I am not at all familiar with the use of Windows 9x clients, but I
suppose that you also need to include the following:
lanman auth = Yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Please search the list archives. I am sure that your question has
already been addressed here.
It is possible to make it work.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Does anyone know where I could get source
for version 1.8.06?
Version 1.8.05 is here ( the most obvious place :-) ):
http://samba.org/samba/ftp/old-versions/
--
To unsubscribe from this list go to the following URL and read the
instructions:
socket options = SO_BROADCAST SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
TCP_NODELAY IPTOS_LOWDELAY
It has been repeated ad nauseam that with modern kernels you shouldn't
use socket options unless you know very well what you are doing and
you have a very good reason for doing so.
/|use sendfile|/ = yes
Ooops! Something went wrong with copy/paste. Of course the option should be:
use sendfile = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
The book Samba 3 By Example, under section 5.4.5 LDAP Initialization
and Creation of User and Group Accounts, contains the following statement:
«
The configuration file for the |nss_ldap| library is the file
|/etc/ldap.conf| that provides only one possible LDAP search command
that is
I use socket options because 99% places in Internet recommends this, and
no one say about modern kernels - really. You are first :) And of course,
this options not give me any visible effect.
The problem with the information on the Internet is that it persists,
even if it is no longer
Can you show me, how yours SAMBA work in Gigabit LAN ? What speeds ?
I can't measure them right now but I can tell you that I have 2 networks
consisting of Samba Domain Controllers serving only Windows clients and
the network speeds are very high. One of the networks is dedicated to
I`m about google search. Most results is about samba performance tuning
and contain socket options improvements.
I just did a search in Google and I also found the warnings about the
use of sockect options with Linux kernel 2.6. So, I suppose that one
finds what one is looking for...
From John H Terpstra, one of the Samba developers:
This parameter is counter-productive since the 2.6 kernel auto-tunes
the socket send and receive buffer sizes. Suggest you delete it.
--
To unsubscribe from this list go to the following URL and read the
instructions:
I have been using Samba+Linux+openLDAP. The password synchronization
between the Samba and Unix accounts works well with the use of the ldap
passwd sync parameter in smb.conf.
Now I am in the process of installing my first server using CentOS/Red
Hat/389 Directory Server and this does not
I suppose that this is not possible due to differences in hashing methods.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
(...) When trying to run
any net command, I get the following message:
net: symbol lookup
error: /usr/lib/libreadline.so.x: undefined
symbol: PC
As far as I know, the problem arises as a consequence of a bug in
RHEL/CentOS 5.x. The Samba team is already aware of the problem and a
fix will
The Official Samba 3 HOWTO and Reference Guide
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
Samba-3 by Example
http://www.samba.org/samba/docs/man/Samba-Guide/
Both contain very useful information about what you need. PDF versions
are also available.
These books come with the
Rather, thanks to you and the rest of the Samba
team for enduring!
+1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Running Samba 3.4.5 on Solaris 10 Sparc platform. I can't seem to get rid
of the following errors:
log.b104d1:rlimit_max: rlimit_max (10020) below minimum Windows limit
(16384)
I've tried adding ulimit -n 16384 to the samba start scripts, but still
getting these errors. Anyone know what I
You can also specify the LDAPI socket path if your OpenLDAP server is
listening in a 'non-standard' location, like:
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldap2.4%2fldapi
You have to escape the / elements of the path.
Thank you for helping me search in the right direction.
By
PS - For now, I don't know if I will adopt this connection over Unix
sockets, since there appears to be a bug in the cuurent implementation:
LDAPI: activation of LDAPI UNIX socket causes serious performance
issues in TCP/IP searches
https://bugzilla.redhat.com/show_bug.cgi?id=497556
The
Does Samba support this type of connection to the LDAP server?
Yes.
I am more than willing to do my homework on this matter, but I need some
kind of clue.
Should I simply point samba to a ldapi URI?
I couldn't find any significant answer by googling this.
Thank you.
--
To
I couldn't find any significant answer by googling this.
