Hi,
Running 3.6.12 here, I've come up against a very odd bug. It seems that
if you define a share where the "path =" parameter contains spaces (ie
"/home/samba/test test") it will be accessible from windows clients in
the same domain as the server, but will give an "access denied error"
from
Hi,
Did this ever get an answer? I just upgraded both ends of a
bidirectional domain trust setup to 3.6.12 (from 3.5.something against
3.6.5, worked perfectly) and I face *exactly* the same problem, ie a
share on an XP box cannot be access by another XP box at the other end.
The SMB error cod
You can still separate your DC from your file server. You then join the
file server to the domain, and use winbindd (not nss_ldap).
WINS need not be connected, but we need to have certain entries in the
DNS server, and for dynamic DNS registration (which AD clients will want
to do) you will ne
Hi,
Come up against this in 3.6.5. I can join a BDC to a domain, and it gets
the Domain SID from the PDC, but keeps its local machine SID.
Is domain SID=local SID expected or required on BDCs, or should I just
let the BDCs keep their unique local SID, or, in fact, does it not
matter at all?
On 11/10/11 22:16, Jeremy Allison wrote:
On Tue, Oct 11, 2011 at 06:44:18PM +0100, Alex Crow wrote:
Hi all,
Since the winbind refactoring in Samba 3.6.0, interdomain trusts
between Samba servers seem to be broken in that being able to
resolve or modify file permissions on the other domain work
Hi all,
Since the winbind refactoring in Samba 3.6.0, interdomain trusts between
Samba servers seem to be broken in that being able to resolve or modify
file permissions on the other domain work only very intermittently (eg
about once out of 10 tries). This is regardless of whether I use
idma
On 03/04/11 21:28, L.P.H. van Belle wrote:
Lol, yes the same typo here, but its corrected in my smb.conf en tested it.
( my english is not that good )
Now only my main problem, why i cant set my rights any more.
checked everything, fstab is ok, acl and user_xattr,
rights on folders, checked als
On 20/01/11 17:14, PedroTron wrote:
Hi.
I have a samba PDC on lenny, using roaming profiles.
All work fine, but i have a question.
Some station need share folders with others station, but i dont know how to
permit access only to some users to that shared folders.
All the permission work fine
On 18/01/11 21:08, Jon Detert wrote:
On Tue, Jan 18, 2011 at 2:35 PM, Gaiseric Vandal
wrote:
Nt- I don't use the "ldapsam:editposix" option myself, if I understand it
correctly it means you don't have to precreate the underlying unix accounts.
That is my understanding as well. I've never u
On 18/01/11 20:04, Jon Detert wrote:
ldap idmap suffix = out=IDmap
Could the "out" instead of "ou" be your issue?
Cheers
Alex
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it i
On 17/01/11 16:33, Gaiseric Vandal wrote:
I started on samba 3.0.x and upgrades to 3.4.x.Still having only
partial success myself.I have different "ou" objects in ldap for
the allocation range and each trusted domain .
My smb.conf (editted somewhat) is below.
I would that the idmappi
Hi,
We have just managed to get winbind behaving correctly in a Samba domain
with Samba member servers with help from Sernet. It is now not adding
spurious entries for the "own domain".
However, a member server keeps trying to add group mappings that already
exist in the LDAP idmap ou. This
Apologies, typo in the below corrected (was trying to hide the real ldap
suffix in my post and failed!):
Here is the relevant part of the DMS smb.conf:
idmap backend = ldap:ldap://pdc
idmap uid = 1-2
idmap gid = 1-2
ldap admin dn = cn=manager,dc=my,dc=net
ldap suffix = dc=my,dc=n
Well, depending on your passdb backend this might or might
not work. I would not count on file system failover to get
the passdb.tdb right in all cases. Probably I am too
paranoid here, as we're using proper tdb transactions these
days, but between a CPU and a disk spindle in a SAN setup
too muc
On 02/11/10 08:01, Volker Lendecke wrote:
On Tue, Nov 02, 2010 at 08:14:43AM +0100, Daniel Müller wrote:
I just did the same questions months ago with no answer!?
Now I am curious to here if this is working for now. In the past ctdb only
worked for me only for file serving.
