[Samba] Re: Samba PDC Ldap integration
Thanks guys I fixed the problem, it was not actually a software problem. The switch the server was on was stuffed, It kept dropping out. Thanks for all your help On Jan 3, 2008 3:01 PM, Andy [EMAIL PROTECTED] wrote: Hello all I have set up a Debian etch server with a samba and ldap integration. domain master = yes domain logons = yes os level = 33 preferred master = yes local master = yes passdb backend = ldapsam:ldap://localhost/ ldap admin dn = cn=admin,dc=test,dc=net ldap suffix =dc=test,dc=net ldap user suffix = ou=users ldap machine suffix = ou=machines ldap group suffix = ou=groups ldap password sync = yes I have added the machine into LDAP as a samba 3 machine. I have added a user to the domain admins group. When I try to connect a PC to the domain a error message pops up saying the following error occurred attempting to join the domain test: The specific network name is no longer available Would some know the cause of this? -- REGARDS, Andy Z -- REGARDS, Andy Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba pdc ldap without roaming profiles
to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba pdc ldap without roaming profiles
Theres a difference between whats in the smb.conf and whats stored with the user entries in the ldap backend. Thanks anyway. bob_bipbip schrieb: to disable roaming profile for everybody, i'd use this un smb.conf: logon drive = logon home = yes, it's blank ;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please?= For your profiles.]
Ok, ill see if i can setup a wiki which i will maintain, i'v got the servers etc, but i'm not so in to buildin a web site, i'll notify the samba list when ready. I use only debian for my servers and setup, i have lots of experience with login scrips etc. atm on windows and novell platforms, i have running debian with samba, ldap, cups, acl,etc3, pnp print setup (raw printing), fax is in progress, kix login script, use of usrmgr, and ldapadmin. Im trying to integrate postfix and exchange 4linux into it, and also i'mlokking at the hula project. When ready i'll put a howto for this on my wiki. Greetz louis -Original Message- From: Gerald (Jerry) Carter[EMAIL PROTECTED] Sent: 07-10-05 18:15:01 To: Craig White[EMAIL PROTECTED] Cc: samba@lists.samba.orgsamba@lists.samba.org Subject: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please?= For your profiles.] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRp8FIR7qMdg1EfYRApmYAJ9CrvBqWk/ZMHgAmfLGAoBm6jlrIACfcMxD VUqUozi8hudDVzpivApFjyM= =EQBj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.
Hi, For the profile problems. This is my working config. in the smb.conf (global setting ) ## MISC PROFILE logon script = logon.cmd logon home = \\%L\%U logon path = \\%L\profiles\%U logon drive = P: and [profiles] path = /home/samba/profiles comment = Profiel omgeving read only = no create mask = 0600 directory mask = 0700 ## browseable = yes can be no also, but i need it to be browsable. ## if you want it browsable but not shown, add a $ behind [profiles$] ## and same in the logon path above. browseable = Yes guest ok = Yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins when this is done. add 2 registry keys. /cut_here REGEDIT4 ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 /cut_here this wil work, and many thanks for who help me out some time ago ;-) Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Ryan Taylor Verzonden: donderdag 6 oktober 2005 17:56 Aan: samba@lists.samba.org Onderwerp: [Samba] Re: SAMBA/PDC + LDAP HELP please? Ok, I figured it out!! Thank you for the help and for others the change was in /etc/ldap.conf and I had: rootbinddn = cn=root,ou=???,dc=beefylinux,dc=com i removed the ou=group after root and changed rootbinddn to just binddn and that did it.. Everything works great except for the profiles which the windows machine doesn't seem to know about %L variable. I imagine this is because I am on Samba 3.0.10 not 3.0.20a so maybe its a new variable... Anyway, just wanted to say Thank you to everyone for the help. The microsoft rep. assigned to out company is not going to be happy next week when time to renew!! ha, i love it. --Ryan Taylor [EMAIL PROTECTED] Micro Consultants -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.