Oh well, I had just posted that when I found this :
Samba connect ldap via socket
http://lists.samba.org/archive/samba/2008-May/140869.html
«
The following setting works fine for me on a Debian testing system
and with openLDAP:
After acquiring some experience with the use of Samba+OpenLDAP, I am now
in the process of creating my first PDC based on Samba+CentOS (Red Hat,
Fedora, 389) Directory Server. While reading the DS documentation,
something caught my attention.
The Administration Guide for Red Hat Directory
I just installed samba on a new server, 3.4.5-42, 64 bit version from
Sernet, over CentOS 5.4.
When running testparm, I get the following warning:
rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)
I searched Google for some answer but I couldn't find a satisfactory
one.
I just installed samba on a new server, 3.4.5-42, 64 bit version from
Sernet, over CentOS 5.4.
When running testparm, I get the following warning:
rlimit_max: rlimit_max (8192) below minimum Windows limit (16384)
In order to make the necessary change permanent, I entered the following
Sernet has excelent Samba binary packages. You might be interested in
using them:
http://ftp.sernet.de/pub/samba/
or
ftp://ftp.sernet.de/pub/samba/
Look for the specific packages for your distro.
--
To unsubscribe from this list go to the following URL and read the
instructions:
the desktop.ini issue can't be solved by samba. That's because the contents of the Start Menu are located in different places, like within your Windows profile (roaming) and the All Users profile (local). Because the latter is located on your PC, there's no way for samba to interfere.
If
Roaming Profiles are working, but I always have the desktop.ini
visible in some folders of the Windows-Startmenue.
I found several hints for the dos-attributes in smb.conf, buit
notthing seems to work.
You have hide files = /Desktop.ini/
In any Windows computer, you will find both
I think that you will find this very helpful:
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html
It deals with the configuration of Samba with a LDAP backend.
--
To unsubscribe from this list go to the following URL and read the
instructions:
Actually never mind. Just found it at
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
in table Table 11.3.
I would suggest starting there with figuring out LDAP and Samba.
Yes. Over the years, I also discovered that searching for information
and collecting useful
Wow. Your an ass. Thanks for your lack of usefulness.
Ok. Then, excuse me for having pointed to the document you now quoted.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Quoting from the Samba 3.3.0 release notes:
«
Winbind idmap backend changes
=
The idmap configuration has changed with version 3.3 to something that
allows a smoother upgrade path from pre-3.0.25 configurations that use
idmap backend. The reason for this change is
I can see that you are using LDAP.
Do you have the mandatory groups on your LDAP database?
Domain Users
Domain Guests
Domain Admins
Did you set up the appropriate rights with the net rights grant command?
Take a look at the smbldap-tools scripts:
https://gna.org/projects/smbldap-tools/
If I were you, I would look at this problem first:
[2009/10/14 18:38:11, 0] param/loadparm.c:set_server_role(4293)
Server's Role (logon server) conflicts with share-level security
You have told your server to behave as a Domain Controller and yet at
the same time you tell it to use
Can you shows us the contents of your smb.conf file?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I've followed the instructions at
http://wiki.samba.org/index.php/Ldapsam_Editposix
What version of Samba are you using?
The wiki page you quote is now in need of urgent update. Quoting from
the Samba 3.3.0 release notes:
«
Winbind idmap backend changes =
Robert Steinmetz wrote:
I have a small Samba installation, two servers and about 10
workstations. The hard drive on one of the Windows XP workstations
failed. I cloned a drive a from an identical machine and replaced the
defective drive. When it came up it had the name of the original
by the
adequate layer to be seen by clients in the appropriate way.
Best regards
Miguel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Dear Jeremy
Since I once thought about doing the same, I would like to know your
views on the method that Wes describes.
I quote:
»
What I've been doing, which is dangerous but effective, is setting
file creation mode to 666 and letting the Samba VFS ACL layer take care of
everything.
All files/dirs are 666 or 777. According to my reading, since there are
no POSIX extended ACLs, if the VFS layer passes an access, then it only
should be compared against the standard UGO permissions.
