[Samba] Moving from SAMBA to 2003 domain with XP SP# client machines roaming profiles stopped working

We have been directed to move off a SAMBA domain to a server 2003R2 domain. We run roaming profiles with samba and would like to continue this on 2003R2. After bringing all the XPSP3 desktops into the 2003R2 domain, roaming profiles wont work. I'm not even trying to use the SAMBA generated

Re: [Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

On 10/12/2010 01:05 PM, Douglas Phillipson wrote: To create a "Trust" between Samba and a W2003 AD Domain, does the Samba machine have to be a domain member also? Doug P I'm not clear on something. My goal is to have our AD users access a samba share without having to enter

Re: [Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

To create a "Trust" between Samba and a W2003 AD Domain, does the Samba machine have to be a domain member also? Doug P On 10/11/2010 11:29 PM, Daniel Müller wrote: "http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrust s.html#id2621046" Problems with LDAP ldapsam and Ol

Re: [Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

oops, should be using a machine arg, tried: /var/lib/samba/sbin/smbldap-useradd.pl -w -c "Domain Trust" ECN$ Still get error: failed to add entry:  at /var/lib/samba/sbin//smbldap_tools.pm line 497, line 283. DOug P On 10/11/2010 10:29 AM, Douglas Phillipson wrote: When trying

Re: [Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL (Added info)

. Thanks Doug P On 10/11/2010 09:53 AM, Douglas Phillipson wrote: I'm trying to establish a two way non-transitive trust between a W2003 A/D box and our SAMBA domain. We are using smbldap so we can log in on any of the linux boxes with the same passwd. Samba is version 3.0.33 on Re

[Samba] Domain trusts with W2003 and SAMBA 3.0.33 on RHEL

I'm trying to establish a two way non-transitive trust between a W2003 A/D box and our SAMBA domain. We are using smbldap so we can log in on any of the linux boxes with the same passwd. Samba is version 3.0.33 on Redhat Enterprise. It's easy to create the trust on the Windows side with AD Do

[Samba] Noob question about cached credentials

Can a samba domain user login successfully to a PC in the domain if the PC is not connected to the network? This assumes the user has logged on at some point in the past to get their credentials on the local PC of course. Is this a "Standard" feature of SAMBA (allowing Cached credentials) or

[Samba] Loading profile slow over a fast wan link

Logging on with XP, with our desktop profile across a 10mbps wan, takes a LONG time to transfer even just 5mb of profile data. Any suggestion on tweaks to speed this up would be greatly appreciated. Other protocols like ftp, rcp and scp are 10 to 20 times faster. Regards Douglas

[Samba] Now that MS has to play nice...

Being that you SAMBA developers had to work so hard to reverse engineer the AD protocols. Will there soon be improvements and more full featured functionality in SAMBA now that you have access to more documentation? Is anything on the order of a fully feature AD clone in the works. Also, how

[Samba] Bi directional trusts with server 2003

Is it possible to establish a two way trust relationship between a SAMBA Domain and Win2003 AD Domain such that Users in the SAMBA domain can log on to machines in the W2003 Domain and users in the Windows Domain can log on to XP machines in the SAMBA Domain?Is this a domain trust, a machi

[Samba] Security issues

We have a new Cyber Security professional on our staff that now says we can't use Samba for the following reasons: At this time any appearance that Samba-3 is capable of acting as a domain controller in native ADS mode is limi

Re: [Samba] Preference of local or domain profile

Douglas Phillipson wrote: With Samba v3.x and WinXP, if there is a local profile on the users PC when the user logs on while hooked to a Samba DC, should the PC check for the DC profiles password prior to checking the local profiles password? I have a client PC, originally with no local

[Samba] Preference of local or domain profile

With Samba v3.x and WinXP, if there is a local profile on the users PC when the user logs on while hooked to a Samba DC, should the PC check for the DC profiles password prior to checking the local profiles password? I have a client PC, originally with no local profile, the user logs in to the

[Samba] Changed the IP address of Samba server, can't logon

After changing the IP address of our samba server (3.0.10), our users can't logon. We use ldap authentication, which all worked fine for more than a year prior. The samba log shows attempts as "guest" rather than the user's name. Also logging in as root on an XP box translates to user guest,

Re: [Samba] Outlook path to pst file is lost when using roaming profiles

Is nobody else losing their Outlook profile/path to pst when using roaming profiles? Doug P Douglas Phillipson wrote: We are having a problem getting the path to the Outlook PST file to move from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). When a user logs off on one

[Samba] Outlook path to pst file is lost when using roaming profiles

We are having a problem getting the path to the Outlook PST file to move from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). When a user logs off on one machine and logs on to another, the outlook path to the PST file is gone. I found this message in the archive back in 2

[Samba] Are these still all the recommended settings for using roaming profiles?