On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: when this is done. add 2 registry keys. /cut_here REGEDIT4 ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] requiresignorseal=dword: signsecurechannel=dword: ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 /cut_here - I hate to see people encouraged to apply unnecessary fixes that were suggested to work around issues that were created as temporary solutions to the moving target of Windows. requiresignorseal / signsecurechannel issues have long since been fixed in Samba - no need for those registry changes - this was a Samba 2.x issue. I am pretty certain that the 'CompatibleRUPSecurity' registry patch isn't needed any longer as well, I think that was an issue created from original release of WinXP SP1 The 'ExcludeProfileDirs' - those folders should have been excluded automatically. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.
realy, thank you for notifing me.. but why is this then in the manual http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html Windows XP Service Pack 1 There is a security check new to Windows XP (or maybe only Windows XP service pack 1). It can be disabled via a group policy in the Active Directory. The policy is called: Computer Configuration\Administrative Templates\System\User Profiles\ Do not check for user ownership of Roaming Profile Folders ( is same as CompatibleRUPSecurity=dword:0001 ) And yes this is also in SP2. I used this to avoid problems, and it works for me. As i see in the sambalist lots of people have the same problems and questions so therefor i give them my working config, And this is what i did. that of the requiresignorseal / signsecurechannel i didnt know, so im going to test this in my 2e office location. thank you voor notifing me for that. the ExcludeProfileDirs is used in my default user profile. and this are the default directories : Geschiedenis, Local Settings, Temp en Temporary Internet Files default there is also Local Settings.. and i want these to move also in to the profile dir on the server, there are files in i need when users move to an other pc. for example. %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( extend.dat ) Stores a reference to which extensions (addins) you have loaded. %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials Contains setting of my users, so i excluded this out of the excludeprofiledir just some comment.. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Craig White Verzonden: vrijdag 7 oktober 2005 14:39 Aan: samba@lists.samba.org Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles. On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: when this is done. add 2 registry keys. /cut_here REGEDIT4 ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;-- --- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters] requiresignorseal=dword: signsecurechannel=dword: ;-- --- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 /cut_here - I hate to see people encouraged to apply unnecessary fixes that were suggested to work around issues that were created as temporary solutions to the moving target of Windows. requiresignorseal / signsecurechannel issues have long since been fixed in Samba - no need for those registry changes - this was a Samba 2.x issue. I am pretty certain that the 'CompatibleRUPSecurity' registry patch isn't needed any longer as well, I think that was an issue created from original release of WinXP SP1 The 'ExcludeProfileDirs' - those folders should have been excluded automatically. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.
On Fri, 2005-10-07 at 15:51 +0200, Louis van Belle wrote: realy, thank you for notifing me.. but why is this then in the manual http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html Windows XP Service Pack 1 There is a security check new to Windows XP (or maybe only Windows XP service pack 1). It can be disabled via a group policy in the Active Directory. The policy is called: Computer Configuration\Administrative Templates\System\User Profiles\ Do not check for user ownership of Roaming Profile Folders ( is same as CompatibleRUPSecurity=dword:0001 ) And yes this is also in SP2. I used this to avoid problems, and it works for me. As i see in the sambalist lots of people have the same problems and questions so therefor i give them my working config, And this is what i did. that of the requiresignorseal / signsecurechannel i didnt know, so im going to test this in my 2e office location. thank you voor notifing me for that. the ExcludeProfileDirs is used in my default user profile. and this are the default directories : Geschiedenis, Local Settings, Temp en Temporary Internet Files default there is also Local Settings.. and i want these to move also in to the profile dir on the server, there are files in i need when users move to an other pc. for example. %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( extend.dat ) Stores a reference to which extensions (addins) you have loaded. %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials Contains setting of my users, so i excluded this out of the excludeprofiledir just some comment.. - good points - perhaps John Terpstra might want to comment on the 'CompatibleRUPSecurity' registry setting and continuity of this setting. I haven't bothered with it and haven't had any issues. I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRp8FIR7qMdg1EfYRApmYAJ9CrvBqWk/ZMHgAmfLGAoBm6jlrIACfcMxD VUqUozi8hudDVzpivApFjyM= =EQBj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.