That's correct - but the problem isn't access, it's when the
incoming ACL is set onto
IF a samba server is setup to be a domain controller, should
it's local SID = the domain SID?
The SID of the Primary Domain Controler (PDC) is also the Domain's SID.
Also, what are the requirements of a SID?
Security Identifier
http://en.wikipedia.org/wiki/Security_Identifier
I
Yeah, and I've never seen a pig fly before either. But that's the
last time I take something like that for granted.
You came here asking for help and then you address one of the Samba
developers like that?
You could show some respect and kindness to others, particularly when
you need
Charles and Miguel: I appreciate your efforts to rid the world of
ungrateful trolls. However, I am not one of them.
:-) I am glad you aren't!
I learned at my own cost that written irony is somewhat dangerous
because it lacks the accompanying body language that conveys the
meaning
Is it possible to have a password-less share available to only
certain users?
From the smb.conf man page:
guest ok (S)
If this parameter is yes for a service, then no password is required to
connect to the service. Privileges will be those of the guest account.
This parameter nullifies
Is it possible to have a password-less share available to only
certain users?
Ooops! I suppose the key expression for you here is only certain users.
Perhaps a combination of the guest account and guest ok parameters
in the share definition?
Make those users part of the group defined
guest account defines the unix account that is used to access the
file system when a guest connection is used. It doesn't determine who
can use the guest account.
Huuummm
From the smb.conf man page:
guest account (G)
This is a username which will be used for access to services which
That is not the only problem you have. Your original post is dated 31
December 2009...
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have had been working in my first PDC with samba+ldap, is working
in Centos 5.3.
Now I have been searching about how to backup this installation, for
samba, looks like I need to backup:
/etc/samba
Exist some else that I need to backup for samba?
Now, I had not been able to find
Do you need winbind? Without any Windows server (PDC) you don't
need the winbind crap
winbind crap?
Beg your pardon - in a LAN without any Windows PDC or BDC I don't need
it.
Do you usually call crap to everything you don't need? That's
interesting...
--
To unsubscribe from
Is there anything Samba can contribute to an all-Linux environment
with no
Windows or Mac computers?
no.
Yes.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have a server acting as a PDC, and another server acting as a BDC.
When I run 'net getlocalsid'
on each, they return different numbers. If I run 'net getlocalsid
domain_name' on the BDC, it returns the PDC's sid.
Is it import for each machine to have the same SID?
The local SIDS must be
You can force it without restarting with the following commands:
For smbd
smbcontrol smbd reload-config
For nmbd:
smbcontrol nmbd reload-config
For winbind:
smbcontrol winbindd reload-config
The process number can also be used instead of the daemon's name.
For samba version 3.3 you can
And if he uses PCI network cards then there's a PCI bus limit to about
33 MByte/s. Even with Gigabit cards.
What leads you to say that? All the documentation I know gives 32 bit
PCI a theoretical bandwidth of *133.33* MByte/s, sometimes a 127.2
practical one. You can Google PCI
The approximate average numbers I am getting over LAN are:
Write: around 23Mbits/sec
Read: around 33Mbits/sec
Do you really mean Megabits? Or MegaBytes? 33 Megabits (about 4 MB/sec)
would be VERY abnormal!
Do you have use sendfile = yes in your smb.conf? It can be a global
option or
How can I go about configuring my LAN hardware to use Jumbo Frames?
That would be a too long conversation and now I don't have the necessary
energy.
You can Google for Linux Jumbo Frames. You must identify your LAN card
and see its specifications. Also, you need to be sure that your
This is a very minor error, but if someone wants to correct it...
On Samba Wiki page Release Planning for Samba 3.4
http://wiki.samba.org/index.php/Release_Planning_for_Samba_3.4
The release date of Samba 3.4.0, July 3, was a Friday, not a Wednesday
as it appears on the page.
Thank you
--
How do you enable local profile creation on machines connected to a samba PDC?