Well, and
Anyone,
I have registered a bug for this, #7763.
I am also now suffering from #7066, have followed all the suggestions
and have no resolution.
Is it the case that Samba in as a domain controller with member server
in NT4-style domains should only be used with 3.2.x (which is not
ostensibly
Just reinstalled my webserver, no ssl, so image URL is:
http://www.nanogherkin.com/ldap.png
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
On 26/10/10 17:28, Gaiseric Vandal wrote:
I may have indeed forgot to clear the cache files after upgrading
from samba 3.0x to 3.4.x.
I had various issues with samba servers as member servers - mostly in
keeping idmap entries consistent across machines. The solution in
the end had been to
On 26/10/10 16:32, Gaiseric Vandal wrote:
You may need to specify separate idmap sections for each domain, as
well as general settings. Samples of my smb.conf (samba 3.4.x ) are
below.
When I was on samba 3.0.x, idmap entries would populate for each
domain in the correct OU. It would use th
Apologies, forgot the list stripped attachements.
Please see:
https://www.nanogherkin.com/ldap.png
Apologies for self-signed cert.
Cheers
Alex
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclo
Hi,
I have recently upgraded a system with a Samba BDC, PDC and a couple of
member servers from 3.2.14 to 3.4.9 (and also tested with 3.5.6).
There appears to be some problem with Winbind (we need to run it on all
servers as we have a trust relationship to a domain at another office).
I hav
Hi,
If you are using LDAP, it'd probably be better to point your member
server to it's LDAP directory. You probably don't want "winbind use
default domain" set to "yes" as this will fill your IDMAP backend with
local domain accounts, really in a Samba domain you only want foreign
domain stuff in t
>
> That looks like a very useful information. I am using 3.2.8 as well.
> Will you please elaborate a bit on upgrading schema ?
>
First question: are your Domain Controllers using Samba? If not, the
rest of this probably won't work (never used an AD domain myself).
On gentoo emerging the lat
> >
> >
> I'm not sure that Samba checks the Linux groups but Linux does. In a
> Windows domain, all the accounts reside in the Domain. It may be
> checking the Linux accounts for shares on the DC, but wouldn't be able
> to on a member server. Perhaps one of the Linux gurus could answer your
> fi
>
> I am somewhat limited to use tdb backend as ldap back end doesn't seems to
> be supporting trusted domains.
>
Your samba schema might be out of date - both sides of the trust are
stored in LDAP now - I had the same problem until I ugraded my schema
files after going from 3.0.x to 3.2.x
> Alex,
>
> I have been trying to use "root preexec" to add domain users to Power
> users group on the local workstation, it never works..
> http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#autopoweruserscript
>
> Have you used this??
>
> thanks
> Avinash
We do this b
Martin
I use "root preexec" in the netlogon share to run a script which:
a) Update DNS with the fqdn username.domain
b) Update a MySQL db with the username, logon time, machine name and
server name
in combination with an entry in the logon script on each dc which writes
to a logfile at each logo
Depending on the version of Samba, it could be that "passdb expand
explicit = yes" is required. I ran across this in a similar situation
due to a change in default behaviour.
Alex
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that pe
This is now on Bugzilla, bug 6646.
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us im
On Tue, 2009-08-18 at 14:44 +0100, Alex Crow wrote:
> > . For example: 1 time
> > return 0xc0c3 ( NT_STATUS_INVALID_NETWORK_RESPONSE) or 0x1c010002 (???)
> > and much others. I realized one thing: when the response is "Broken Pipe"
> > the ntlm responds "
warning...
>
I am seeing similar problems with 3.2.13 on my Squid server.
If it happens again I will try to get a log.
Alex Crow
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it
Alex
On Mon, 2008-06-02 at 14:30 +0100, Alex Crow wrote:
> Hi,
>
> I am having the exact same problem as the user quoted below - I have
> 3.0.28a installed at both ends (I've tried 3.0.30 but that seems to make
> wbinfo -t fail with "DOMAIN CONTROLLER NOT FOUND" er
All,
If I set up a BDC with a replicated ldap server, can I point the "ldap
backend" and "idmap backend" options *both* to the localhost and enable
a referral on the slave so that writes (ie Idmap updates) will be
referred to the master server?
