Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something weird... I connected one notbook to another samba (v3.5.5) network. Logged in as a local user on the notebook and guess what. The complete network environment is shown. The main difference between these two networks, apart form the version number of smbd, is that the working network is based on ldap while the not working network is based on tdb. Another small difference in smb.conf: 3.5.5: name resolve order = bcast lmhosts host 3.6.12: name resolve order = wins bcast lmhosts hosts Going to check if it has any impact if I remove wins from name resolve order. And another small difference: In v3.5.5 computers are members of Domain Users while v3.6.12 lists them in Domain Computers. Also going to check if this makes any difference. The last thing I will check is if it makes any difference when I login to a local account on my client. Will keep you updated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Something I came across. Don't know if it is related. Trying to connect to a Windows 8 share from my PDC results in cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER session setup failed: NT_STATUS_INVALID_PARAMETER when client NTLMv2 auth = yes set in smb.conf. smbtree executed by a domain admin user lists all shares on PDC and nas but only the name of the client. Changing settings to client NTLMv2 auth = no client lanman auth = yes gives access to shares on the Windows 8 client. smbtree lists all adminstrative shares (C$, D$, etc.) on Windows 8 client. --- There are some entries in the samba logfile for client JOGO which seem to be problem related: [2013/02/21 12:17:27.638163, 0] rpc_server/srv_pipe.c:500(pipe_schannel_auth_bi nd) pipe_schannel_auth_bind: Attempt to bind using schannel without successful ser verauth2 [2013/02/21 12:17:27.762403, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:32.774569, 2] ../libcli/auth/credentials.c:308(netlogon_creds _server_check_internal) credentials check failed [2013/02/21 12:17:32.774681, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S erverAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client JOGO machine account JOGO$ [2013/02/21 12:17:32.777495, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_Lookup Domain) Returning domain sid for domain MyDomainName - S-1-5-21-3406496673- 2355577635-1274 693878 [2013/02/21 12:17:45.665467, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:03.168300, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:18:50.279081, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET [2013/02/21 12:21:36.293203, 2] smbd/smb2_server.c:2628(smbd_smb2_request_incom ing) smbd_smb2_request_incoming: client read error NT_STATUS_CONNECTION_RESET -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC not in network environment (Windows 7/8)
Jörg Nissen joerg at nissen.de.hm writes: Looks like I'm talking to myself all the time. Anyway, solved this small problem. Accidentally the parameter client use spnego was set to no during testing. Setting it back to yes made the client tools on the server behave normally. Still looking for help on my starting post. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
I give all of your indexes in my conf but nothing changed:
ls -l *bdb
-rw--- 1 openldap openldap 61440 Dec 3 14:22 cn.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 dc.bdb
-rw--- 1 openldap openldap 28672 Dec 3 14:22 displayName.bdb
-rw--- 1 openldap openldap 40960 Dec 3 12:29 dn2id.bdb
-rw--- 1 openldap openldap 8192 Nov 22 10:42 entryCSN.bdb
-rw--- 1 openldap openldap 8192 Nov 22 10:42 entryUUID.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 gidNumber.bdb
-rw--- 1 openldap openldap 36864 Dec 3 14:22 givenName.bdb
-rw--- 1 openldap openldap 294912 Dec 3 13:10 id2entry.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 loginShell.bdb
-rw--- 1 openldap openldap 45056 Dec 3 14:22 mail.bdb
-rw--- 1 openldap openldap 69632 Dec 3 14:22 memberUid.bdb
-rw--- 1 openldap openldap 36864 Dec 3 14:22 objectClass.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 ou.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaDomainName.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaGroupType.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaPrimaryGroupSID.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSID.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 sambaSIDList.bdb
-rw--- 1 openldap openldap 40960 Dec 3 14:22 sn.bdb
-rw--- 1 openldap openldap 45056 Dec 3 14:22 uid.bdb
-rw--- 1 openldap openldap 8192 Dec 3 14:22 uidNumber.bdb
-rw--- 1 openldap openldap 8192 Nov 20 17:03 uniqueMember.bdb
Any other suggestion?
On Fri, Nov 30, 2012 at 6:16 PM, Harry Jede walk2...@arcor.de wrote:
Am Donnerstag, 29. November 2012 schrieben Sie:
I still dont understand why ldap search filter generated by samba ( i
have this from samba log ) cannot find anything in database:
smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter =
[((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-
21-2390795950-2727105968-4008069955*))],scope = [2], pagesize =
[1024] [2012/11/29 18:15:14.227560, 3]
lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged:
search was successful
[2012/11/29 18:15:14.227647, 3]
rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context:
destroying talloc pool of size 0
If I remove sambaSID and try to find it in ldap, I will get all my
groups. Filter =
((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*))
Is this normal behavior or my ldap configuration can be incorrect?
That's not normal.
What indexes have you set?
# ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*)
olcDBIndex
This are my indexes:
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: displayName eq,sub
olcDbIndex: givenName eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: dhcpHWAddress eq
olcDbIndex: dhcpClassData eq
olcDbIndex: cn eq,pres,sub
olcDbIndex: sn eq,pres,sub
olcDbIndex: ou eq
olcDbIndex: dc eq
olcDbIndex: default sub
And this shows the files:
# cd /var/lib/ldap/
# ls -l *bdb
-rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb
-rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb
-rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb
-rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb
-rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb
-rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb
-rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb
-rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb
-rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb
-rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb
root@capella:/var/lib/ldap#
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions:
Re: [Samba] Samba PDC group list empty
Am Donnerstag, 29. November 2012 schrieben Sie:
I still dont understand why ldap search filter generated by samba ( i
have this from samba log ) cannot find anything in database:
smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter =
[((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-
21-2390795950-2727105968-4008069955*))],scope = [2], pagesize =
[1024] [2012/11/29 18:15:14.227560, 3]
lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged:
search was successful
[2012/11/29 18:15:14.227647, 3]
rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context:
destroying talloc pool of size 0
If I remove sambaSID and try to find it in ldap, I will get all my
groups. Filter =
((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*))
Is this normal behavior or my ldap configuration can be incorrect?
That's not normal.
What indexes have you set?
# ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*)
olcDBIndex
This are my indexes:
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: displayName eq,sub
olcDbIndex: givenName eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: dhcpHWAddress eq
olcDbIndex: dhcpClassData eq
olcDbIndex: cn eq,pres,sub
olcDbIndex: sn eq,pres,sub
olcDbIndex: ou eq
olcDbIndex: dc eq
olcDbIndex: default sub
And this shows the files:
# cd /var/lib/ldap/
# ls -l *bdb
-rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb
-rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb
-rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb
-rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb
-rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb
-rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb
-rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb
-rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb
-rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb
-rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb
root@capella:/var/lib/ldap#
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hello again, I do not know what On Tue, Nov 27, 2012 at 9:08 PM, Harry Jede walk2...@arcor.de wrote: On 20:15:56 wrote Andrej Šimko: net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid =users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Sorry, that I haven't seen this in your mail at 09:07 This is a working group object: # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) 2/dev/null dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users The main difference ist the objectclass posixGroup instead of sambaSidEntry. Samba Group Mapping is not a simple task. Your definition with objectclass=sambasidentry is not totally wrong, but the intended use is that you store your posixgroups in /etc/group or in NIS. With an LDAP backend that is not the best approach. I dont understand what are you trying to say :( Do you think that if I have all necessary groups in /etc/group or in NIS, than the windows computer will find grups in domain? I still dont understand why ldap search filter generated by samba ( i have this from samba log ) cannot find anything in database: smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] [2012/11/29 18:15:14.227560, 3] lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged: search was successful [2012/11/29 18:15:14.227647, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 0 If I remove sambaSID and try to find it in ldap, I will get all my groups. Filter = ((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*)) Is this normal behavior or my ldap configuration can be incorrect? Here the three standard definitions with objectclass=posixgroup ### A primary group: posix and windows primary members should NOT stored here dn: cn=teachers,ou=groups,dc=europa,dc=xx cn: teachers objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 1001 sambaSID: S-1-5-21-3958726613-3318811842-4132420312-3003 sambaGroupType: 2 displayName: teachers # getent group teachers teachers:*:1001: # net rpc group members teachers # nothing ### A regular group in posix, a global group in windows members are stored in memberUid dn: cn=DomainAdmins,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: DomainAdmins memberUid: Administrator memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 2 displayName: Domain Admins # getent group domainadmins DomainAdmins:*:512:Administrator,root # Asking for the Windows name, which is stored in displayName # net rpc group members domain admins EUROPA\Administrator EUROPA\root # Asking for the posix name, which is stored in cn # net rpc group members domainadmins EUROPA\Administrator EUROPA\root ### A windows/samba builtin group no posix members Windows members must be stored in sambaSIDList. These type of groups will be used in Windows OS (client and/or server) # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(cn=administrators)) 2/dev/null dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators # getent group administrators Administrators:*:544: # net rpc group members administrators EUROPA\Domain Admins ### -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the
Re: [Samba] Samba PDC group list empty
Hi Simo, Hi this is my listing: net -U administrator rpc group members Administrators Enter administrator's password: Couldn't list alias members Your samba server WILL not list the members of this global group, mostly a security issue. ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=S-1-5-32*))' ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=*))' dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Your LDAP client WILL list the group members. Do you know what does this mean? The reason is often wrong configured smbldap-tools. Check the /etc/smbldap-tools/smbldap.conf file for the wrong SID entry. net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 Your server and your domain have different SIDs, that may be is yor problem. Try: # net setlocalsid S-1-5-21-2390795950-2727105968-4008069955 and restart samba. Thanks. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hi Simo,
please post to the list !!!
On Tue, Nov 27, 2012 at 9:56 AM, Harry Jede walk2...@arcor.de wrote:
Hi Simo,
Hi this is my listing:
net -U administrator rpc group members Administrators
Enter administrator's password:
Couldn't list alias members
Your samba server WILL not list the members of this global group,
mostly a security issue.
User administrator has all rights, so I dont think it is a security
issue. Or do you know some checks that I could try?
ldapsearch -xLLL
'((objectclass=sambaGroupMapping)(sambaGroupType=4)
(sambaSID=S-1-5-32*))'
ldapsearch -xLLL
'((objectclass=sambaGroupMapping)(sambaGroupType=4)
(sambaSID=*))'
dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-32-545
sambaGroupType: 4
displayName: Users
gidNumber: 1
sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513
Your LDAP client WILL list the group members.
Do you know what does this mean?
The reason is often wrong configured smbldap-tools. Check the
/etc/smbldap-tools/smbldap.conf file for the wrong SID entry.