I got these several years ago, but we are having problems with Outlook with roaming profiles so I want to check and see if something new should be added to this list of mods for roaming profiles. - Go to Local Computer Pol

[Samba] Can Samba be used to push out updates and hotfixes

I have the Official Samba 3 and Samba-3 by example books, although not the second edition copies. But I can't seem to find out how to push out patches and hotfixes with Samba. Is this not possible at this time? I don't have a lot of experience with Windows but I am going to have to deal with

[Samba] Is there a method to search the samba archives

I'd like to do some research prior to posting questions here but all I see in the archives are monthly gzip'd files. I there a single file in say mbox format I can grab, or is there another search/query mechanism I don't know about? Thanks Doug P -- To unsubscribe from this list go to the fo

[Samba] Can Samba be used to push out updates and hotfixes to client PC's

I have the Official Samba 3 and Samba-3 by example books, although not the second edition copies. But I can't seem to find out how to push out patches and hotfixes with Samba. Is this not possible at this time? I don't have a lot of experience with Windows but I am going to have to deal with

[Samba] Is there a method to search the samba archives

I'd like to do some research prior to posting questions here but all I see in the archives are monthly gzip'd files. I there a single file in say mbox format I can grab, or is there another search/query mechanism I don't know about? Thanks Doug P -- To unsubscribe from this list go to the fo

[Samba] High Availability with Samba and Heartbeat

Since I get so much from this list I thought I would share a project I've been working on and how it works with samba (3.0.1). It is Samba related so I hope it's not off topic. I've set up a HA solution with redundant Samba Domain Controllers throuth the "Heartbeat" package at: http://www.ult

[Samba] CUPS vs lprng

Could I get some opinions on which type of Samba based printing is easier, CUPS or LPRNG, or just bybass Samba altogether. I'm looking at the Printing HOWTO by Kurt Pfeifle (Printing Support in Samba 3.0) and both look really complex. Anyone out there have any experience with printing service

[Samba] Winbind seems to have hosed my roaming profiles

Winbind seems to have broke my roaming profiles. I have a 3.0.1Pre1 DC on RH AS 3.0 running with Win2000 SP4 clients logging in. Remote profiles worked well and then I added: winbind separator = + idmap uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups =

[Samba] Admin privilages for root in a samba domain on a win2000 box

Just a FYI for those that are interested. I found that to give admin privilages, in Windows, to Domain user "root" do this on tha Samba Domain Controller: net groupmap modify ntgroup="Domain Admins" unixgroup=root I can now install/remove software logged in as a domain user "root" on Win2k. I

[Samba] Winbind separator warning

When adding winbind entries in smb.conf and running testparm I get the following warning: 'winbind separator = +' might cause problems with group membership. "winbind separator = +" is used in the HOWTO (21.5.3.3). Is this OK? Or will I have problems. What is the separator for? What commands

[Samba] Cups printing, domain group error, getting closer...

After realizing my CUPS printername in /etc/cups/cupsd.conf must be the same as my samba printer sharename (I don't think it says that anywhere in any HOWTO, correct me if I'm wrong though) I am now getting to the printer resource but... Using Samba 3.0.1 and attempting to connect to a samba cu

[Samba] Cups printing on Samba 3.0.1 from Win2000 SP4

I have a samba based domain controller with a CUPS printer working fine. When I try to connect to a samba printer from Win2000 I get the following in the samba log: 2003/11/04 20:38:02, 0] printing/print_cups.c:cups_queue_get(889) Unable to get jobs for ipp://localhost/printers/goucho - cli

[Samba] Samba printing, I just don't get it

I'm sorry for asking a really newbie question here. But I'm just missing something I guess. I've read the HOWTO for 3.0.0 and either I missed it or I just didn't understand it. I have 3.0.1Pre1 on RH 9 "Machine A" working as a domain controller with a win2000 SP4 box. I made a USB local CUPS

[Samba] Request for ACL experiences

I'm having trouble with ACL's and wonder how many others are too. I see conflicting answers and comments about different aspects of ACL's from many prople on the list. I was wondering if ANYONE is successfully using ACL's with Samba 3.0 or above. Questions I have that I'm sure many are asking

Re: [Samba] Samba Share ACLs

Please See ACL related questions below... John H Terpstra wrote: On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offer

[Samba] Should I use winbind in this case

I can't seem to get an answer to this question... Should I use winbind if my Domain Controller is a samba machine? Or is it only useful if my DC is a real MS DC and I have other unix/linux client machines? I'm strictly wanting to provide file and domain logon services to Win2000 machines via

[Samba] Should I use Winbind if my DC is Samba?

Should I use winbind if my Domain Controller is a samba machine? Or is it only useful if my DC is a real MS DC? Regards Doug P -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

[Samba] Found a ACL howto but...

I found a howto on ACL's but it assumes the following: At this time, this document is not 100% complete. I have assumed you are joining to a Windows 2000 domain which is using Active Directory, you aren't trying to use Samba as a domain controller, and that you're using ext2 or ext3 on Linux.