On Friday 07 October 2005 07:51, Louis van Belle wrote: realy, thank you for notifing me.. but why is this then in the manual http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html Windows XP Service Pack 1 There is a security check new to Windows XP (or maybe only Windows XP service pack 1). It can be disabled via a group policy in the Active Directory. The policy is called: Computer Configuration\Administrative Templates\System\User Profiles\ Do not check for user ownership of Roaming Profile Folders ( is same as CompatibleRUPSecurity=dword:0001 ) And yes this is also in SP2. This was user contributed documentation. The HOWTO document is a broad collection of tips, explanations, hints, and detailed explanations of the inner workings of Samba. I have re-read the chapter and believe the information is still useful, though it could do with some updating. Please take note though, the HOWTO is NOT a deployment guide. Is anyone volunteering to review and revise this chapter? I do not have time right now. Detailed example configurations for Samba, support software and Windows clients is provided in the book Samba-3 by Example ISBN 013188221X, available from Amazon.Com and in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Samba3 by Example is a prescriptive guidance document that provides detailed, step-by-step, deployment information for complete networking solutions. The book, The Official Samba-3 HOWTO and Reference Guide is NOT a deployment guide, but it provides detailed documentation of the various capabilities and components of Samba - without showing detailed deployment steps. Cheers, John T. I used this to avoid problems, and it works for me. As i see in the sambalist lots of people have the same problems and questions so therefor i give them my working config, And this is what i did. that of the requiresignorseal / signsecurechannel i didnt know, so im going to test this in my 2e office location. thank you voor notifing me for that. the ExcludeProfileDirs is used in my default user profile. and this are the default directories : Geschiedenis, Local Settings, Temp en Temporary Internet Files default there is also Local Settings.. and i want these to move also in to the profile dir on the server, there are files in i need when users move to an other pc. for example. %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook ( extend.dat ) Stores a reference to which extensions (addins) you have loaded. %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials Contains setting of my users, so i excluded this out of the excludeprofiledir just some comment.. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Craig White Verzonden: vrijdag 7 oktober 2005 14:39 Aan: samba@lists.samba.org Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles. On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote: when this is done. add 2 registry keys. /cut_here REGEDIT4 ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] ExcludeProfileDirs=Temporary Internet Files;History;Temp ;-- --- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters] requiresignorseal=dword: signsecurechannel=dword: ;-- --- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 /cut_here - I hate to see people encouraged to apply unnecessary fixes that were suggested to work around issues that were created as temporary solutions to the moving target of Windows. requiresignorseal / signsecurechannel issues have long since been fixed in Samba - no need for those registry changes - this was a Samba 2.x issue. I am pretty certain that the 'CompatibleRUPSecurity' registry patch isn't needed any longer as well, I think that was an issue created from original release of WinXP SP1 The 'ExcludeProfileDirs' - those folders should have been excluded automatically. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRsHpIR7qMdg1EfYRAqDnAKC2y+4gW5ZawOjSQ4V/h9RFEAlWkgCg1h4I 5KHpupjaqWNbMKZa95guBJ0= =tieJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.]
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: wiki.samba.org ? [was Re: [Samba] Re: SAMBA/PDC + LDAP HELP please? = For your profiles.]
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. baah, some time ago I asked the same question :) when I couldn't join XP machines to the domain (where Windows 2000 was working fine) - I spent a couple of hours trying to figure out what's wrong (some old wins.dat / browse.dat on that test server was the cause). But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? that's the whole beauty of wiki (at least mediawiki I used, and which is used by wikipedia.org): - you can easily see recent changes (new pages/articles, changes on pages, who made them etc.) - you can easily compare changes (i.e. compare the state of an article/page we have now with the state we had previously) - so it's just a matter of seconds to spot if someone posted crap or something valuable I think the most important thing (and the hardest, too) would be to design good categories to post articles in (some articles would be of course in multiple categories), like: - different Samba versions (2, 3, 4...) - backends - printing - configuration - installation etc. Basically, lots of categories could come from Samba HOWTO, but wouldn't be just the articles copied/pasted from the HOWTO, but something posted by the users, and eventually commented, corrected etc. I could imagine myself commenting the sign'n'seal hack :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: wiki.samba.org ? [was Re: Re: SAMBA/PDC + LDAP HELP please? = For your profiles.]
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Chmielewski wrote: Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Craig White wrote: I wonder if having some sort of wiki on samba web site wouldn't be useful for things like logon scripts and registry settings to be shared/discussed so they had their own longevity and current appropriateness as email archives don't often reflect the changing nature of things and sometimes the samba documentation has different objectives. We've talked about it before but there is a fear that a wiki would turn into a propogation mechanism for Samba urban legends. Someone (or a team of people) would need act as editors. Truthfully, if it were done right, it would be probably be a good thing. But if it weren't it would be a really bad thing. It's definitley too much for the developers to take on. IMHO Samba wiki could be a great source of info for both new and advanced users. Why should Samba wiki turn into something bad, if lots of other open source projects have wikis too, and they are useful? :-) We have a tremendous amount of urban legend on this list. Just count the number of times someone as suggested the sign-n-seal registry file for XP clients using a Samba 3.0.x server. But we have at least one volunteer, Craig. And I told him I would look into it. So we'll see what happens. Anyone else interested in monitoring/editing a wiki to ensure accurate information? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDRsHpIR7qMdg1EfYRAqDnAKC2y+4gW5ZawOjSQ4V/h9RFEAlWkgCg1h4I 5KHpupjaqWNbMKZa95guBJ0= =tieJ -END PGP SIGNATURE- I'm new, but I'd help where I could. Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA/PDC + LDAP HELP please?