SID in smbldap.conf is:
SID=S-1-5-21-2390795950-2727105968-4008069955
So that is correct.
net getdomainsid
SID for local machine HOST is:
S-1-5-21-2242576961-186067218-2214866780 SID for domain
EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955
Your server and your domain have different SIDs, that may be is yor
problem. Try:
# net setlocalsid S-1-5-21-2390795950-2727105968-4008069955
and restart samba.
Tried that, nothing changed.
Post:
net getdomainsid
Do the following steps (enclosed with ###) in order
###
I compared my smb.conf with yours. I have ldap suffix before
ldap group suffix.
ldap suffix = dc=europa,dc=xx
ldap admin dn= cn=admin,dc=europa,dc=xx
ldap group suffix= ou=groups
ldap user suffix = ou=people,ou=accounts
ldap machine suffix = ou=machines,ou=accounts
and I have NOT installed winbindd!
###
Check if you have the groups defined in LDAP and in /etc/groups. The
groups should only be in LDAP.
###
check the admin account in ldap:
# ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null
dn: cn=admin,dc=europa,dc=xx
Check that your ldap admin password is OK.
# tdbdump /var/lib/samba/secrets.tdb
look for:
{
key(45) = SECRETS/LDAP_BIND_PW/cn=admin,dc=europa,dc=xx
data(12) = ThePassword\00
}
Try to bind with this password:
# ldapsearch -xLLL -D cn=admin,dc=europa,dc=xx -w ThePassword
((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)
(uid=users)))
Check if root get the same result:
# ldapsearch -LLLY external -H ldapi:///
((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)
(uid=users))) 2/dev/null
###
at last, search for duplicate names:
# ldapsearch -xLLL ((objectclass=sambaGroupMapping)(|(cn=users)
(displayname=users)(uid=users))) dn
You should get one result.
Thanks.
--
regards
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid=users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 ldapsearch -xLLL ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid=users))) dn dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk I do not see anything bad, I do not have installed windbindd On Tue, Nov 27, 2012 at 2:46 PM, Harry Jede walk2...@arcor.de wrote: (displayname=users)(uid=users))) dn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
On 20:15:56 wrote Andrej Šimko: net getdomainsid SID for local machine HOST is: S-1-5-21-2390795950-2727105968-4008069955 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 I compared my smb.conf with yours. I have ldap suffix before ldap group suffix. I switched that but result still the same. ldapsearch -LLLY external -H ldapi:/// cn=admin dn 2/dev/null dn: cn=admin,dc=example,dc=sk tdbdump /var/lib/samba/secrets.tdb - looks ok ( the password too ) ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users)(uid =users))) 2/dev/null dn: sambaSID=S-1-5-32-545,ou=Groups,dc=example,dc=sk objectClass: sambaSidEntry objectClass: sambaGroupMapping sambaSID: S-1-5-32-545 sambaGroupType: 4 displayName: Users gidNumber: 1 sambaSIDList: S-1-5-21-2390795950-2727105968-4008069955-513 Sorry, that I haven't seen this in your mail at 09:07 This is a working group object: # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(|(cn=users)(displayname=users) (uid=users))) 2/dev/null dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users The main difference ist the objectclass posixGroup instead of sambaSidEntry. Samba Group Mapping is not a simple task. Your definition with objectclass=sambasidentry is not totally wrong, but the intended use is that you store your posixgroups in /etc/group or in NIS. With an LDAP backend that is not the best approach. Here the three standard definitions with objectclass=posixgroup ### A primary group: posix and windows primary members should NOT stored here dn: cn=teachers,ou=groups,dc=europa,dc=xx cn: teachers objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 1001 sambaSID: S-1-5-21-3958726613-3318811842-4132420312-3003 sambaGroupType: 2 displayName: teachers # getent group teachers teachers:*:1001: # net rpc group members teachers # nothing ### A regular group in posix, a global group in windows members are stored in memberUid dn: cn=DomainAdmins,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: DomainAdmins memberUid: Administrator memberUid: root description: Netbios Domain Administrators sambaSID: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 2 displayName: Domain Admins # getent group domainadmins DomainAdmins:*:512:Administrator,root # Asking for the Windows name, which is stored in displayName # net rpc group members domain admins EUROPA\Administrator EUROPA\root # Asking for the posix name, which is stored in cn # net rpc group members domainadmins EUROPA\Administrator EUROPA\root ### A windows/samba builtin group no posix members Windows members must be stored in sambaSIDList. These type of groups will be used in Windows OS (client and/or server) # ldapsearch -LLLY external -H ldapi:/// ((objectclass=sambaGroupMapping)(cn=administrators)) 2/dev/null dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators # getent group administrators Administrators:*:544: # net rpc group members administrators EUROPA\Domain Admins ### -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Hai, The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my problems also. Louis -Oorspronkelijk bericht- Van: andrej.si...@gmail.com [mailto:samba-boun...@lists.samba.org] Namens Andrej Šimko Verzonden: vrijdag 23 november 2012 9:11 Aan: samba@lists.samba.org Onderwerp: [Samba] Samba PDC group list empty Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. Here is my config: Debian Squeeze: ii samba 2:3.5.6~dfsg-3squeeze8 SMB/CIFS file, print, and login server for Unix ii samba-common2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-common-bin2:3.5.6~dfsg-3squeeze8 common files used by both the Samba server and client ii samba-doc 2:3.5.6~dfsg-3squeeze8 Samba documentation /etc/samba/smb.conf [global] dos charset = CP852 unix charset = UTF8 display charset = UTF8 workgroup = EXAMPLE server string = %h server map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1/ pam password change = Yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* syslog = 0 time server = Yes log file = /var/log/samba/samba.log log level = 3 max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u delete user script = /usr/sbin/smbldap-userdel %u -r %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat domain logons = Yes os level = 10 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=example,dc=sk ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=sk ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d map acl inherit = Yes case sensitive = No hide unreadable = Yes map hidden = Yes map system = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0700 browseable = No path = /data/samba/homes [netlogon] comment = Network Logon Service path = /data/samba/netlogon read only = No guest ok = Yes locking = No share modes = No [profiles] comment = Users profiles path = /data/samba/profiles read only = No create mask = 0600 directory mask = 0700 hide files = /desktop.ini/ browseable = No /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat ldap group: compat ldap shadow: compat ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis /etc/ldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. host 127.0.0.1 base dc=example,dc=sk binddn cn=admin,dc=example,dc=sk bindpw secret bind_policy soft pam_password exop timelimit 15 nss_base_passwd ou=Users,dc=example,dc=sk nss_base_shadow ou=Users,dc=example,dc=sk nss_base_group ou=Groups,dc=example,dc=sk net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 net groupmap list Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain Admins Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) - Domain Users Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain Guests Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators The strange thing is, if I try on Win XP to search groups, i see in logs: smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S -1-5-21-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter =
Re: [Samba] Samba PDC group list empty
On 18:32:29 wrote Andrej Šimko: Dear samba users, I have very strange problem. I have Samba PDC up and running, but only thing is missing. I cannot see any Domain Groups at all. ... net getdomainsid SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780 SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955 net groupmap list Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain Admins Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) - Domain Users Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain Guests Domain Computers (S-1-5-21-2390795950-2727105968-4008069955-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators The strange thing is, if I try on Win XP to search groups, i see in logs: smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-2 1-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-2 1-2390795950-2727105968-4008069955*))],scope = [2], pagesize = [1024] smbldap_search_paged: base = [dc=example,dc=sk], filter = [((objectclass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=S-1-5-3 # net help rpc group Usage: net rpc group Alias for net rpc group list global local builtin net rpc group add Create specified group net rpc group delete Delete specified group net rpc group addmem Add member to group net rpc group delmem Remove member from group net rpc group list List groups net rpc group members List group members net rpc group rename Rename group # net -U root rpc group members Administrators EUROPA\Domain Admins view this output: # ldapsearch -xLLL '((objectclass=sambaGroupMapping)(sambaGroupType=4) (sambaSID=S-1-5-32*))' dn: cn=Administrators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 544 cn: Administrators memberUid: Administrator description: Netbios Domain Members can fully administer the computer sambaSID: S-1-5-32-544 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-512 sambaGroupType: 4 displayName: Administrators dn: cn=users,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 545 cn: users description: Netbios Domain Users sambaSID: S-1-5-32-545 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-513 sambaGroupType: 4 displayName: Users dn: cn=guests,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 546 cn: guests memberUid: nobody description: Netbios Domain Guests sambaSID: S-1-5-32-546 sambaSIDList: S-1-5-21-3958726613-3318811842-4132420312-514 sambaGroupType: 4 displayName: Guests dn: cn=AccountOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 548 cn: AccountOperators description: Netbios Domain Users to manipulate users accounts sambaSID: S-1-5-32-548 sambaGroupType: 4 displayName: Account Operators dn: cn=PrintOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 550 cn: PrintOperators description: Netbios Domain Print Operators sambaSID: S-1-5-32-550 sambaGroupType: 4 displayName: Print Operators dn: cn=BackupOperators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 551 cn: BackupOperators description: Netbios Domain Members can bypass file security to back up files sambaSID: S-1-5-32-551 sambaGroupType: 4 displayName: Backup Operators dn: cn=Replicators,ou=groups,dc=europa,dc=xx objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 552 cn: Replicators description: Netbios Domain Supports file replication in a sambaDomainName sambaSID: S-1-5-32-552 sambaGroupType: 4 displayName: Replicators If I try to search in ldap with that filter, I always get zero matches. I also tried to use wbinfo, wbinfo -u list all my users, wbinfo -g list is empty. If I try getent passwd and getent group I see all my users and groups. Can somebody help me with this? Thank you! -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
On 30/08/12 18:57, Gaiseric Vandal wrote: I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John Hi openSUSE's yast has a really nice and little known frontend to LDAP which handles samba objects too. You can point and click your way through adding/deleting samba specific users and groups. It also has an LDAP browser similar to phpldapadmin. I'm not sure if Yast will fire up on Centos but may be worth a look. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and Local Group Policies on XP
What did you use kixtart,poledit...? It seems that you did not set the rights on your netlogon the right way!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von benedikt.wies...@bw-systems.net Gesendet: Montag, 30. Juli 2012 18:39 An: samba@lists.samba.org Betreff: [Samba] Samba PDC and Local Group Policies on XP Hi *, I have reinstalled a server with the newest version of samba and configured it as PDC based on this tutorial (http://www.nicht-blau.de/2010/12/28/howto-samba-3-5-6-pdc-primary-domain-co ntroller-und-windows-7-2/). I then copied the old profiles folder onto the new server and set the permissions. But however before the reinstallation every Domainuser in the Domain accepted the Group Policies I set up at every Win XP computer (i.e. Setting a specific Wallpaper, Setting a specific design, deny access to system controls) and now they are consequently ignored. Example: I log on as Administrator (locally): - I have no access to system controls - I have my Wallpaper - I have my Design (Group policies are working) I log on as Domainuser: - I have full rights, I can do everything - I have a blue Wallpaper - Nothing happened to the design What the hell is going wrong? Why does a Domainuser has more rights than the administrator and why does the group policies do nothing? I hope somebody can help me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
On 02/16/12 06:21, Dermot wrote: 2012/1/31 Jiří Procházka jiri.procha...@norbou.com: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. ... Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). ... I have had similar problems. I was referred to the message in the mailing list archive [1]. I have applied what was described - used gpedit.msc - this but I am still experiencing slow login times, exactly 40 seconds on each workstation. I just checked on one workstation where the user had a jpeg as his desktop background, I mention this because there are references to a Window7 bug about slow login and a plain desktop, and that has the correct group policy setting and still the login time was exactly 40 seconds. I too be interested in hearing what others have to say on this. Thanks, Dermot. 1) http://www.mail-archive.com/samba@lists.samba.org/msg104494.html Are you using roaming profiles ? Are you using offline folders- I had problems with offline folders and Windows 7- it could break offline authentication. Does the Windows event log show anything about problems locating a domain controller? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy tony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