In smb.conf:
logon path = [meaning nothing after the = sign]
Samba HOWTO Collection
Desktop Profile Management
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html
Samba 3 by Example:
Ah. I thought that the stanza would just disable roaming profiles.
logon path =
I misunderstood your question because your subject line says How to use
local profiles in samba PDC.
Well, you must have a netlogon share containing a Default User
profile. The process is described in the
Do I take it that there is no good way to have a mix of local
roaming profiles?
IE: where if the user has a profile on the server they get it,
otherwise they use a local?
You will benefit a lot by reading the section about redirected profile
folders. I suppose it will do what you want.
One of our winXP users intermittently can't process the login script.
sometimes it works and maps his drives, sometimes it doesn't. I have
the netlogon share configured correctly.
Looking at the logs for the user in question, I see this when the user
logs in:
couldn't find service netlogo
I should have said that I am referring to Samba 3.2.10 over CentOS 5.3.
Sorry!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
In smb.conf:
server string =
or
server string = anything
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Can I share all three of these (two are embedded)?
/data
/data/a
/data/b
Or do I need to break up up as singles?
Of course you can!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Conclusion: There is no way for
an individual user, even one with decades of computer
experience, to set up a Linux LAN.
I cannot in any way, shape or for, agree with that. My first Linux
domain controller was working on production after a couple of weeks of
study, starting
# yum list | grep samba3
samba3.i3863.4.0-40.el5 installed
samba3.x86_64 3.4.0-40.el5 installed
samba3-client.i386 3.4.0-40.el5 installed
samba3-client.x86_64 3.4.0-40.el5 installed
samba3-utils.i386
After upgrading a test machine to Sernet's 3.4 package, it looks like
the net command is gone.
I am using that same Sernet package (i386 version) and the net command
is working perfectly here.
--
To unsubscribe from this list go to the following URL and read the
instructions:
was: No logon servers
What can I configfure to make it stable?
Miguel Jínez
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Thanks for info, what do I need to modify or configure in order for this
file to remain hidden on all clients?
In smb.conf:
hide files = /desktop.ini/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
The smbldap-tools developer's homepage is here:
http://www.iallanis.info/
You will find smbldap-tools-0.9.6-pre1 here:
http://www.iallanis.info/smbldap-tools/development_release/
It worked well for me.
If you prefer, smbldap-tools-0.9.5-1 final is here:
smbldap-tools-0.9.5-1.src.rpm
And you need winbind to fetch the fetch out of the domain, otherwise
windows could not known the samba-users.
You only need winbind if your server is a member server of a Windows
Active Directory.
I am setting file permissions from Windows on a Linux Samba PDC and I
don't use winbind.
Are there any config options needed within smb.conf that must exist to use this
feature?
Yes, there are. Instead of listing them here, I would direct you to the
smb.conf man page, available here in html format:
http://us3.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Search for
ok then you have the same users on both systems.
No, I don't have the same users on both systems. The Samba machine is
the Primary Domain Controller. The users of the Windows workstations are
authorized by the samba PDC. All the users are defined on the PDC only.
--
To unsubscribe from
I have configured a samba PDC with a logon script. The logon script includes
dos commands to map a drive letter for different shares. One share has user
home directory, one has common folder for all the users and other share is
group share. For assigning a drive letter to group share I have
Hello. I have a Debian Lenny Samba 3.2.5 server, with LDAP backend. On linux
clients, I am using pam_winbind to change passwords, so both Samba and LDAP
passwords are kept in sync.
When cients are using Samba 3.2.5, everything works with no problems. But if
clients have Samba 3.3.2, I get a
I can join the XP box to my Samba domain (called DOMAIN) using the
root user and pass.
But after rebooting and logging into that XP box as root, I can not
admin the box and am treated as a regular user.
On that XP computer, add the Domain Admin to the Administrators group.
--
To
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
should be
nss_base_hostsou=Computers,dc=DOMAIN,dc=IT?one
No, it shouldn't. From the point of view of a Windows domain, computers
are users too. The Samba manual even makes a joke about that, saying
that computers are
Did you install libnss-ldap and libpam-ldap? You need those.