I'm running debian unstable with openldap 2.4 (and l
Hi,
I am having the exact same problem as the user quoted below - I have
3.0.28a installed at both ends (I've tried 3.0.30 but that seems to make
wbinfo -t fail with "DOMAIN CONTROLLER NOT FOUND" errors). It's a
bidirectional trust - the end remote to me works fine but the local end
reports as bel
07:51 +1100, Andrew Bartlett wrote:
> On Tue, 2008-02-12 at 11:01 +0000, Alex Crow wrote:
> > Hi there,
> >
> > I am looking into using CTDB between a PDC and a BDC. I assume this is
> > possible!
> >
> > However I have a few questions:
> >
> > 1: D
Hi there,
I am looking into using CTDB between a PDC and a BDC. I assume this is
possible!
However I have a few questions:
1: Do I have to use tdb2 as an Idmap backend? Can I not stay with ldap?
(from the CTDB docs:
A clustered Samba install must set some specific configuration
parameters
clus
Hi there,
I am looking into using CTDB between a PDC and a BDC. I assume this is
possible!
However I have a few questions:
1: Do I have to use tdb2 as an Idmap backend? Can I not stay with ldap?
(from the CTDB docs:
A clustered Samba install must set some specific configuration
parameters
clus
On Tue, 2007-08-21 at 21:17 +0200, Markus Baertschi wrote:
> I'm attemtping to configure a Ubuntu server for a bunch of windows clients.
> I'd like the authentication information to be in ldap.So far the stuff
> works,
> I can authenticate users in LDAP just fine.
>
> But when I want a windows mac
Stephane,
killall -HUP smbd
Your printers should then show up immediately.
Cheers
Alex
On Thu, 2007-08-02 at 11:14 +0200, Stephane ARMANET wrote:
> Hello list
>
> I use a samba (version 3.0.14) PDC and Cups (1.2.7) for sharing
> printers with windows clients.
>
> When I create a new print
Gary,
Is that FoxPro?
We had something like that back when we used it but it turned out to be
something in the FP code.
Our settings for locking were:
oplocks = no
level2 oplocks = no
And until we got rid of Fox we never had any issues with those.
Cheers
Alex
On Thu, 2007-06-28 at 1
On Wed, 2007-06-27 at 01:42 -0700, mikelOn wrote:
>
> Hi all,
>
> I finally found where the problem is. The samba attributes are not being
> added when the workstation entry is created. The "sambaSamAccount"
> objectclass is missing.
>
> Why is it not being added if it is suppossed to be a wind
>
> Ah - the readahead issue. Try using 3.0.25 with the vfs readahead
> module.
>
> Jeremy.
Jeremy, Andrew
I think from the context that Andrew has already tried that - at work we have
decided that Vista simply isn't worth the hassle now.
We can't even manage to get Vista on a new laptop to
On Wed, 2007-06-13 at 13:03 -0400, Berend Tober wrote:
> Alex Crow wrote:
> > This wasn't a migration from an NT domain was it? We had the problem
> > after a migration that starting up Office programs was incredibly slow -
> > it turned out there were a load of Office re
Berend,
This wasn't a migration from an NT domain was it? We had the problem
after a migration that starting up Office programs was incredibly slow -
it turned out there were a load of Office registry entries pointing to
UNC paths on the old Windows PDC.
Just an idea...
Cheers
Alex
--
To unsu
On Tue, 2007-05-22 at 14:06 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow wrote:
> > Jerry,
> >
> > I *think* it coinided with using the user/group selection
> > dialog in the "Security" tab f
Jerry,
I *think* it coinided with using the user/group selection dialog in the
"Security" tab for a file share.
As for the segafault, I'm going to try make a fresh OS install on the
machine tomorrow and start again as I think I might have some residues
somewhere...
As I said, RC3 was working fin
> It seem like your ldap server is down.
>
If it was, my whole office would be phoning me now -
we have:
3 slave ldap servers
2 mail servers
1 BDC
6 member servers
1 telephone directory web page
250 users using LDAP for their address book.