If your NIS passwd file did NOT have a valid password, maybe samba or unix was rejecting logins as a security measure. On 03/12/12 13:33, Simon Matthews wrote: On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloytony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grepusername/etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Monday 12 March 2012 17:33:28 Simon Matthews wrote: On Sun, Mar 11, 2012 at 4:09 AM, Tony Molloy tony.mol...@ul.ie wrote: On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files Removing the nis entry from shadow: in /etc/nsswitch.conf solved the issue. I don't understand why, but it did . Simon The shadow file /etc/shadow stores the passwords associated with the entries in the password file /etc/passwd. It has nothing to do with the NIS password database which stores the passwords in the actual database entries. Tony That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sunday 11 March 2012 05:31:35 Simon Matthews wrote: On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. I've got a very similar setup to you. Except I use a smbpasswd file. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd So far all the same. ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Why duplicate the password entries. I just have them in NIS and /etc/passwd just has the system passwords. Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Don't really uinderstand what you mean by domain logins 1. Create the user under linux first 2. Use smbpasswd to add the user to samba You now have a user in both linux and samba but remember the passwords are stored separately, changing one does not change the other. 3. Edit /etc/nsswitch.conf. Set passwd:files nis shdow: files That works for me. YMMV Tony Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was passwd -r nis - not sure about linux.Probably better to just disable password sync. From: Simon Matthews [mailto:simon.d.matth...@gmail.com] Sent: Friday, March 09, 2012 4:04 PM To: gaiseric.van...@gmail.com Cc: samba@lists.samba.org Subject: Re: [Samba] samba PDC/NIS client On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. Yes. Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Sat, Mar 10, 2012 at 4:24 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Do you have password sync enabled?If password sync is enabled, samba will try to use the passwd command to set the unix password. But with nis, you probably might need something nis specific. On solaris it was “passwd –r nis” - not sure about linux.Probably better to just disable password sync. No, I don't have this option enabled. I am not sure how it is relevant. Problem summary: The samba PDC is an NIS client getent passwd retruns the passwd data. The user's SAMBA password was set using smbpasswd The user's NIS passwd was set using yppasswd ALL I had to do to allow domain logins was: ypcat passwd | grep username /etc/passwd Note that after copying the user details to /etc/passwd, the password that was set with smbpasswd was the password that was used with the successful domain login. Simon ** ** ** ** ** ** *From:* Simon Matthews [mailto:simon.d.matth...@gmail.com] *Sent:* Friday, March 09, 2012 4:04 PM *To:* gaiseric.van...@gmail.com *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] samba PDC/NIS client ** ** ** ** On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.com wrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? ** ** Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) ** ** How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables* *** 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. ** ** Yes. ** ** Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon ** ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ** ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? How about getent shadow (assuming a linux machine and not solaris, and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Are you missing the : in the nsswitch.conf entries? Are your user names all in lower case? Are they all 8 characters or under. On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC/NIS client
On Fri, Mar 9, 2012 at 6:15 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: I don't think is this a samba issue. Samba accounts need to have a corresponding unix account. Shouldn't matter if they are in NIS or /etc/passwd. If you have users in both it could get a problem. Is getent passwd really showing the users from NIS? Yes. In fact, for those users who are in both the /etc/passwd and nis tables, it shows both entries (and the details match between both entries) How about getent shadow (assuming a linux machine and not solaris, No, this only shows the users with entries in /etc/shadow. However: 1. getent passwd includes the hashed passwords of users in the nis tables 2. It was not necessary to add the user to /etc/shadow in order to allow samba domain logins. All I had to do was add the user to /etc/passwd. and probably doesn't matter anyway.) Do you have an /etc/nsswitch.conf entry for shadow: files nis Yes Are you missing the : in the nsswitch.conf entries? No. Are your user names all in lower case? Are they all 8 characters or under. Yes. Simon On 03/08/12 22:46, Simon Matthews wrote: I have a server which is a samba PDC and has recently been converted to an NIS client. For historic reasons, many users login information is in the local machine's /etc/passwd and /etc/shadow files. samba is set up to use a tdbsam database. I got the first indication of problems when I tried to add a user using the smbpasswd -a command. I found that smbpasswd would not recognize the user unless either the username was in the /etc/passwd file, or I changed /etc/nsswitch.conf from passwd compat TO: passwd files nis However, if I make the latter change, the user cannot log into any Windows machines that are controlled by my PDC. To allow logins, all I have to do is ypcat passwd | grepusername/etc/passwd After this, the user can log in. Is there any configuration of samba that will allow it to properly recognize user data from the NIS map and not require the user to be listed in the /etc/passwd file? Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
2012/1/31 Jiří Procházka jiri.procha...@norbou.com: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. ... Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). ... I have had similar problems. I was referred to the message in the mailing list archive [1]. I have applied what was described - used gpedit.msc - this but I am still experiencing slow login times, exactly 40 seconds on each workstation. I just checked on one workstation where the user had a jpeg as his desktop background, I mention this because there are references to a Window7 bug about slow login and a plain desktop, and that has the correct group policy setting and still the login time was exactly 40 seconds. I too be interested in hearing what others have to say on this. Thanks, Dermot. 1) http://www.mail-archive.com/samba@lists.samba.org/msg104494.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with Windows 7 support request
Have you tried these settings (posted here about a year ago)? When the following local GPO is left in its default setting Samba domain logons are delayed for 30 seconds: Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if the user has a roaming user profile or remote home directory. Enable this and set the value to 0 to work around this timeout. The timeout does not occur when logging into an Active Directory PDC running Server 2008 R2. I have not tested this with w2k8 R2 client. In addition, if the user's desktop is set to a solid background color logons of any kind (local, AD, samba) will be delayed by 30 seconds. Set the background to any .jpg image or apply Microsoft's hotfix to work around this issue. This is a cumulative timeout; that is, if the above timeout is in affect and the solid background color timeout is also in affect the delay is 60 seconds. I also experienced a 30 second timeout when I set the local GPO to Run logon scripts synchronously. This problem has inexplicably vanished and I can't replicate it though I don't see it listed in any Windows 7 updates. Might have been happening to me with Windows 7 PRO. I'll check that if anyone is interested. The fix was to apply an old Vista reg setting. Can be Googled as Vista Run logon scripts synchronously. Marc Cain On Jan 31, 2012, at 11:45 AM, Jiří Procházka wrote: Dear Samba support team, I have a question on Samba 3.5.8 please, which is not solved by searching the forums. I tried all suggested solutions, but nothing take effect. Situation: - small public school - We have Ubuntu Server 11.04 64-bit - Samba 3.5.8 as PDC - Windows XP and Windows 7 Pro SP1 clients - On Windows XP everything works. Login is quick and reliable there. Problem: But our problem is with Windows 7 domain clients, where login and logout takes more than 1,5 minute with clear user profile. Yes, we have only 100 Mbit LAN, but why XP can operate so much faster? We are using Aero with background images, but logon locally is very fast. Only using travel profiles is very slow. I have tried: - Disable IPv6, - Disabled UAC - set policies time to wait on server, - I applied all performace recommended settings suggested at samba.org for Windows 7 (http://wiki.samba.org/index.php/Windows7) Very similar post I have found here: https://bugzilla.samba.org/show_bug.cgi?id=8300 Domain users experience a slow login performance on Windows 7 clients that are joined into a samba domain (Samba version 3.5.4). The Windows 7 client was joined successfully into the domain with the Windows 7 registry settings adjusted according to http://wiki.samba.org/index.php/Windows7 (DomainCompatibilityMode = 0 and DNSNameResolutionRequired = 0). We need solve this bug, in other case we can’t use Samba as PDC and we must change the platform. Please put this request on free support boards or send me an offer for paid support. Can help adding this to GLOBAL section? domain master = yes local master = yes preffered master = yes os level = 64 Thanks a lot, I hope I’m not disturbing main Samba developers, With best regards, Jiri Prochazka Teacher from Waldorf high school in Prague Czech and English only :-) smb.conf-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC cluster with RHCS
If you running samba3 you will need to setup a bdc to take over business of your pdc. Or a real time synced pdc copy on the other node that starts up when the real pdc is going down. In cases of ha I made also best experiences with samba4 in replication mode. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Md. Shyfur Rahman Gesendet: Sonntag, 11. Dezember 2011 19:04 An: ob...@samba.org Cc: samba@lists.samba.org Betreff: [Samba] Samba PDC cluster with RHCS Dear Sir, I have implemented Samba PDC. Its working fine. But o do Highly Available, I have been trying to make it in 2 node cluster. Everything is running fine. But facing a problem, which I want to share. When I shift PDC to another cluster node. Everything is shifting fine. But my existing user can not log in. The can logged in again if I rejoined that mechine again to domain. I am explaining little bit more. Suppose user X can log in to my ClusterNode 1 PDC from a machine Y. If my ClusterNode 1 goes down all the resources are shifting to the ClusterNode 2. When user X try to log in from the same machine Y. X cant. I need to rejoined machine Y to the ClusterNode 2 then user X can log in. My believe. I will get a solution from you. Please. -- Rgds. *Shyfur* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC disabling roaming profiles
Hi all, I have tested it with several users (with winxp and win7) and it works fine. Hope that helps anyone who has this problem, Greetings, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi again, I have found this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660484 In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. Anyone can confirm that this is right? can I have problems with existing profiles? Thanks, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi All, I recently have updated my samba server to 3.3.7-1. I use this server as PDC of my Windows Domain, The problem is that the profiles of the server are saved in the home dir of the users. The users have a lot of GigaB so I want to disable this feature. I have read ( http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/, for example) that this feature is disabled in the client side but I have a lof of them. So my question is if is there any way to disable it on the server side, Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC disabling roaming profiles
Hi again, I have found this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2660484 In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. Anyone can confirm that this is right? can I have problems with existing profiles? Thanks, ESG 2011/10/11 ESGLinux esggru...@gmail.com Hi All, I recently have updated my samba server to 3.3.7-1. I use this server as PDC of my Windows Domain, The problem is that the profiles of the server are saved in the home dir of the users. The users have a lot of GigaB so I want to disable this feature. I have read ( http://www.linuxquestions.org/questions/linux-general-1/samba-pdc-without-roaming-profiles-2-a-47604/, for example) that this feature is disabled in the client side but I have a lof of them. So my question is if is there any way to disable it on the server side, Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
So, your samba PDC is acting as WINS (better way samba4wins=full working wins server oan a sanba basis). Why don't you set the wins settings in your windows 7 clients? Why do you need remote announce=...? On Wed, 27 Jul 2011 16:42:28 +0200, Jubacca juba...@ngi.it wrote: Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC 3.4 + wins server
