Re: [Samba] IDMAP dump and restore for second server.

2012-03-24 Thread Bruce Richardson
On Fri, Mar 23, 2012 at 10:51:47AM +, Johan Hendriks wrote: Thanks for the reply. probably my lack of understanding the whole thing is making it a little confusing for me. Is there a way to get the same id's on a second server. You could move to using an LDAP backend, then it'll

[Samba] Administrator cannot connect to samba on 2008 R2 ADS members

2011-08-10 Thread Bruce Richardson
I have an odd situation where Samba 3.x domain members in an Active Directory 2008 R2 domain cannot authenticate the Administrator. All other users work, but if I try to connect to the samba services as the domain Administrator, authentication fails. The Windows domain controllers are happy to

Re: [Samba] SSO's availability

2011-08-03 Thread Bruce Richardson
On Tue, Aug 02, 2011 at 08:17:01PM +0200, Frédéric Bérard wrote: Is it possible to configure a system of authentication based on SSO samba (and certainly ldap and lot of others things) ? Which things need to authenticate? At my current workplace, I've set up Samba with an LDAP backend. Linux

Re: [Samba] Fwd: getent group fails - fixed

2011-06-23 Thread Bruce Richardson
On Thu, Jun 23, 2011 at 01:00:55PM +0100, Dermot wrote: Found it. It turns out that the config file for libnss-ldap is /etc/libnss-ldap.conf on my distro (Debian). So NSS was ignoring the config that I had been in /etc/ldap/ldap.conf and taking it from /etc/libnss-ldap.conf. As far as I'm

Re: [Samba] Fwd: getent group fails - fixed

2011-06-23 Thread Bruce Richardson
On Thu, Jun 23, 2011 at 02:20:56PM +0100, Dermot wrote: I would have thought, but I am no expert, that samba would have used the config from smb.conf and that ldapsearch (and anything else that didn't have hooks else where) would use /etc/ldap/ldap.conf. In smb.conf you specify those things

Re: [Samba] SOLVED: DFS root only works for more recent Windows clients

2011-06-13 Thread Bruce Richardson
On Thu, Jun 09, 2011 at 10:39:50AM +0100, Bruce Richardson wrote: I've been testing DFS roots and I'm finding that while Vista and 2008 Server clients can connect with no problems, Windows XP Pro and 2003 Server clients fail. This seems like it's the wrong way round - Samba usually has more

[Samba] DFS root only works for more recent Windows clients

2011-06-09 Thread Bruce Richardson
I've been testing DFS roots and I'm finding that while Vista and 2008 Server clients can connect with no problems, Windows XP Pro and 2003 Server clients fail. This seems like it's the wrong way round - Samba usually has more difficulties with recent Windows versions than older ones - but I can

Re: [Samba] DFS root only works for more recent Windows clients

2011-06-09 Thread Bruce Richardson
On Thu, Jun 09, 2011 at 12:42:48PM +0200, Daniel Müller wrote: For me working without any trouble. Centos 5.5,5.4,5.6. Did you: host msdfs=yes??? That's the default setting for host msdfs, so there should be no need to set it. But yes, I did set it explicitly and it made no difference. It is

Re: [Samba] problem connecting DFS-share with winXP - successful with Vista 7

2011-06-09 Thread Bruce Richardson
On Mon, Dec 20, 2010 at 11:19:52AM +0100, Steffen Frömer wrote: Hi, i have problems connecting to DFS-Share from Client WindowsXP. Same configuration works fine for Windows Vista and 7. On Windows 7 the LMCompatibility Level is 3. I missed this in my previous search of the archives.

Re: [Samba] DFS root only works for more recent Windows clients

2011-06-09 Thread Bruce Richardson
On Thu, Jun 09, 2011 at 09:14:39AM -0400, John Drescher wrote: Its working for me for years at work with (xp, xp64, and now windows7 64 bit). I as of a few months I am running samba-3.5.8 on the dfs root however I had 3.0.37 installed up until recently. Did you reboot the xp clients after

Re: [Samba] DFS root only works for more recent Windows clients

2011-06-09 Thread Bruce Richardson
Have you tried using the real ip address in the links? I switched to that years ago to allow cifs-msdfs links without a dns server. I am not sure if that had any effect on XP clients though. Interesting idea, just tried it, didn't work. Shame. -- Bruce Explota!: miles de lemmings no

Re: [Samba] DFS root only works for more recent Windows clients

2011-06-09 Thread Bruce Richardson
On Thu, Jun 09, 2011 at 10:47:26AM -0400, John Drescher wrote: There may be some difference between our set-up (LDAP-backed Samba 3.x domain) and yours, I am using a samba ldap domain. I wonder what is different about our configurations that makes the difference. I wonder, could you send

Re: [Samba] ldap idmap backend

2011-03-17 Thread Bruce Richardson
On Thu, Mar 17, 2011 at 04:02:29PM +0300, Vladimir Vassiliev wrote: Hi all, i use Samba 3.5.6 in ads mode (Windows 2008R2) with ldap idmap backend. Servers run Centos 4 and 5. I can't cope with next issue for long time. On all servers in domain winbind constantly tries to create

Re: [Samba] ldap idmap backend

2011-03-17 Thread Bruce Richardson
On Thu, Mar 17, 2011 at 05:06:03PM +0300, Vladimir Vassiliev wrote: Why have you created a local computer domain, out of interest? I didn't do it, Samba did. Really I dunno how to add extra domain to Samba. How can I delete this domain? Something did it. Was this machine a domain controller