Ok, I figured it out!! Thank you for the help and for others the change was in /etc/ldap.conf and I had: rootbinddn = cn=root,ou=???,dc=beefylinux,dc=com i removed the ou=group after root and changed rootbinddn to just binddn and that did it.. Everything works great except for the profiles which the windows machine doesn't seem to know about %L variable. I imagine this is because I am on Samba 3.0.10 not 3.0.20a so maybe its a new variable... Anyway, just wanted to say Thank you to everyone for the help. The microsoft rep. assigned to out company is not going to be happy next week when time to renew!! ha, i love it. --Ryan Taylor [EMAIL PROTECTED] Micro Consultants -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP, cannot access LDAP when not root (SOLVED)
On Tue, 2005-09-27 at 16:34 -0400, David Clymer wrote: I'm using Debian Sarge, Samba (3.1.14a) with the ldapsam backend, and OpenLDAP (2.2.23). When attempting to join an Windows XP+SP2 computer (BILLGATES) to my domain (WORKGROUP), using the Administrator account, I am told by windows: 'Access denied.' The logs (attached) seem to indicate that the user Administrator is being authenticated (which would have? to use LDAP), but when It goes to add the computer to the domain, it fails. Apparently because samba is unable to access LDAP: smbldap_open: cannot access LDAP when not root.. nobody and Administrator are the only users on the domain. An interesting phenomenon that I've observed (perhaps it is related?): testbox:/etc/samba# pdbedit -L Administrator:998:Administrator nobody:65534:nobody testbox:/etc/samba# net -U Administrator rpc group members 'Domain Computers' Password: WORKGROUP\BILLGATES$ testbox:/etc/samba# net -U Administrator rpc group members 'Domain Admins' Password: WORKGROUP\Administrator testbox:/etc/samba# net -U Administrator rpc group members 'Administrators' Password: [2005/09/27 16:05:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds Couldn't list alias members I don't understand why Administrators group listing fails, while the others don't. Google searches yielded a bunch of similar problems for early versions of samba 3.0, related to modification of user groups. However that bug was supposedly fixed, and I've seen no reports of it occuring in later versions. There are no open bugs, that I could find, related to this on bugzilla.samba.org. Is there any type of (mis)configuration that could result in the same sort of symptom? attached is my smb.conf, smbldap.conf, and my samba log output (debug level=4) I would be very grateful for any ideas, FMs to R, magic wands, etc. that anyone might have to offer. The FM to (re)R was the smb.conf man page ;o) The solution: add this to smb.conf: enable privileges = yes This allows you to grant special privileges to users (see man smb.conf for more detail) reload the samba config: $ smbcontrol smbd reload-config and grant the necessary rights to Administrator: $ net -U Administrator rpc rights list SeMachineAccountPrivilege Add machines to domain SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeRemoteShutdownPrivilege Force shutdown from a remote system SeDiskOperatorPrivilege Manage disk shares $ net -U Administrator rpc rights list Administrator $ net -U Administrator rpc rights grant Administrator SeMachineAccountPrivilege Successfully granted rights. Now one can add machines to the domain. Better yet, the administrator account does _not_ have to have a uid of 0! -davidc -- Under-Achievers Anonymous has an 11-step program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba + PDC + LDAP (Sun One DS 5.2, Messaging and Identity)
Hafiz Abdul Rehman [EMAIL PROTECTED] wrote: I am planing to install Samba as PDC for Windows XP Machines and LDAP (Sun ONE DS 5.2 + Messaging + Identity ) as backend sam if some one have already setup this kind of environment and can write down the steps in which order i have to install and configure products what would be great I'd suggest thinking about the design a bit more - the basic question is: what is the purpose of Sun Messaging and Identity Servers ? The latter might be highly useful (at least judging from specs) when integrating with legacy MS Active Directory but I can't think of any use of the former ;-) The Directory Server is a very solid and feature rich Ldap implementation though. What you will need to tweak: - uploading the samba schema - configuring the TLS for secure communication with samba If you're going to deploy samba on Solaris I'd suggest compiling with openldap libraries. But do not switch the whole solaris ldap client side to it. The native tools are very mature and can be configured easily with DS in a secure way (because of proxyagent). Let us know if you have any specific problem. Cheers, -- Michal Kurowski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP group mappings
Alright now that samba can talk to LDAP I have a blank slate. I know I need to setup group mappings, but I'm a little confused about this. Since it's an ldap backend do the groups need to have unix counterparts? Yes, it is group mapping; you must have group to map to. Should I use the net groupmap command to add the mappings or should I use an LDIF file? You must use net groupmap unless you want to calculate the SIDs/RIDs yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP group mappings