Linux Ubuntu 10.04 LTS - I used the package of distribution. On 27/07/2011 16.18, Gaiseric Vandal wrote: On 07/27/2011 05:52 AM, Jubacca wrote: Hi , I use Samba 3.4.7 PDC + ldap backend . I can't put the machine if I don't specify the wins server on Pc-client. I try different name resolve order , but nothing change ? Can you help me ? My global is : [global] workgroup = workgroup netbios name = SERVER server string = Server Samba wins support = yes browse list = Yes remote announce = 10.0.0.255/workgroup lm announce = yes lm interval = 30 dns proxy = yes hosts allow = 127.0.0.1 10.0.0.1/255.255.255.0 name resolve order = wins lmhosts host bcast # name resolve order = bcast host lmhosts wins interfaces = bond0 , eth1 ,lo bind interfaces only = no log file = /var/log/samba/%U.%m.log log level = 0 passdb:6 auth:10 vfs:5 acls:3 msdfs:3 max log size = 5000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user username map = /etc/samba/usermap case sensitive = no encrypt passwords = true enable privileges = yes passdb backend = ldapsam:ldap://server:389/ ldap admin dn = cn=admin,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmap ldap ssl = off ldap delete dn = nomap to guest = bad user domain logons = yes domain master = yes local master = yes preferred master = yes os level = 255 logon path = \\%N\profiles\%U logon drive = S: logon home = \\%N\%U logon script = logon.bat add user script = /usr/sbin/smbldap-useradd -a -m %u delete user script = /usr/sbin/smbldap-userdel %u add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g printing = cups socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 time server = yes null passwords = no idmap backend = ldap:ldap://server:389/ obey pam restrictions = yes ldap passwd sync = yes unix password sync = no passwd program = /usr/sbin/smbldap-passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes What OS? Did you compile from source? I ran into the following weird issue once: Two servers with samba bundled with the OS. One server with samba compiled from source. Windows machines connecting from VPN- with the firewall blocking netbios traffic. The Windows clients could connect by name to the 1st 2 servers, but only by IP to the 3rd one, even tho DNS name resolution worked. (I could add an lmhosts entry on the client but this is clunky.) This indicated to be that the server does try to resolve client names or ip's and that something I did when I compiled samba broke this functionality. Snooping traffic DID show the client reaching the server but some sort of handshaking NOT completing. I would turn up the general log level. I would also snoop traffic for a client with out WINS to see if it is even locating the samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP + Windows 7 user name length
On Tue, Apr 19, 2011 at 08:54:18AM +0200, Joan Antoni Torres wrote: Hello, We have the following configuration: - OpenLDAP 2.4.21 - Samba 3.5.2 - Windows 7 x64 - Roaming Profiles We have 2500 users and format of usernames are: name.firtsname.secondname (Spanish has first and second name) Windows 7 clients are joined to the Samba domain. Everything works fine, users can logon in Samba domain, network volumes (F: , G: ...) are mapped correctly and the user profile is stored on the server at user logoff. What is wrong? We have problems when the username is longer than 19 characters. These users, can't logon, they see next error in the screen: https://bugzilla.samba.org/show_bug.cgi?id=7343 This is known and sounds VERY much like a Win7 bug. You might contact Microsoft about this. I've tried without success. With best regards, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:00, schrieb TAKAHASHI Motonobu: From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 17:34:35 +0100 You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... (snip) smb.conf (snip) ls -lR /home/samba/profile (snip) At first you had better try a simple settings like me. To look at your smb.conf, I tried with the smb.conf below: - [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\%L\profiles\%U hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes - and although still my user can create profile dirs and files... --- TAKAHASHI Motonobu mo...@monyo.com Hi, i have reduced my smb.conf a bit :) now it works. is there any option you would recommend to set for an PDC? Greetings and many many thanks for your hints. juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
sorry, forgot to add my smb.conf [global] printing = bsd workgroup = workgroup map to guest = bad user domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon script = %U.bat hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] comment = Home Directories browseable = no writeable = yes # valid users = %S [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no failure was the commented # line. cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... -- Marco Ciampa ++ | Linux User #78271 | | FSFE fellow #364 | ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echter j.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:21, schrieb Marco Ciampa: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... ok, seems i need to figure out how this has to be done... greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, Doctor Mirabilis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? no, i want to have a profile dir created when a new created user logs in. that's it. :) in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile should be working for automagic creation. is there an special option on that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 11:50, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user first logs in, if you have the right permissions on the profile share. It is possible to set the permissions/acls such that this doesn't allow users to read or interfere with each other's profiles. You only need to create it yourself if you want to preload it with some data. Is this what you need to do? ah maybe this is interesting too [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You must add root preexec to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от J. Echter j.ech...@elektro-mayer-echter.de: Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Мой Мир@Mail.Ru в твоем мобильном! Просто зайди с телефона на m.mail.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
thats what i did. maybe there's something else wrong with my profiles definition in this case? [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes root preexec = /usr/local/bin/mkprofiles.sh %u %g Am 16.03.2011 12:16, schrieb Wasil: You must add root preexec to the Section [profiles] my section [profiles]: comment = Network Profiles Service #path = %H path = /data2/profiles read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 write list = @DomainUsers @root root preexec = /usr/local/bin/mkprofile.sh %u %g Wed, 16 Mar 2011 12:04:40 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Am 16.03.2011 11:33, schrieb Wasil: Hi You must have something like this: in smb.conf^ [profiles] . root preexec = /usr/local/bin/mkprofile.sh %u %g mkprofile.sh: #!/bin/sh PROFILE=/data2/profiles/$1 if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE chown $1:$2 $PROFILE fi Wed, 16 Mar 2011 11:09:59 +0100 письмо от J. Echterj.ech...@elektro-mayer-echter.de: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? script commands i added: add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines this is running on Ubuntu 10.04-LTS server greetings Juergen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Hi, thanks for the hint. but the profile dir doesn't get created. i edited the path in the script and gave it chmod u+x (to be sure :) ) still nothing created. if i run the script by hand it works. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user directory on the profiles share when the user first logs in. As far as I can see, your share definition and directory permissions are sufficient. What do you have in your logon path setting in smb.conf? And can you see anything in the logs? in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba Um, if that's the /home/samba directory from your /home/samba/profile/%username profile path, then you've set the permissions there insecurely; ordinary users don't need to be creating directories in /home/samba, so you shouldn't need any more than 755 (or even 751) permissions there. drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile Assuming that is /home/samba/profile, then I would recommend you change the permissions from 777 to 1777. It's a minor point and doesn't have anything to do with your problem. If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? -- Bruce Explota!: miles de lemmings no pueden estar equivocados. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 11:21:42AM +0100, Marco Ciampa wrote: IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... I think it is probably a bad idea to do this with a script unless you have some good reason to need it. The auto-creation of the directory shows you that profiles are working properly. -- Bruce I unfortunately do not know how to turn cheese into gold. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user directory on the profiles share when the user first logs in. As far as I can see, your share definition and directory permissions are sufficient. What do you have in your logon path setting in smb.conf? And can you see anything in the logs? [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no imho nothing belongs to the problem. i increased log level = 12 meanwhile in my setup it doesnt get created. permission: drwxrwxrwx 4 root root4096 Feb 12 10:51 samba Um, if that's the /home/samba directory from your /home/samba/profile/%username profile path, then you've set the permissions there insecurely; ordinary users don't need to be creating directories in /home/samba, so you shouldn't need any more than 755 (or even 751) permissions there. drwxrwxrwx 16 root root 4096 Mar 16 11:50 profile Assuming that is /home/samba/profile, then I would recommend you change the permissions from 777 to 1777. It's a minor point and doesn't have anything to do with your problem. If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? permissions are set :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? sorry didn't mention this, nothing is copied to the manually added dir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 04:17:05PM +0100, J. Echter wrote: Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories manually and then a user logs in, does the user's profile information then appear in their profile directory? sorry didn't mention this, nothing is copied to the manually added dir. Does the manually added dir have the correct ownership? Has it been chown-ed to the right user and do they have write access? If the answer to those questions yes but nothing is being copied up, then your problem is that the user workstations are not looking in the correct place. Either your domain controller is not advertising the correct location, or it isn't advertising *any* location for profiles. -- Bruce I see a mouse. Where? There, on the stair. And its clumsy wooden footwear makes it easy to trap and kill. -- Harry Hill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? Are you sure you have actually activated domain logins? It is possible that you have simply set up a stand-alone file server. For the PDC to be working properly, you need security = user domain master = yes domain logons = yes -- Bruce A problem shared brings the consolation that someone else is now feeling as miserable as you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 16:55, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? sorry, logon path = \\%L\profile\%U Are you sure you have actually activated domain logins? It is possible that you have simply set up a stand-alone file server. For the PDC to be working properly, you need security = user domain master = yes domain logons = yes this is all set. if i add my users manually (adduser, make profile dir), it works. i also set the permissions to the regarding testuser user profile dir. drwx-- 2 testerroot4096 Mar 16 14:41 tester greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 11:09:59 +0100 i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: From: J. Echterj.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 11:09:59 +0100 i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. Any hints on that? You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes [homes] comment = Home Directories browseable = no valid users = %S writeable = yes create mode = 0600 directory mode = 0700 [profile] comment = Profildateien path = /home/samba/profile guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writeable = no share modes = no ls -lR /home/samba/profile /home/samba/profile: total 60 drwx-- 16 info root4096 Mar 16 16:48 info drwx-- 15 root root4096 Oct 28 11:10 root all manually added users are logged in fine, and all get their profile dir loaded from pdc. thanks, and greetings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 17:21, schrieb TAKAHASHI Motonobu: - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com sorry again, something missing... i have to handle ringing telephones... i added a user like you did pdbedit -v bla Profile Path: \\pdc\profile\bla login as this user and logout again, no profile dir is created. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
From: J. Echter j.ech...@elektro-mayer-echter.de Date: Wed, 16 Mar 2011 17:34:35 +0100 You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... (snip) smb.conf (snip) ls -lR /home/samba/profile (snip) At first you had better try a simple settings like me. To look at your smb.conf, I tried with the smb.conf below: - [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\%L\profiles\%U hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes profile acls = yes - and although still my user can create profile dirs and files... --- TAKAHASHI Motonobu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC adding new user, profile dir is not created
