: cn=Domain Admins,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 8. adding new entry: cn=Domian Users,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 9. adding new entry: cn=Domain Guests,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 16. adding new entry: cn=Print Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 17. adding new entry: cn=Backup Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 18. failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 18. adding new entry: cn=Replicator,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 19. adding new entry: cn=Domain Computers,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, line 19. [EMAIL PROTECTED] root]# Also, I can't seem to login unless I go to single user mode and disable authconfig services (ldap etc) I know i'm not doing somthing right but I just can't figure it out. any help will be appreciated. Asky -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/LDAP/SAMBA3/NT4
Hy! I followed step by step that this in the address above. > http://www.hilinski.net/samba/ But when I execute, 'script smbldap-populate.pl', appears the following errors. What it can be this? In annex it follows my archives of configuration. My system is 'RedHat 9.0' with Samba-3. []´s Fabio Jr. - Original Message - From: "Carl J. Hilinski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 26, 2003 2:52 PM Subject: [Samba] PDC/LDAP/SAMBA3/NT4/winbind/trusted domains corrections > If you wanted to follow my steps for setting up a samba PDC in a trusted > domain with NT4, please note that there are some corrections. I had a > second person follow my steps and we found some problems. > > First, the link I originally posted as incomplete. It needs a slash at > the end. The correct link is: > > http://www.hilinski.net/samba/ > > The doc file posted there was corrected today, 11/26/2003 at 11:30 a.m. > est. > > I have some questions while I am posting. > > #1. If you use winbind, is there any reason to put the add machine, add > user, etc., scripts in smb.conf? It seems winbind doesn't bother with > these. > > #2. Along the same lines, if you use winbind is there any reason to do > the group mapping between nt groups and unix groups? > > #3. According to the docs, "winbind gid" is supposed to be a synonym for > "idmap ." I don't think that works in the latest prerelease code. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP + W2K-SP4 Domain logon
This may be a long shot, but does your work environment use a WINS server? I found out recently that mine does, and by changing WINS support = yes to WINS server = 'ip address', i got the domain thing to work. I kept getting the same error you did. Cheers S On Mon, 25 Aug 2003 15:09:05 +0200 [EMAIL PROTECTED] wrote: > Dear all, > > > ___Setup: > - several wINDOWS 2000 workstations on SP4 (reg-patches applied, they > worked on 2.x-stable) > - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in > unix & samba) > - OpenLDAP (2.1.12) <-- (Not really relevant since I tried without ldap > too, so no info about that from this point) > - Linux 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown > (debian) > > (- also tried Samba PDC (2.x.stable)) > _ > > ___My Problem: > Since attempting to upgrade to Samba 3.0 clients are unable to logon to > my samba-domain. > __ > > > ___Scenario: > at server side(linux samba PDC): > > - 'testparm' command succeeds. > - Samba PDC started with all systems up and running (smbd/nmbd/winbindd) > - Tests through 'net join' command succeeds. > - Test through 'smbclient -L ' succeeds aswell. > *- Test through 'smbclient -L ' FAILS! > Result: > > Sharename Type Comment > - --- > E$ Disk Default share > IPC$ IPC Remote IPC > ADMIN$ Disk Remote Admin > C$ Disk Default share > session request to failed (Called name not present) > session request to *SMBSERVER failed (Called name not present) > NetBIOS over TCP disabled -- no workgroup available > > *quite strange error since it returns the shares?! > > ---> going on anyway ---> > > at client side(w2k): > > - login on client with local administrator-account. > - browsing network IFS results in seeing only > the windows-2000 machines in the network and NOT the samba PDC. > - if I attempt to connect to '\\' I do get a request > for my login and password. Login works and I can browse shares. > - I use 'net use * /d /yes' to be able to join the domain with a > clean-sheet. > - if I attempt to join the domain IFS I get the following error: > > The following error ocurred validating the name "IFS". > This condition may be caused by a DNS lookup problem. > For information about troubleshooting common DNS lookup problems, > please see the following Microsoft web site: > http://go.microsoft.com/fwlink/?LinkId=5171 > > The specified domain either does not exist or could not be > contacted. > [ OK ] > > went to the link and followed instruction in how far possible with > Samba > and saw something about the _ldap._tcp.dc_msdcs record. > added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but > still no succes > (thought that wouldn't do much anyway, since the link says it's only > to reduce unneccessary traffic). > Samba show's _only changes in nmbd-logfile_: > > [2003/08/25 14:30:00, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > 10.21.32.1: found. > [2003/08/25 14:30:00, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > UNICAST_SUBNET: found. > [2003/08/25 14:30:00, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > UNICAST_SUBNET: found. > [2003/08/25 14:30:05, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > 10.21.32.1: found. > [2003/08/25 14:30:05, 4] > nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet 10.21.32.1: netmask= > 255.255.255.0: > IFS(1) current master browser = >400c992b (Samba CVS 3.0.0rc2) > [2003/08/25 14:30:05, 4] > nmbd/nmbd_workgroupdb.c:dump_workgroups(284) > dump_workgroups() > dump workgroup on subnet UNICAST_SUBNET: netmask= > 10.21.32.1: > IFS(1) current master browser = UNKNOWN >4009992b (Samba CVS 3.0.0rc2) > [2003/08/25 14:30:05, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > UNICAST_SUBNET: found. > [2003/08/25 14:30:05, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet > UNICAST_SUBNET: found. > [2003/08/25 14:30:10, 4] > nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) > find_workgroup_on_subnet: workgroup search for IFS on subnet