@lists.samba.org Subject: Re: [Samba] PDC + LDAP group mappings Alright now that samba can talk to LDAP I have a blank slate. I know I need to setup group mappings, but I'm a little confused about this. Since it's an ldap backend do the groups need to have unix counterparts? Yes, it is group mapping; you must have group to map to. Should I use the net groupmap command to add the mappings or should I use an LDIF file? You must use net groupmap unless you want to calculate the SIDs/RIDs yourself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP group mappings
On Thursday 30 December 2004 10:34, David Sonenberg wrote: Alright now that samba can talk to LDAP I have a blank slate. I know I need to setup group mappings, but I'm a little confused about this. Since it's an ldap backend do the groups need to have unix counterparts? Should I use the net groupmap command to add the mappings or should I use an LDIF file? David, This subject comes up on this list ad nauseum! I am responding in full in the hope that we can get this sorted out so that others who do their homework before asking here will find the answers they need. I have tried to document this in the Samba-HOWTO-Collection and in the Samba-Guide (Samba-3 by Example books). Suggest you check out chapter 6 of the book, Samba-4 by Example. You can download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf If you get lost give me a shout. If the documentation is not clear enough and has too much fog-factor, please promise us all that when this becomes clear to you you will help to improve the documentation. Feedback, improvement in clarifty and corrections are always welcome. For the record: = If you use LDAP with Samba it is essential that ALL your UNIX (POSIX) accounts (both for users and for groups) are in the LDAP backend. Samba requires the SambaSAM account data also in LDAP. It is NOT possible with Samba to have only the SambaSAM account information in LDAP and not the UNIX accounts in LDAP. Additionally, it is essential that all accounts will translate unambiguously between Windows credentials and UNIX credentials. This means that any UID must translate to exactly one (and one only) MS Windows SID. Every SID must translate (map) to precisely one UID or GID. Every GID must map to precisely one SID and vica versa. The net groupmap utility provides the connection between a Windows NT Group and the UNIX (POSIX) group. What this does is it tells Samba that when a Windows user accesses the Samba server that user will be treated by the UNIX operating system as if he is accessing UNIX directly as the mapped account. For Example: A Windows user is called 'billyboy' and is a member of Windows groups Domain Users, Engineers, and Goodguys, and his primary group is Goodguys. In your LDAP based POSIX backend the UNIX account is called 'billyboy' with UID = 1106. Group mappings are set so that: Windows NT Group== UNIX group - Domain Users - users (group id = 500) Domain Guests - nobody (group id = 65534) Domain Admins - root (group id = 0) Engineers - engineers (group id = 1211) Goodguys - goodguys (group id = 1235) Then for all UNIX file system access the user 'billyboy' will have the following UNIX credentials: UID: 1106 Primary group ID: 1235 Additional group memberships IDs: 500, 1211 That is the information that should be returned if you execute in a UNIX shell: id billyboy You can manually populate your LDAP database using an LDIF file to set all this up, but if you use the Idealx scripts this is all neatly done for you. I hope that helps to explain the connections. Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
Attached are my slapd.conf and samba.schema (modified for security.) Attachments are stripped by this (and dare I say most) list(s). Since it's all just text, why not paste it in at the end of your post. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP
) ) objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) ) objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY DESC 'Samba Privilege' MUST ( sambaSID ) MAY ( sambaPrivilegeList ) ) David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane, Suite 1208 New York, NY 10038 212.981.6527 (o) | 917.495.4918 (c) -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Monday, December 27, 2004 3:35 PM To: David Sonenberg Cc: samba@lists.samba.org Subject: Re: [Samba] PDC + LDAP Attached are my slapd.conf and samba.schema (modified for security.) Attachments are stripped by this (and dare I say most) list(s). Since it's all just text, why not paste it in at the end of your post. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