Am 16.03.2011 18:02, schrieb t...@tms3.com: You should show us enough information for us to re-produce such as all content of smb.conf and related settings: In my lab, profile dir is successfully created. My env is... - Debian lenny (hostname is lenny5) + self-compiled Samba 3.5.6 - my smb.conf and shares --- [global] workgroup = SAMBA domain logons = yes add machine script = useradd %u map to guest = bad user logon path = \\lenny5\profiles\%U [homes] writeable = yes browseable = no [profiles] path = /var/lib/samba/shares/profiles guest ok = yes browseable = no create mask = 0600 directory mask = 0700 writeable = yes --- # ls -lR /var/lib/samba /var/lib/samba/: total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles - Created a user: # useradd -d /var/home/test01 test01 # smbpasswd -a test01 # pdbedit -v test01 ... Profile Path: \\lenny5\profiles\test01 ... - When I logon as test01 from Windows XP workstation which is already joined to the SAMBA domain and logoff, profiles are created like: # ls -lR /var/lib/samba total 4 drwxr-xr-x 6 root root 4096 2011-03-15 20:48 shares /var/lib/samba/shares: total 16 drwxrwxrwx 6 root root 4096 2011-03-17 01:07 profiles /var/lib/samba/shares/profiles: total 16 drwx-- 13 test01 test01 4096 2011-03-17 01:08 test01 /var/lib/samba/shares/profiles/test01: total 568 drwx-- 3 test01 test01 4096 2010-10-11 01:10 Start Menu drwx-- 2 test01 test01 4096 2010-10-11 01:10 Desktop drwx-- 4 test01 test01 4096 2011-03-17 01:08 Application Data drwx-- 2 test01 test01 4096 2010-10-11 01:18 Cookies drwx-- 3 test01 test01 4096 2011-03-17 01:08 Favorites drwx-- 4 test01 test01 4096 2011-03-17 01:08 My Documents drwx-- 2 test01 test01 4096 2010-10-11 01:10 NetHood -rw--- 1 test01 test01 524288 2011-03-17 01:08 NTUSER.DAT -rw--- 1 test01 test01 1024 2011-03-17 01:08 ntuser.dat.LOG -rw--- 1 test01 test01270 2011-03-17 01:08 ntuser.ini ... --- TAKAHASHI Motonobumo...@monyo.com smb.conf [global] printing = bsd netbios name = PDC server string = PDC (%h) workgroup = workgroup interfaces = eth0,lo security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . local master = yes preferred master = yes os level = 200 domain master = yes domain logons = yes add user script = /usr/sbin/useradd -m '%u' -g ntusers -G ntusers -s /bin/false delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' -g machines logon path = \\%L\profile\%U logon drive = h: logon script = %U.bat profile acls = yes hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/ wins support = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 log level = 12 panic action = /usr/share/samba/panic-action %d use sendfile = yes Where is your profile path? on /files/samba -- symlinked to /home/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC Exchange 2000 Server
On Sat, 2011-02-05 at 07:18 -0500, Gaiseric Vandal wrote: exchange 2000 requires Active Directory. I would guess MAYBE you could use Samba 4. BUt I don't know if Samba 4 supports all the account attributes that Exchange would require. I would guess not. Yes, Samba4 intends to support Exchange. Any issues with the exchange install failing are bugs we want to fix. Certainly we have reports of exchange-supporting AD environments being imported into Samba4, but I don't know if folks have used Exchange itself directly against Samba4. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC Exchange 2000 Server
exchange 2000 requires Active Directory. I would guess MAYBE you could use Samba 4. BUt I don't know if Samba 4 supports all the account attributes that Exchange would require. I would guess not. postfile/amavis/spamassasin/mail relaying would be topics for forums. Windows 2000 is no longer supported my Microsoft. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Dave Wynne Sent: Saturday, February 05, 2011 6:12 AM To: 'samba@lists.samba.org' Subject: [Samba] Samba PDC Exchange 2000 Server I presently have a 2 server system a Sambe PDC and a mail server running Bynari Insight Server and we use Bynari connector to connect our Outlook 2000 clients to the Insight Server. It works well enough. BUT Bynari are stopping support for Outlook 2000. For us the upgrade all our copies of Outlook is expensive and we have all the functionality we need. So, we have MS Server 2000 and Exchange 2000 which we used to use, but had all sorts hacking issues etc when we used it for our Domain and Mail. I've been thinking that we could continue with our Samba PDC and use something like postfix, with amavis and spamassasin to act as a SMTP relay agent to an Exchange 2000 stand alone server which is fully isolated behind our firewall on a protected subnet and use port forwarding to enable Webmail and OpenVPN server to access the mail from outside. Does anyone know how to connect Exchange to Samba Openldap and also what would I have to do to set up postfix, amavis and spamassasin to act as a relay? Any thoughts I'm sure someone has wanted to do this before. I'm loathed to move away from a linux mail server but costs make it attractive. Best regards, Dave Wynne Senior Engineer Artimech Pty. Ltd. MiniFab 1 Dalmore Drive Scoresby, Vic 3179 Australia Tel: (03) 9753 3700 Email:d...@artimech.com.au Please Visit Our Website www.artimech.com.au Information Contained Within This Communication Is Private and In Confidence -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 Daniel Müller muel...@tropenklinik.de: For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: Once I examined, joining Windows 7 with Samba 3.2 series failed. So I believe Windows 7 cannot join to Samba 3.2 series domain. Looking at your post, I examined again. And as you said, Samba 3.2.15 looks good with Windows 7. As I examined yesterday, Windows 7 cannot join to Samba 3.2.11, can join to Samba 3.2.12 and Samba 3.2.15. In the registry, modified these 2 entiries only: DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: smb.conf is: - [global] workgroup = SAMBADOM domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
Am 2011-01-14 07:55, schrieb Daniel Müller: For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] “LmCompatibilityLevel”=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 Hi Daniel! Can you tell me what update=no does? regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/13/2011 12:04 PM, TAKAHASHI Motonobu wrote: You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - Thanks, I completely overlooked this and that was the trick. All issues resolved now and have joined my Win7, Win2003 server and Ubuntu Linux boxes all to my new Samba PDC :) This Samba PDC seems more robust than any NT4 network I remember, browsing is flawless, works great, nice work to the team and contributors ;) -- Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. Actually the error message shows that joining the domain is failed, though joining itself was succeeded. If your Samba's version is under 3.3.1, then you cannot avoid this error message, upgrading Samba is needed. If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/13/2011 6:42 AM, TAKAHASHI Motonobu wrote: Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. Actually the error message shows that joining the domain is failed, though joining itself was succeeded. If your Samba's version is under 3.3.1, then you cannot avoid this error message, upgrading Samba is needed. If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. I removed the computer and smbldap-userdel the computer name from LDAP, restarted the workstation and tried again. This is what I see in the workstation log... [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ [2011/01/13 09:24:48.048892, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ [2011/01/13 09:24:58.405131, 0] lib/util_sock.c:474(read_fd_with_timeout) [2011/01/13 09:24:58.405404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Socket is not connected read_fd_with_timeout: client 0.0.0.0 read error = Socket is not connected. I also get the following in the IP address log, but this may be shortly before re-joining... [2011/01/13 09:24:38.228048, 0] lib/util_sock.c:1626(get_peer_name) Matchname failed on COLUMBUS-LAPTOP.WEBTENT 192.168.1.72 Can you help me understand these errors or what else I should check? Thanks again, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u For smbldap-tools add machine script = /usr/local/sbin/smbldap-useradd -W '%u' - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
For some reasons and tried it many times. I did not have any problems joining windows 7 with samba 3.2.15 and up with: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para meters] DomainCompatibilityMode=dword:0001 DNSNameResolutionRequired=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] LmCompatibilityLevel=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] Update=no DisablePasswordChange=dword: MaximumPasswordAge=dword:001e RequireSignOrSeal=dword:0001 RequireStrongKey=dword:0001 SealSecureChannel=dword:0001 SignSecureChannel=dword:0001 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von t...@tms3.com Gesendet: Donnerstag, 13. Januar 2011 18:37 An: TAKAHASHI Motonobu Cc: Samba; Robert Fitzpatrick Betreff: Re: [Samba] Samba PDC 2011/1/14 TAKAHASHI Motonobu mo...@monyo.com: 2011/1/13 Robert Fitzpatrick li...@webtent.net: If your Samba's version is 3.3.2 - 3.3.4, then the additional settings below are needed: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 I am using Samba 3.5.6 and the registry entries above are as you show currently. As I mentioned, - If your Samba's version is 3.3.5 - and the registries above are set, remove them and try again. - You must set these 2 entries below: - HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 - You must not set these 2 entries below: - DWORD RequireSignOrSeal = 0 DWORD RequireStrongKey = 0 - In my knowledge, your error messages: [2011/01/13 09:24:48.031223, 0] rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client COLUMBUS-LAPTOP machine account COLUMBUS-LAPTOP$ occurs if you do not correctly set these 4 entries. If you still have problem, I recommend to examine with simple settings (not to use LDAP) like: - [global] workgroup = WEBTENT domain logons = yes add machine script = useradd %u [homes] writeable = yes browseable = no - If your Windows 7 can join to Samba domain with the settings above, at least you could know that Windows 7 registries are correctly set. Sorry, under FreeBSD, use - add machine script = /usr/sbin/pw useradd %u For smbldap-tools add machine script = /usr/local/sbin/smbldap-useradd -W '%u' - instead of - add machine script = useradd %u - --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
2011/1/13 Robert Fitzpatrick li...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote: 2011/1/13 Robert Fitzpatrickli...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. --Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
On 1/12/2011 11:18 AM, TAKAHASHI Motonobu wrote: 2011/1/13 Robert Fitzpatrickli...@webtent.net: OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When I try to become a member of 'webtent.org' on my Windows 7 Ultimate to the PDC, I get the following error... DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain webtent.org: (snip) Anyone know what I am or could be doing wrong? Thanks for any help! Read at: http://wiki.samba.org/index.php/Windows7 And remember Samba 3 PDC is compatible with Windows NT Server, not with Active Directory. Thanks, I was able to join the domain, but when trying to logon, I get another error... the trust relationship between this workstation and the primary domain failed What can cause this? I have the computer name in LDAP, it was created when I joined the domain. I found that a properly configured WINS server solved many of these problems for me with Samba3.x/LDAP and Win7. --Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
Pedro Rafael Alves Simoes wrote: I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. Could someone give me some lights in how I can circumvent this problem? Would quota's help? Limit their space in their profiles and they'll manage the problem ? Folder redirection, as someone else mentioned -- put their desktop in drive H:\share. Might be able to CSC (ClientSideCaching) to speed up access to their desktop and such... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
--- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On 06/24/2010 07:04 AM, Pedro Rafael Alves Simoes wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? Thanks. You need folder redirection. Read chapter 5 of my book Samba3-ByExample http://www.samba.org/samba/docs/Samba3-ByExample.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
Roaming profiles with folder redirection... Regards Carl t...@tms3.com wrote: --- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On Thu, Jun 24, 2010 at 2:04 PM, Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. 1. Do not store mail locally, you will lose mail if you do. Use a central imap server for instance, it's also much easier for backups; 2. I set the user's desktop to readonly with cacls in the logon scripts, problem solved (get yourself management's approval before you try this, explain why it is necessary). If they do not want to listen to you then ... 3. use folder redirection. This is harder to do in a pure samba 3 environment than in AD, but it is certainly doable. Soon, with samba 4 we will have all the group policy goodies :-) -- natxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA PDC LOGIN - UPN (u...@realm) to DOM\USER
--- Original message --- Subject: [Samba] SAMBA PDC LOGIN - UPN (u...@realm) to DOM\USER From: Andrew Grimmett agrimm...@lssidata.com To: samba@lists.samba.org Date: Tuesday, 15/06/2010 7:01 AM I have looked and looked but have not been able to find out how to allow UPN authentication to be processed by a Samba PDC? Is it possible to strip the @domain from the user before authentication at samba or map the UPN user to a dom\username for authentication? Are you certain Xen's NTLM Auth is not adding this? Thanks, Andrew LOGS /var/log/samba/log.user: SAM Logon (Interactive). Domain:[domain]. User:[u...@domain@XENDESKTOP1] Requested Domain:[domain] /var/log/samba/log.user: check_ntlm_password: Checking password for unmapped user [domain]\[u...@domain]@[XENDESKTOP1] with the new password interface /var/log/samba/log.user: check_ntlm_password: mapped user is: [domain]\[u...@domain]@[XENDESKTOP1] /var/log/samba/log.user: check_sam_security: Couldn't find user 'u...@domain' in passdb. /var/log/samba/log.user: check_ntlm_password: Authentication for user [u...@domain] - [u...@domain] FAILED with error NT_STATUS_NO_SUCH_USER -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and OpenLdap Debian Lenny, Change IP, Clean cache?