Re: [Samba] Shared directory contained within another shared directory

2011-03-17 Thread Bruce Richardson
On Thu, Mar 17, 2011 at 09:50:14AM -0500, Chris Weiss wrote: yes, filesystem permissions do override any share level permissions in the conf. you'll need to adjust hrshared permissions as needed. Pedantically, it's not that one overrides the other; the restrictions in the two different

Re: [Samba] Samba PDC adding new user, profile dir is not created

2011-03-16 Thread Bruce Richardson
On Wed, Mar 16, 2011 at 11:09:59AM +0100, J. Echter wrote: Hi, i have a Samba PDC (no LDAP) and added add user script to my config. I can create the user with no problems, login is possible but the /home/samba/profile/user dir is not created. It'll be created automatically when the user

Re: [Samba] Samba PDC adding new user, profile dir is not created

2011-03-16 Thread Bruce Richardson
On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) Well, as long as you have the correct acls on the share and permissons on the directory, the user's workstation should try to create the user

Re: [Samba] Samba PDC adding new user, profile dir is not created

2011-03-16 Thread Bruce Richardson
On Wed, Mar 16, 2011 at 11:21:42AM +0100, Marco Ciampa wrote: IMHO you have to create it with a script. In that script you will create the user (with useradd) and then the profile dir... I think it is probably a bad idea to do this with a script unless you have some good reason to need it.

Re: [Samba] Samba PDC adding new user, profile dir is not created

2011-03-16 Thread Bruce Richardson
On Wed, Mar 16, 2011 at 04:17:05PM +0100, J. Echter wrote: Am 16.03.2011 13:01, schrieb Bruce Richardson: On Wed, Mar 16, 2011 at 12:16:52PM +0100, J. Echter wrote: no, i want to have a profile dir created when a new created user logs in. that's it. :) If you create these directories

Re: [Samba] Samba PDC adding new user, profile dir is not created

2011-03-16 Thread Bruce Richardson
On Wed, Mar 16, 2011 at 12:01:52PM +, Bruce Richardson wrote: What do you have in your logon path setting in smb.conf? You never answered this question. You don't need to have anything there, because it defaults to \\%N\%U\profile, but if you do have something there, what is it? Are you

Re: [Samba] another question about account locking

2011-01-13 Thread Bruce Richardson
On Fri, Jan 14, 2011 at 02:51:58AM +0900, TAKAHASHI Motonobu wrote: 2011/1/13 Kevin Taylor groucho.64...@hotmail.com: Is there a way that we can increment the samba bad password count, when a user fails a password on a linux system? I'm looking for ways to get both Windows and Linux to

Re: [Samba] why the domain administrator has to has uid 0?

2011-01-10 Thread Bruce Richardson
On Mon, Jan 10, 2011 at 07:05:54AM -0500, William E Jojo wrote: Look at: net rpc rights grant username SeMachineAccountPrivilege This will add users to the account_policy.tdb file with join rights in that domain. When you upgrade or move to another machine, be sure to bring this file

Re: [Samba] getting error with setfacl

2010-11-05 Thread Bruce Richardson
On Thu, Nov 04, 2010 at 11:50:03AM -0700, James D. Parra wrote: Hello Bruce, Still can't get setfacl to get group or user info from the AD (Windows 2003) I have the following in nsswitch.conf; passwd: compat ldap group: files ldap Have you put the correct details into the nss_ldap

Re: [Samba] getting error with setfacl

2010-11-03 Thread Bruce Richardson
On Wed, Nov 03, 2010 at 05:05:28PM -0700, James D. Parra wrote: Well it does if you're using winbindd to map DOMAIN\\groupname to a group on the box :-). ~ Thank you Jeremy. What is the best way to do that? The key tool is nsswitch. Winbind may or may not be

Re: [Samba] Samba3 registy based configuration and group policies!?

2010-11-02 Thread Bruce Richardson
On Tue, Nov 02, 2010 at 10:09:16AM +0100, Daniel Müller wrote: Dear all, after a lot of thinking about the registry way of configuring samba I came about that group policies are especially stored things in the registry. Group policies alter the registry of Windows workstations and member

Re: [Samba] Workgroup compared to Domain

2010-10-29 Thread Bruce Richardson
On Thu, Oct 28, 2010 at 09:16:43PM -0400, Robert Moskowitz wrote: Are there any good articles comparing features/functions of a Workgroup compared to a Domain? If you don't want the centralised control of a Windows domain, leave Workgroups well alone; they are fragilel overly complex for what

Re: [Samba] Workgroup compared to Domain

2010-10-29 Thread Bruce Richardson
On Fri, Oct 29, 2010 at 06:50:08PM -0500, John H Terpstra wrote: Please help use to understand exactly how ZeroConf helps with user and group management. Confused by your answer! Are you one of the original posters alternate personalities? Otherwise, I'm a little confused by yours. The OP

[Samba] Trusted domain users unwantedly mapping onto local domain users

2010-10-21 Thread Bruce Richardson
Having set up two way trust between a Samba domain (with LDAP backend) and an AD domain, I find that 1. Users from the trusted domain are authenticated against the proper DC (that is, their regular password works), but only if there is a corresponding local domain user. 2. Users from the

Re: [Samba] Trusted domain users unwantedly mapping onto local domain users

2010-10-21 Thread Bruce Richardson
On Thu, Oct 21, 2010 at 05:02:55PM -0400, Gaiseric Vandal wrote: I have not tried ssh'ing in as a trusted domain user (I definately don't want that available..) It's not something I want to make available, but it was an important test to prove that winbind was creating the correct idmap