All are working correctly so it's *not* this. This ha
Gerry,
I'm afraid that patch has almost rendered the server uncontactable. I am
now getting constant errors in smbd connecting to my LDAP server:
May 22 14:36:52 print smbd: nss_ldap: failed to bind to LDAP server
ldap://pdc.ifa.net: Can't contact LDAP server
May 22 14:36:52 print smbd: nss_ldap:
David,
Did my advice help?
I think this should probably go into the "Interdomain Trusts" section of
"By Example" as I was banging my head against a brick wall for ages
until I realised that you need these args on the *trusting* domain's PDC
to be able to log on to the trusted domain (unless you a
In smb.conf, do you have
winbind enum groups = yes
winbind enum users = yes ?
I got stumped by this myself but these seem now to be off by default and
need to be added for nsswitch to enumerate users/groups.
Cheers
Alex
On Thu, 2007-05-17 at 18:30 +0100, David Lee wrote:
> Hi Rune
> I have
>
Gerry,
I could not assign it myself, however it's bug number 4616.
Cheers
Alex
On Thu, 2007-05-10 at 08:07 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow wrote:
> > Dear Samba team,
> >
> > I have install
All, devels,
I would like to put in a request the those working on Samba 4 - at our
company, we already have a significant investment in Samba 3 and
OpenLDAP - LDAP is our primary authentication backend, controls access
and configuration of our email infrastructure, and we have written many
script
Aaron,
The best has to be to follow the "Samba 3 by Example" guide on the
samba.org website. You can also get a dead-tree version, I think it's
now on the second edition.
The section dealing with starting with an LDAP backend is, I believe,
entitled "Making Happy Users".
Cheers
Alex
On Mon, 20
GIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow wrote:
> > Jerry,
> >
> > Any ideas yet? I've reverted my Server 2003 box to 32-bit for now, so
> > it's not so pressing to use 3.0.25.
>
> So the DC was a 64bit Windows 2003 DC (netbios domain
&
Jerry,
Any ideas yet? I've reverted my Server 2003 box to 32-bit for now, so
it's not so pressing to use 3.0.25.
Cheers
Alex
On Thu, 2007-05-10 at 15:50 +0100, Alex Crow wrote:
> Jerry,
>
> I realised I forgot to restrict the dump to the XP client concerned. I
> have no
Jerry,
I realised I forgot to restrict the dump to the XP client concerned. I
have now replaced the file on the webserver.
Cheers
Alex
On Thu, 2007-05-10 at 08:28 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow wrote:
> >
Jerry,
I've attached my smb.conf, you can get the dump file from
http://www.nanogherkin.com/smbdump.tcpdump.bz2. The server is x86-64.
Cheers
Alex
On Thu, 2007-05-10 at 08:28 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow
; Hash: SHA1
>
> Alex Crow wrote:
> > Dear Samba team,
> >
> > I have installed the above release of samba and I am
> > seeing the same problem as decribed in this old posting when
> > I try to add permissions to printers:
> >
> > http
Dear Samba team,
I have installed the above release of samba and I am seeing the same
problem as decribed in this old posting when I try to add permissions to
printers:
http://lists.samba.org/archive/samba/2006-July/123177.html
Interesting that this was last seen in 3.0.23. 3.0.24 behaves as
exp
On Mon, 2007-04-30 at 13:28 -0500, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Alex Crow wrote:
> > Jerry, All,
> >
> > I am trying to get x64 drivers installed onto a Samba 3.0.24 server,
>
> Fixed in 3,.0.25.
Jerry,
Jerry, All,
I am trying to get x64 drivers installed onto a Samba 3.0.24 server,
however I am getting an error that looks like it was last seen in 2005,
ie when Windows checks the driver is uploaded OK, it thinks it's not for
the correct architecture:
[2007/04/30 17:18:04, 3] smbd/dosmode.c:unix
Jerry, All,
I am trying to get x64 drivers installed onto a Samba 3.0.24 server,
however I am getting an error that looks like it was last seen in 2005,
ie when Windows checks the driver is uploaded OK, it thinks it's not for
the correct architecture:
[2007/04/30 17:18:04, 3] smbd/dosmode.c:unix
62 matches
Mail list logo