Thanks Olafrv the log is solve. 2010/5/11 ola...@gmail.com: Try rm -rf /var/lib/samba/* ? But make a backup tar.gz before... You don't know where your shadow will fall, Somebody.- Olaf Reitmaier Veracierta (BB) ola...@gmail.com http://olafrv.googlepages.com -Original Message- From: Jose j.se...@gmail.com Date: Tue, 11 May 2010 10:48:11 To: Foro Sambasamba@lists.samba.org Subject: [Samba] Samba PDC and OpenLdap Debian Lenny, Change IP, Clean cache? Hello Sorry for my english I have a PDC with Samba and OpenLdap in Debian 5 lenny. I am testing group, users,policy, net join workstation bla bla bla. results very good. Today change ip static the pdc 192.168.56.101 for new ip address: 192.168.56.102 static. error log in /var/lib/samba/log.nmbd nx-1:/var/lib/samba# /etc/init.d/samba restart Stopping Samba daemons: nmbd[2010/05/10 05:33:50, 0] nmbd/nmbd.c:terminate(68) Got SIGTERM: going down... smbd. Starting Samba daemons: nmbd smbd. lnx-1:/var/lib/samba# [2010/05/10 05:33:53, 0] nmbd/nmbd.c:main(849) nmbd version 3.2.5 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2010/05/10 05:33:53, 0] nmbd/asyncdns.c:start_async_dns(155) started asyncdns process 2921 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:add_logon_names(160) add_domain_logon_names: Attempting to become logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:33:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet UNICAST_SUBNET [2010/05/10 05:33:53, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 05:33:57, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(121) become_logon_server_success: Samba is now a logon server for workgroup DOMINIO.INT on subnet 192.168.56.102 [2010/05/10 05:34:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) * Samba name server LNX-1 is now a local master browser for workgroup DOMINIO.INT on subnet 192.168.56.102 * lnx-1:/var/lib/samba# [2010/05/10 05:34:37, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(336) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DOMINIO.INT, subnet UNICAST_SUBNET. [2010/05/10 05:39:07, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(350) become_domain_master_browser_wins: querying WINS server from IP 127.0.0.1 for domain master browser name DOMINIO.INT1b on workgroup DOMINIO.INT [2010/05/10 05:39:08, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(234) become_domain_master_query_success: There is already a domain master browser at IP 192.168.56.101 for workgroup DOMINIO.INT registered on subnet UNICAST_SUBNET. [2010/05/10 06:13:33, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup DOMINIO.INT at IP 192.168.56.101 failed. Cannot sync browser lists. Old ip 192.168.56.101 new ip 192.168.56.102 How clean cache ip wins in the server pdc? Thanks. -- # # Sistema Operativo: Debian # # Caracas, Venezuela # # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- # # Sistema Operativo: Debian # #Caracas, Venezuela # # -- To unsubscribe from this list go to the following URL and read the
Re: [Samba] Samba PDC: Only one User can't log in
Hi Daniel, When the user attempts to login what message does he get? have you checked the account flags? http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#accountflags On Thu, Apr 8, 2010 at 1:12 AM, Daniel Spannbauer d...@marco.de wrote: Hello, I have a working Samba-PDC with ldap-Backaend. It works fine for all our user, except one user. He can't log in. I can't find an error in ldap (compared his entry with mine) nor in the logfile. Can anybody help me to figure out the cause of this? Here is my smb.conf: [global] workgroup = test netbios aliases = homedirs server string = apollo passdb backend = ldapsam:ldap://10.3.1.3; username map = /etc/samba/smb-user-map log level = 15 log file = /var/log/samba/%m.log debug uid = Yes smb ports = 139 name resolve order = wins host bcast deadtime = 300 printcap name = cups add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon script = logon.bat logon path = \\%L\%U\.ntprofile logon drive = H: logon home = \\%L\%U domain logons = Yes preferred master = Yes local master = No domain master = Yes wins server = gate kernel oplocks = No ldap admin dn = cn=Administrator,dc=test,dc=de ldap group suffix = ou=group ldap machine suffix = ou=Computers ldap suffix = dc=test,dc=de ldap ssl = no ldap user suffix = ou=people create mask = 0775 directory mask = 0775 hide files = /Desktop.ini/desktop.ini/ntuser.ini/NTUSER.*/tmp/RECYCLER/ strict locking = No share modes = No delete readonly = Yes Please find attached the logfile-snipplet. Sorry, but its to big for pastebin. Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- REGARDS, Andy Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Only one User can't log in
Andy schrieb: Hi Daniel, When the user attempts to login what message does he get? I only have the Message in German, I try to translate: you cant get logged on. please check username and domain and retype your password have you checked the account flags? AccountFlag is UX. Regards Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC with group using same desktop
On 03/30/2010 08:54 AM, M. D. wrote: My goal is to have a business with multiple locations, all have the same desktop for a certain user group. The quick Launch programs, Start Menu and Desktop icons should all be the same, and be 'read only' -- meaning they can't change them. I'm using ClearOS for the PDC, and I have it working already as the PDC, but I'm not quite sure how to setup the remote profiles and lock it so end users cannot modify it, and how to have some users be able to log into that profile and do the changes that are needed. This is my first time working with a domain controller, so probably that's my shortcoming. I don't know exactly how/what a domain controller can do. Any help will be greatly appreciated. Regards, MD Samba3 is fully capable of meeting your needs here but this is not in principal a Samba issue. What is needed is a clear understanding of how desktop profiles are used by MS Windows clients. It also requries an understanding of how to use default network logon profiles, roaming profiles, and how to make use of the NT4 policy editor. Samba3 can emulate many ADS Group Policy effects, but it has to be engineered through creative use of the network default login profile and dynamic mapping inside Samba so that the user will obtain the right group profile. As for the mandatory aspect, that is done by renaming the NTUser.DAT file in the profile to NTUser.MAN. I have responded off-line to the poster with further information. Some of the magic here is covered in chapter 5 of my book, Samba3-ByExample - see http://www.samba.org/samba/docs/Samba3-ByExample.pdf Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba PDC upgrade from 3.2.5 to 3.4.7
Also, i found out that only users running windows xp in one of the two interfaces that samba is being accessed are having this trouble. Leonardo Carneiro - Veltrac wrote: Hello everyone. Yesterday i did an almost painless upgrade from samba pdc from 3.2.5 to 3.4.7. I'm running in a Debian Lenny (upgraded from the original package to the backported one). After a few tweaks i found on the web my users, including those who run win7, where able to log in the domain. But now the cannot access the shared folders on the server. Some users can't even open the server share list. There is any major change that prevent users to access the shares that i'm skipping it? Tks in advance and sorry for my poor english. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and Windows XP clients - login timeout after 15 minutes
Hi, X-Dimension wrote: Hi! We are using a Samba PDC with 40 Windows XP clients and have some strange problems. When a user starts his Windows computer and don't login within the next 15 minutes (because he drinks a cup of coffee) and tried to login after that time he get the message, that the server-profile could not be loaded and a temporary profile is used instead. There are absolutely no problems when a user starts his computer and log in within the next 15 minutes, but after this time period he always get the error described above. Any ideas what goes wrong? Sorry, no idea just like that. I'd need your smb.conf and a log file (level 10 if possible) of such a logon process that fails to load the profile from the server. Cheers - Michael THX pgpOauICl8Qvp.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and Windows XP clients - login timeout after 15 minutes
Hallo, Michael, Du meintest am 28.12.09: When a user starts his Windows computer and don't login within the next 15 minutes (because he drinks a cup of coffee) and tried to login after that time he get the message, that the server-profile could not be loaded and a temporary profile is used instead. Any ideas what goes wrong? Sorry, no idea just like that. Just to confuse you a bit more ... I've seen this nasty behaviour on one of my windows clients (on and on); Windows-Anmeldung (no domain). I have to rebuild the network neighborhood via net view \\Se.rv.er.IP. It's only one machine (Windows 2000); the other machines (Windows 2000, Windows XPpro, Windows XP Home) don't lose their neighborhood. Samba 3.2.13 (Samba 3.4.x makes other problems). Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC LDAP and LDAP Aliases
On 2009-12-10 at 14:40 +0100 Ivo Steinmann sent off: For me it looks right! And it's also working, if People and Group aren't aliased. So I guess samba pdc is not resolving aliases. іn the next samba release (not yet in 3.5 ...) you'll be able to tell samba whether and how to do alias dereferencing. But you should be able to tell the ldap library to do that by default, too - see ldap.conf(5). That would also make your -a option in ldapsearch obsolete. Cheers Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC upgrade / hardware replacement results
i think that testparm will show if any options are depreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP, Jaunty: Can't join domain