[Samba] How do I add a printer as a samba domain resource

With NT4 I grant users access to printers via the security tab on the printer. How do I add a printer as a domain resource, with Samba, that I can then grant domain users access to through Windows? (Using Samba 3.0.1Pre1 as a DC) Thanks Doug P -- To unsubscribe from this list go to the foll

[Samba] How do I add a printer as a domain resource

With NT4 I add grant users access to printers via the security tab on the printer. How do I add a printer as a domain resource, with Samba, that I can then grant domain users access to? (Using Samba 3.0.1Pre1) Thanks Doug P -- To unsubscribe from this list go to the following URL and read th

[Samba] ACL's vs Share definitions (Trying again)

I have the Win2000 client(s) in a Samba domain. Domain authentication works fine, my "homes" share works fine, remote profiles work fine. Using 3.0.1Pre1 I would like to add people to "someshare" through the Security tab, and control their access through windows ACL's. How should I setup a sha

Re: [Samba] ACL's and permissions

a resource, domain or other,to choose from in the security tab from within windows. I did read the April 21 2003 version of the howto and these things were not clear to me. After I figure them out I would be happy to give you some verbage if you would care to have it. Thanks again Samba fol

[Samba] ACL's and permissions

I'm really struggling with ACL's and permissions. I have a share owned by a user (douglas). Douglas can read, write and create to the share: [public] comment = Public Stuff path = /home/samba/pub nt acl support = yes public = yes admin users = douglas write list = douglas I'm logged

[Samba] domain groups

I have ACL's enabled and am getting a new error, in the Samba log (V 3.0.1Pre1, when attempting to set permissions on a file through Win2000: get_domain_user_groups: primary gid of user [terry] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that Do I need

Re: [Samba] is there a way to enforce a single domain wide login

If I put a preexec script in the [profiles] share that touches a file in the users home dir, then removes it with a postexec script, I can enforce a domain wide single login. That is for about 1 minute. What appears to be happening is the share has a timeout feature that disconnects after abo

[Samba] preexec scripts allowing logon under all conditions in 3.0.1

In an attempt to enforce a single login domain wide. I think preexec scripts will work but when I test a script that returns a "1" the log says I get denied but I still get logged in. Here is the info:

Re: [Samba] Is there a way to enforce a single login domain wide

ction failing Closed connection to service netlogon If I change the "1" to a "0" I get no entry in the log and get logged on. The parameter appears to be acknowledged but won't prevent a logon. Any suggestions would be appreciated. DSP Gémes Géza wrote: -BEGIN PGP SIGN

[Samba] If you install Samba via an rpm how do you tell what options are compiled in?

I think I need "with-acl-support" in Samba 3.0.1 but am unsuer if it is compiled in. How would I be able to tell if installed via RPM? Thanks DSP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Is there a way to enforce a single login domain wide

there is such. And specifying root prexec close = yes on the netlogon share, you could deny them. The danger is that because of blocked clients you would got lots of frustrated clients. Good Luck! Geza Gemes John H Terpstra írta: | On Mon, 13 Oct 2003, Douglas Phillipson wrote: | | |>I didn't

[Samba] Is there a way to enforce a single login domain wide

I didn't get any hits on this. Does that mean it's not possible??? Has anyone enforced a "single instance" login policy somehow? Is this a reasonable question to ask? DSP Douglas Phillipson wrote: > I would like to enforce a policy for a user being only able to logi

[Samba] Is there a way to enforce a single login domain wide

I would like to enforce a policy for a user being only able to login once anywhere in the Domain. When you use roaming profiles, the system gets confused and leaves the local profile on the client PC if the same user logs in on a second machine while they are still loggewd in on the first one.

[Samba] [Samba} Can't do roaming profiles (Solved)

Through much help from a guy in my local LUG I found the solution to making roaming profiles work on Win2000 (SP4). 1) You should have SP4 installed. 2) Two registry changes are needed: Use regedit and change the following two dword attributes to 0 "requiresignorseal" "signsecurechannel

[Samba] Can't do roaming profiles

I need a little advice on finishing off a Samba PDC. I have Samba 3.0.0RC1 installed and working as a PDC on a Redhat AS 3.0 machine. It authenticates users nicely but the "roaming" profiles don't work. Tailing the samba log, I see the an attempt to access the users ntuser.dat file, which doe

[Samba] Can't do roaming profiles

I need a little advice on finishing off a Samba PDC. I have Samba 3.0.0RC1 installed and working as a PDC on a Redhat AS 3.0 machine. It authenticates users nicely but the "roaming" profiles don't work. Tailing the samba log, I see the an attempt to access the users ntuser.dat file, which doe

[Samba] Has anyone tried to install OfficeXP into a samba share?

When I attempt to install OfficeXP into a drive letter "S:" which is a samba share, I can't get the install to finish. Anyone else experience this? DSP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba

[Samba] Installing office on a 3.0.0-8rc3 share

I'm having trouble installing OfficeXP on an win2000 machine that has a samba share. Office XP installs and gets almost to the end then coughs an obscure error and states that two files will be sent to microsoft for debugging, which aren't there I might add. I can install the same software ju