it instructs to run /sbin/splapindex -f /splapd.conf When I run this I get the following error: /etc/openldap/schema/samba.schema: line 423: AttributeType not found: gidNumber slapindex: bad configuration file! samba.schema requires the posix/nis schema from RFC2307 to be loaded first, this is a dependency. Fix your schema includes. Attached are my slapd.conf and samba.schema (modified for security.) There is no need to send your samba.schema, everone's is the same. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC + LDAP
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/nis.schema Order is important, schema files have dependencies. samba.schema requires nis.schema, thus nis.schema must be included first. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
' MUST ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) ) objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY DESC 'Samba Privilege' MUST ( sambaSID ) MAY ( sambaPrivilegeList ) ) David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane, Suite 1208 New York, NY 10038 212.981.6527 (o) | 917.495.4918 (c) -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Monday, December 27, 2004 3:35 PM To: David Sonenberg Cc: samba@lists.samba.org Subject: Re: [Samba] PDC + LDAP Attached are my slapd.conf and samba.schema (modified for security.) Attachments are stripped by this (and dare I say most) list(s). Since it's all just text, why not paste it in at the end of your post. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP
On Monday 27 December 2004 13:44, Adam Tauno Williams wrote: it instructs to run /sbin/splapindex -f /splapd.conf When I run this I get the following error: /etc/openldap/schema/samba.schema: line 423: AttributeType not found: gidNumber slapindex: bad configuration file! samba.schema requires the posix/nis schema from RFC2307 to be loaded first, this is a dependency. Fix your schema includes. Attached are my slapd.conf and samba.schema (modified for security.) There is no need to send your samba.schema, everone's is the same. Not quite! The Samba schema has changed over time. Samba 2.x, 3.0.0-3.0.5, 3.0.6-current are different schemas. Not everyone is using the latest version of Samba: In fact, over 60% of the Samba installed base is at least one generation out of date! I do not want to sound like I am nit-picking, but this is an important point. You must use the version of the schema that matches your version of Samba. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/LDAP
Hi, Looks like you dont have write access to your ldap-directory. Make sure that you have the modified the smbldap_conf.pm file to match your LDAP configuration (slapd.conf). Look for $binddn Also check your smb.conf LDAP config, has to match too ;-) Best regards //Erik asky wrote: Hi, I'm using redhat 8.0 samba-3.0 and smbatool-0.8.3. when i run smbldap-populat, i get the following errors [EMAIL PROTECTED] root]# smbldap-populate using builtin directory structure adding new entry: dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 2. adding new entry: ou=Users,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 3. adding new entry: ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 4. adding new entry: ou=Computers,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 5. adding new entry: uid=Administratorou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 6. adding new entry: uid=nobody,ou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 7. adding new entry: cn=Domain Admins,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 8. adding new entry: cn=Domian Users,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 9. adding new entry: cn=Domain Guests,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 16. adding new entry: cn=Print Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 17. adding new entry: cn=Backup Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 18. failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 18. adding new entry: cn=Replicator,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 19. adding new entry: cn=Domain Computers,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 19. [EMAIL PROTECTED] root]# Also, I can't seem to login unless I go to single user mode and disable authconfig services (ldap etc) I know i'm not doing somthing right but I just can't figure it out. any help will be appreciated. Asky -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/LDAP
Le Wed, Jan 28, 2004 at 10:36:59AM +0100, asky a ecrit: Hi, I'm using Redhat 8.0, samba-3.0, openladp-2.0.25 and sambatools-0.8.3 to setup a PDC. When I run smbldap-populate I get the following error: I think that the masterDN and masterPw defined in /etc/smbldap-tools/smbldap_bind.conf does not allow the account to have write access in the directory, is he ? -- Jérôme [EMAIL PROTECTED] root]# smbldap-populate Using builtin directory structure adding new entry: dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 2. adding new entry: ou=Users,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 3. adding new entry: ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 4. adding new entry: ou=Computers,dc=nijacol,dc=net failed to add entry: Already exists at /usr/local/sbin/smbldap-populate line 384, GEN1 line 5. adding new entry: uid=Administrators,ou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 6. adding new entry: uid=nobody,ou=Users,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 7. adding new entry: cn=Domain Admins,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 8. adding new entry: cn=Domain Users,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 9. adding new entry: cn=Domain Guests,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 16. adding new entry: cn=Print Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 17. adding new entry: cn=Backup Operators,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 18. adding new entry: cn=Replicator,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 19. adding new entry: cn=Domain Computers,ou=Groups,dc=nijacol,dc=net failed to add entry: no write access to parent at /usr/local/sbin/smbldap-populate line 384, GEN1 line 19. [EMAIL PROTECTED] root]# Also, when I shutdown, I can only login from single user mode after disabling services using authconfig (ldap etc). I know I'm not doing something right but I just can't figure it out . Any help would be appreciated. Asky -- This message has been scanned for viruses and dangerous content by Nijacol Email Protection Service ([EMAIL PROTECTED]), and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + LDAP + W2K-SP4 Domain logon
This may be a long shot, but does your work environment use a WINS server? I found out recently that mine does, and by changing WINS support = yes to WINS server = 'ip address', i got the domain thing to work. I kept getting the same error you did. Cheers S On Mon, 25 Aug 2003 15:09:05 +0200 [EMAIL PROTECTED] wrote: Dear all, ___Setup: - several wINDOWS 2000 workstations on SP4 (reg-patches applied, they worked on 2.x-stable) - Samba PDC (CVS 3.0.0rc2) (machine accounts added aswell as users in unix samba) - OpenLDAP (2.1.12) -- (Not really relevant since I tried without ldap too, so no info about that from this point) - Linux HOSTNAME 2.4.19 #1 Fri Jun 13 15:22:09 UTC 2003 i686 unknown (debian) (- also tried Samba PDC (2.x.stable)) _ ___My Problem: Since attempting to upgrade to Samba 3.0 clients are unable to logon to my samba-domain. __ ___Scenario: at server side(linux samba PDC): - 'testparm' command succeeds. - Samba PDC started with all systems up and running (smbd/nmbd/winbindd) - Tests through 'net join' command succeeds. - Test through 'smbclient -L my samba PDC' succeeds aswell. *- Test through 'smbclient -L a windows 200 machine' FAILSpartial! Result: snip Sharename Type Comment - --- E$ Disk Default share IPC$ IPC Remote IPC ADMIN$ Disk Remote Admin C$ Disk Default share session request to w2kmachine failed (Called name not present) session request to *SMBSERVER failed (Called name not present) NetBIOS over TCP disabled -- no workgroup available /snip *quite strange error since it returns the shares?! --- going on anyway --- at client side(w2k): - login on client with local administrator-account. - browsing network IFS results in seeing only the windows-2000 machines in the network and NOT the samba PDC. - if I attempt to connect to '\\my samba pdc' I do get a request for my login and password. Login works and I can browse shares. - I use 'net use * /d /yes' to be able to join the domain with a clean-sheet. - if I attempt to join the domain IFS I get the following error: snip The following error ocurred validating the name IFS. This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please see the following Microsoft web site: http://go.microsoft.com/fwlink/?LinkId=5171 The specified domain either does not exist or could not be contacted. [ OK ] /snip went to the link and followed instruction in how far possible with Samba and saw something about the _ldap._tcp.dc_msdcs record. added that (_tcp._ldap.dc._msdcs.ifs. SRV 0 0 0 .) to my config, but still no succes (thought that wouldn't do much anyway, since the link says it's only to reduce unneccessary traffic). Samba show's _only changes in nmbd-logfile_: snip [2003/08/25 14:30:00, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet 10.21.32.1: found. [2003/08/25 14:30:00, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet UNICAST_SUBNET: found. [2003/08/25 14:30:00, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet UNICAST_SUBNET: found. [2003/08/25 14:30:05, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet 10.21.32.1: found. [2003/08/25 14:30:05, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet 10.21.32.1: netmask= 255.255.255.0: IFS(1) current master browser = sambaserver sambaserver 400c992b (Samba CVS 3.0.0rc2) [2003/08/25 14:30:05, 4] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 10.21.32.1: IFS(1) current master browser = UNKNOWN sambaserver 4009992b (Samba CVS 3.0.0rc2) [2003/08/25 14:30:05, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet UNICAST_SUBNET: found. [2003/08/25 14:30:05, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on subnet UNICAST_SUBNET: found. [2003/08/25 14:30:10, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(156) find_workgroup_on_subnet: workgroup search for IFS on