But I can't seem to join a computer to the domain, and I've run out of ideas. I'd like some help trying to identify where I've gone wrong and how to get the server to allow desktops to join. Sorry to reply to my own post. I figured out my problem: $ smbclient -L //newserv Domain=[TESTDOM] OS=[Unix] Server=[Samba 3.3.2] Server Comment ---- NEWSERV newserv server (Samba, Ubuntu) WorkgroupMaster ---- -TESTDOM DESKTOP +TESTDOM NEWSERV In other words, I had another test machine that was acting as the domain master. Nothing I did on the new server made any difference because joining to the domain was going to the wrong place. Cheers, Chris -- Christopher S. Swingley http://swingleydev.com/ cswin...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-PDC: One fresh installed XP-Machine can't load the Profiles
John Doe schrieb: From: Daniel Spannbauer d...@marco.de But one freh installed XP-Machine can't load my profile. Tried? [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters] RequireSignOrSeal=dword: Yes, tried that. But it's the same result. Joining the domian works fine, but my profile is not loaded. I always get a temporary Profile. Regards Daniel JD -- Daniel Spannbauer Software Entwicklung marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 Fax -11 Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 http://www.marco.de/ Email d...@marco.de Geschäftsführer Martin Reuter HRB 171775 Amtsgericht München -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-PDC: One fresh installed XP-Machine can't load the Profiles
From: Daniel Spannbauer d...@marco.de But one freh installed XP-Machine can't load my profile. Tried? [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] CompatibleRUPSecurity=dword:0001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters] RequireSignOrSeal=dword: JD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP (Debian Lenny)
On Sun, 16 Aug 2009, Henrik Dige Semark might have said: Hey. I'm trying to move my existing MS-AD over to SAMBA, the place I'm working for is changing all servers from MS to Debian, but all the clients is still a mixed environment for now. We have MAC, *NIX, and Windows clients, so its imported that everything keeps running in the same or almost the same way as before the change but. When I try to join a Windows Vista Ultimate ore Windows XP Pro to the domain it takes 30 sec and then it says The machine account dos not exist but as I understand that is what add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i %u has to do right ? I have pasted my config + log from OpenLDAP and SAMBA, can anybody see what I have don wrung I'm not at work and am unable to compare your configuration with my production configuration. I have a similar environment, though, and found for windows boxes I needed to create the account in LDAP first (I use smbldap-adduser ...), then I must also add my samba server as a WINS server to the windows box, then I can join the windows box to my samba pdc domain. Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC + OpenLDAP (Debian Lenny)
I'm trying to move my existing MS-AD over to SAMBA, the place I'm So you have an AD domain? Samba 3.x does not provide an AD domain, it provides an NT domains, so your requirement of everything keeps running in the same or almost the same way cannot be met. Unless you want to try Samba 4. When I try to join a Windows Vista Ultimate ore Windows XP Pro to the domain it takes 30 sec and then it says The machine account dos not exist but as I understand that is what add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i %u has to do right ? It is supposed to, yes. socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Get rid of all the socket options stuff. Are you using an old HOWTO or some crap Wiki entry from somewhere? Setting this directive is an OLD habit and very obsolete. Use only the Samba HOWTO and By-Example as provided on Samba docs. Assume everything else on the Internet is obsolete and out-of-date, because it most likely is. [2009/08/14 18:22:24, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for DomAdmin [2009/08/14 18:22:24, 1] auth/auth_util.c:make_server_info_sam(562) User DomAdmin in passdb, but getpwnam() fails! I don't know why it is looking for a DomAdmin account. Perhaps your directory is not fully initialized? Loaded with the required users, etc... Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083. [2009/08/14 18:22:48, 0] passdb/pdb_interface.c:pdb_default_create_user(336) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 -w -i hds$' gave 127 I don't use smblap-tools but this looks like they don't have sufficient config to authenticate to the DSA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
what is the output of net getdomainsid? Boris Höffgen wrote: Hello, i migrate the machine and user accounts into a Samba PDC from a Windows NT domain with the command net. After that i generated the user passwords with the util smbpasswd. Samba is now the master and the domain PDC. But when the users try to login, the following error appeares in the logs: netlogon_creds_server_check failed. Rejecting auth request from client WS06 machine account WS06$. What must i do to solve the problem? pdbedit -Lv WS06$: Unix username:WS06$ NT username: WS06$ Account Flags:[W ] User SID: S-1-5-21-372180226-160714707-1039276024-1018 Primary Group SID:S-1-5-21-372180226-160714707-1039276024-513 Full Name: Home Directory: \\dc011\profiles\98\ws06_ HomeDir Drive:H: Logon Script: /home/samba/netlogon/ws06_.cmd Profile Path: \\dc011\profiles\xp\ws06_ Domain: BILLE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Di, 09 Jun 2009 11:46:19 CEST Password can change: Di, 09 Jun 2009 11:46:19 CEST Password must change: Di, 21 Jul 2009 11:46:19 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF passwd: WS06$:x:1014:1010::/dev/null:/bin/false shadow: WS06$:!:14362:0:9:7::: Thanks and regards Boris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC
Hi! Adam Williams schrieb: what is the output of net getdomainsid? SID for local machine DC011 is: S-1-5-21-3019101499-2136775595-2697463099 SID for domain BILLE is: S-1-5-21-372180226-160714707-1039276024 The old PDC is DC01 and the samba server (new PDC) is DC011. Thanks! Boris Höffgen wrote: Hello, i migrate the machine and user accounts into a Samba PDC from a Windows NT domain with the command net. After that i generated the user passwords with the util smbpasswd. Samba is now the master and the domain PDC. But when the users try to login, the following error appeares in the logs: netlogon_creds_server_check failed. Rejecting auth request from client WS06 machine account WS06$. What must i do to solve the problem? pdbedit -Lv WS06$: Unix username:WS06$ NT username: WS06$ Account Flags:[W ] User SID: S-1-5-21-372180226-160714707-1039276024-1018 Primary Group SID:S-1-5-21-372180226-160714707-1039276024-513 Full Name: Home Directory: \\dc011\profiles\98\ws06_ HomeDir Drive:H: Logon Script: /home/samba/netlogon/ws06_.cmd Profile Path: \\dc011\profiles\xp\ws06_ Domain: BILLE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Di, 09 Jun 2009 11:46:19 CEST Password can change: Di, 09 Jun 2009 11:46:19 CEST Password must change: Di, 21 Jul 2009 11:46:19 CEST Last bad password : 0 Bad password count : 0 Logon hours : FF passwd: WS06$:x:1014:1010::/dev/null:/bin/false shadow: WS06$:!:14362:0:9:7::: Thanks and regards Boris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA+PDC+Mysql authentication Backend
Hi Pablo,
First i like to mention that the sql backend might not be the smartest
choice of backends.
in your debug you attached you'll see an mysql error:
[2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
Error executing UPDATE user SET WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
that is because the query isn't right ('update user set where', it
should be 'update user set where user_sid')
try commenting out all the mysql things (in your smb.conf) except the:
- Backend
- host
- user
- pass
and - database.
the rest is pre defined in the backend it's self..
but like i said, the sql backend lacks some good things and you might
be better off with ldap or the pdb backend.
also the sql backend only works with 3.0.x and 3.2.x
the project needs new developers to bring it to a higher plan...
good luck with it... Greets. Collen
ps. i think you might post sql related stuff in pdbsql mailing list,
rather then the samba list...
Pablo Camera wrote:
I ne w in samba world but i was configured a Samba with shares folder linkable
to users and it was successfull.
Now i try to extend to PDC but the client can't logon into the server:
the log.smbd could this
[2009/06/12 15:51:21, 0] smbd/server.c:main(1209)
smbd version 3.2.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/06/12 15:51:21, 1] pdb_mysql.c:mysqlsam_init(607)
Connecting to database server, host: localhost, user: samba, database:
samba_auth, port: 3306
[2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server
trust account
[2009/06/12 15:52:58, 0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account MULTI$:
NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:52:58, 0] rpc_server/srv_netlog_nt.c:get_md4pw(331)
get_md4pw: Workstation MULTI$: BDC secure channel requested but not a server
trust account
[2009/06/12 15:52:58, 0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(502)
_netr_ServerAuthenticate2: failed to get machine password for account MULTI$:
NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/06/12 15:53:01, 0] pdb_mysql.c:mysqlsam_replace_sam_account(415)
Error executing UPDATE user SET WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234', You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for the
right syntax to use near 'WHERE user_sid =
'S-1-5-21-2398918909-2979869015-1347180298-1234'' at line 1
My smb.conf is this.
[global]
workgroup = MULTI
netbios name = MULTI
security = user
#Modificaciones para hacer de samba un PDC
os level = 64
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon path = \\%N\%u
logon drive = H:
logon home = \\multi\%u\perfil
logon script = %u.bdat
add user script = /usr/local/samba/bin/./pdbedit -a %u
#add user to group script = /usr/sbin/groupmod -m %u %g
add machine script = /usr/local/samba/bin/./pdbedit -am %m
delete user script = /usr/local/samba/bin/./pdbedit -x %u
#delete group script = /usr/sbin/groupdel %g
#delete user from group script = /usr/sbin/groupmod -x %u %g
#set primary group script = /usr/sbin/usermod -g %g %u
passwd program = /usr/local/samba/bin/./pdbedit -am %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
idmap uid = 1-15000
idmap gid = 1-15000
#Para enviar password
#lanman auth = Yes
#ntlm auth = No
#lm announce = Yes
#client lanman auth = Yes
#Fin de password
#Fin de Modificaciones para PDC
#Mapeo de usuarios
username map = /usr/local/samba/lib/smbusers
#Fin de Mapeo de usuarios
obey pam restrictions = Yes
#Ultimo cambio de yes a no
encrypt passwords = yes
#fin cambio
update encrypted = no
#client lanman auth = yes
#client plaintext auth = yes
#Para Autenticar usuarios
passdb backend = mysql:mysql
mysql:mysql host = localhost
mysql:mysql user = samba
mysql:mysql password =
mysql:mysql database = samba_auth
mysql:fullname column= nt_fullname:
mysql:domain column = 'multi':
mysql:lanman pass column = NULL:
mysql:nt pass column = NULL:
mysql:plain pass column = plain_pw:
mysql:unknown_3 column = NULL
mysql:sid column = user_sid
mysql:nt username column = nt_username
#mysql:nt pass
smb passwd file = /etc/samba/private/smbpasswd
#Fin de Autenticacion de Usuarios
#Para PDC
[netlogon]
path = /home/netlogon
read only = yes
write list = ntadmin
[profiles]
path = /usr/local/samba/ntprofile
writeable = yes
create mask = 0600
directory mask = 0700
#Fin PDC
[homes]
comment = Home
Re: [Samba] Samba PDC Squid NTLM Auth - Same machine
yeap! no success just yet :( Victor Medina Phyllis Diller - If it weren't for baseball, many kids wouldn't know what a millionaire looked like. On Tue, Mar 31, 2009 at 6:17 PM, Stefan Dengscherz stefan.dengsch...@gmail.com wrote: Hello Victor, did you try supplying the domain name along with the username? Like DOMAIN\administrator. Or adding winbind use default domain = yes to your samba configuration. Regards, -sd 2009/3/31 Victor Medina vitt...@gmail.com: David, it did not work. Any suggestion? Victor Medina Samuel Goldwyn - I don't think anyone should write their autobiography until after they're dead. On Wed, Apr 1, 2009 at 12:13 PM, David Wells d.we...@vitalcan.com.ar wrote: Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecontrol gjefelogistica gjefepersonal e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains C1.SV I also made sure squid users can read /var/lib/samba/winbindd_privileged I also noted this error: e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --authenticate=administrator%12345678 plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user
Re: [Samba] Samba PDC Squid NTLM Auth - Same machine
Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecontrol gjefelogistica gjefepersonal e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains C1.SV I also made sure squid users can read /var/lib/samba/winbindd_privileged I also noted this error: e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --authenticate=administrator%12345678 plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user administrator%12345678 with plaintext password winbind separator was NULL! challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user administrator with challenge/response Does someone have any idea of could go wrong? When I use squid and samba on different machines i usually join the squid machine to the domain using a net join, is this necesary when the pdc and squid are on the same machine? Victor Medina Samuel Goldwyn - I don't think anyone should write their autobiography until after they're dead. I think you should add lo to the interfaces listed in smb.conf Best regards, David Wells. -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Samba PDC Squid NTLM Auth - Same machine
David, it did not work. Any suggestion? Victor Medina Samuel Goldwyn - I don't think anyone should write their autobiography until after they're dead. On Wed, Apr 1, 2009 at 12:13 PM, David Wells d.we...@vitalcan.com.ar wrote: Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecontrol gjefelogistica gjefepersonal e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains C1.SV I also made sure squid users can read /var/lib/samba/winbindd_privileged I also noted this error: e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --authenticate=administrator%12345678 plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user administrator%12345678 with plaintext password winbind separator was NULL! challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user administrator with challenge/response Does someone have any idea of could go wrong? When I use squid and samba on different machines i usually join the squid machine to the domain using a net join, is this necesary when the pdc and squid are on the
Re: [Samba] Samba PDC Squid NTLM Auth - Same machine
Hello Victor, did you try supplying the domain name along with the username? Like DOMAIN\administrator. Or adding winbind use default domain = yes to your samba configuration. Regards, -sd 2009/3/31 Victor Medina vitt...@gmail.com: David, it did not work. Any suggestion? Victor Medina Samuel Goldwyn - I don't think anyone should write their autobiography until after they're dead. On Wed, Apr 1, 2009 at 12:13 PM, David Wells d.we...@vitalcan.com.ar wrote: Victor Medina wrote: Hi Guys! Probably this is not the best place to ask, I'll try anyway... =) I've been trying to configure a Samba PDC and a Squid Porxy server with NTLM auth on the same machine but NTML_AUTH keeps complaining about: NT_STATUS_INVALID_HANDLE I have others machines running Squid and Authenticating against a Samba Server but on different machines, this is the first time a try both on the same machine. Can I use Squid+NTLM Auth and Samba configured as PDC on the same machine? Is there any winbind issue with this kind of configuration? I'm using SLES10+SP2 Samba version as reported by rpm is 3.0.32-0.8 Squid version as reported by rpm is 2.5.STABLE12-18.13 - This is my smb.conf [global] dos charset = 850 unix charset = ISO8859-1 workgroup = C1.SV netbios name = PDCSRVC1SV server string = interfaces = eth0 bind interfaces only = Yes map to guest = Bad Password passdb backend = ldapsam:ldap://127.0.0.1 guest account = Invitado time server = Yes deadtime = 20 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrador,o=Ferreteria EPA ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=people ldap passwd sync = Yes ldap suffix = ou=c1,c=sv,o=Ferreteria EPA ldap user suffix = ou=people idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 1-10 idmap alloc config:ldap_url = ldap://127.0.0.1 idmap alloc config:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap alloc config:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:range = 1-10 idmap config DEFAULT:ldap_url = ldap://127.0.0.1 idmap config DEFAULT:ldap_user_dn = cn=Administrador,o=Ferreteria EPA idmap config DEFAULT:ldap_base_dn = ou=idmap,ou=c1,c=sv,o=Ferreteria EPA idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes create mask = 0640 force create mode = 0640 directory mask = 0750 force directory mode = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd My relevant squid.conf lines... auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp C1.SV/PDCSRVC1SV auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic C1.SV/PDCSRVC1SV auth_param ntlm children 100 auth_param basic children 100 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours The pdc works as expected, machine join works like charm, users and groups management works equally right, all accounts are placed in the LDAP, getent passwd, groups and shadow shows the ldap accounts I also did a few tests with wbinfo e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -u invitado usuarioprueba e01ggen e01glogis e01gcont e01jcomp1 e01jcomp2 e01jcomp3 e01jcomp4 e01jrepo e01jreclu e01rrece e01gcom e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo -g BUILTIN BUILTIN domain users domain admins domain guests grupoprueba gcentralsv gcompras gcontrol ggerencia glogistica gmercadeo gpersonal gventas gjefecompras gjefecontrol gjefelogistica gjefepersonal e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --all-domains C1.SV I also made sure squid users can read /var/lib/samba/winbindd_privileged I also noted this error: e01ssvsai:/var/lib/samba/winbindd_privileged # wbinfo --authenticate=administrator%12345678 plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user administrator%12345678 with plaintext password winbind separator was NULL! challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc008) error messsage was: Invalid handle Could not authenticate user
Re: [Samba] Samba PDC - Kerberised CIFS access
Shahid, You used the command 'net join' to join in domain Samba PDC in M3? My problem is when I join the M3 in domain Samba PDC (M1) with the command 'net join', after this, I can not access the M3 using Kerberos authentication. Other description, Your error is [1]: ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Decrypt integrity check failed ads_keytab_verify_ticket: krb5_rd_req failed for all 2 matched keytab principals ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) My error is [23]: ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed ads_keytab_verify_ticket: krb5_rd_req failed for all 36 matched keytab principals ads_verify_ticket: krb5_rd_req with auth failed (Wrong principal in request) When I delete the file /var/lib/samba/secrets.tdb of M3 and restart Samba Client of M3, will be back to work authentication Kerberos in M3 for my cifs client M4, but, is out of domain Samba PDC. But, the problem may be related. My english is terrible, sorry... Thanks! 2009/3/12 Eduardo Sachs edu.sa...@gmail.com: Shahid, I have same problem, but, I use Domain Heimdal Kerberos, look this bug ticket: https://bugzilla.samba.org/show_bug.cgi?id=5810 The developers have not yet responded. Thanks! 2009/3/11 Shahid M Shaikh shahid.sha...@in.ibm.com: Hi All, I have machine M1 hosting Samba PDC. It stores only user information. I have machine M2 acting as KDC server. I have machine M3 hosting CIFS shares and it joins into the domain hosted by PDC M1. I have machine M4 used as CIFS client. On M2, I have added users and cifs/host service principals for M3. Also added service principal in keytab file. I have added all the user and service principals using des-cbc-crc encryption triplet. M3 and M4 are KDC clients. I have scped the keytab file on M3 from M2. I have configured M3's smb.conf file to accept kerberos keytab and also for the kerberos realm. realm = SONAS.COM use kerberos keytab = yes client use spnego = yes From M4, I do kinit user and then try to see exported shares from M3. [r...@sofsedun3 ~]# kinit domuser Password for domu...@sonas.com: [r...@sofsedun3 ~]# smbclient -L sofsedun4 -U domuser [r...@sofsedun3 ~]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: domu...@sonas.com Valid starting Expires Service principal 03/11/09 21:36:54 03/12/09 21:36:54 krbtgt/sonas@sonas.com renew until 03/11/09 21:36:54, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [r...@sofsedun3 ~]# smbclient -L sofsedun4 -U domuser Enter domuser's password: Anonymous login successful Domain=[VSOFS1.COM] OS=[Unix] Server=[Samba 3.2.8-ctdb-55] Sharename Type Comment - --- share Disk test share IPC$ IPC IPC Service (Samba 3.2.8-ctdb-55) Anonymous login successful Domain=[VSOFS1.COM] OS=[Unix] Server=[Samba 3.2.8-ctdb-55] Server Comment - --- Workgroup Master - --- It works with anonymous login. But when i try to use -k it fails. I tried smbclient with -k and debug level 3. I get these on console. [r...@sofsedun3 ~]# smbclient -d3 -L sofsedun4 -U domuser -k lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface eth0 ip=10.0.0.23 bcast=10.0.0.255 netmask=255.255.255.0 added interface eth1 ip=10.0.1.23 bcast=10.0.1.255 netmask=255.255.255.0 added interface eth2 ip=10.0.2.23 bcast=10.0.2.255 netmask=255.255.255.0 Client started (version 3.2.8-ctdb-55). Connecting to 10.0.0.24 at port 445 Doing spnego session setup (blob length=111) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=cifs/sofsedun4.vsofs1@sonas.com Doing kerberos session setup ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Thu, 12 Mar 2009 21:36:54 TLT cli_session_setup_blob: receive failed (NT_STATUS_LOGON_FAILURE) SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE [r...@sofsedun3 ~]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: domu...@sonas.com Valid starting Expires Service principal 03/11/09 21:36:54 03/12/09 21:36:54 krbtgt/sonas@sonas.com renew until 03/11/09 21:36:54, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 03/11/09 21:39:15 03/12/09 21:36:54 cifs/sofsedun4.vsofs1@sonas.com renew until 03/11/09 21:36:54, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 Kerberos 4 ticket cache: /tmp/tkt0