Also, in /etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
I found that Samba works better with the ldpasam:trusted = yes
parameter. In this case, your LDAP database MUST contain the entire
POSIX account
If I try to connect with a user that exist in both the LDAP and etc/passwd
files I cannot get it to authenticate (error user is invalid or bad
password) but I don't get any log in the samba files
It means that the error precedes Samba.
--
To unsubscribe from this list go to the following
or are you saying nss_base_hosts
ou=Computers,dc=DOMAIN,dc=IT?one is wrong?
I don't know about NFS, but from the point of view of a Samba PDC the
above is wrong. Computers are also domain users and as such they must be
referred to the nss_base_passwd directive.
Quoting from
I am a bit new to Samba PDC. When a M$ tech article says:
Use Active Directory Users and Computers to create a new
organizational unit (OU). What does this mean in Samba PDC talk?
Please translate.
That is LDAP terminology, not MS's.
You can do it: google LDAP. There is plenty of
Hmm, yes and no. In MS AD a OU means a little bit more than in pure LDAP.
In AD you create a OU
1. to delegate the administration of a subset of users, groups and
computers and
2. to attach a group policy to a subset of users and computers.
The term and concept come from LDAP. The way it
...I think that the term and concept came before LDAP - X.500 is what
you're thinking of :-)
You must consider context. We are speaking relatively here.
Organizational unit is an expression of natural human language which
certainly predates X.500. If you go down that road you will end
Based on your smb.conf, you must have the following entries in
/etc/ldap.conf
nss_base_passwdou=Users,dc=DOMAIN,dc=IT?one
nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one
nss_base_shadowou=Users,dc=DOMAIN,dc=IT?one
nss_base_group ou=Groups,dc=DOMAIN,dc=IT?one
If the user logs in with his password all works well. If he restarts
or shutdown his machine and tries to relogin the system tells him that
his username/password is not correct.
If I reset his password @ Ubuntu with smbpasswd username and renter
the exactly same password, the user logs in
net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d
Question 1: if my previous /etc/group names already match the
ntgroup names, do I still need to run the above command?
Yes.
Question 2: once I have mapped these groups, where are they
stored, so I can back them up?
Furthermore, when I access a samba share from any XP machine,
file/directory names on the Linux machine with non-ASCII characters e.g.
Gé Reinders will display wrongly, with box replacing 'é'.
I solved my problems with accented characters by using:
dos charset = CP850
unix charset =
So as it stands, all my defined shares work great, but my user home
folders have the network path not found error when trying to access or
map the drive.
You must have some error somewhere. I am running Samba 3.2.11 over
CentOS 5.2 with a symbolic link from /home to /data/users and it all
These settings are (S) in man smb.conf which means you should set them under
the share stanza, not in the global section.
That is incorrect.
Share parameters can also be used in the [global] section to be applied
globally.
Global parameters can only be used in the [global] section.
Here's (finally) the contents of his smb.conf:
[global]
workgroup = EXAMPLE01
password server = 192.168.50.1 192.168.50.2
realm = EXAMPLE.ORG
security = ads
idmap backend = rid:SIMR01=16777216-32554431
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
But again, no go. So I am assuming there must be another setting
Create a symbolic link from /home to your new home location.
You won't need to change anything in your smb.conf.
--
To unsubscribe from this list go to the following URL and read the
instructions:
Aye aye aye. Alright, trying again. Thanks for your patience, everyone.
Still no attachment.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
It will be difficult to help you if you don't tell, at least, what
version of Samba you are using...
A look at your smb.conf would be helpful, too.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Kindly give me some advice on what tools that you use to extract a
LDAP export from SAMBA into a CSV or better?
From a Windows client you can see and manage your LDAP directory with
the free
LDAP Admin:
http://ldapadmin.sourceforge.net/
You can also manage your directory with a
I have a samba server acting as a pdc
I search for creating some users who will have access on some machines
and not on others ,
so login is not possible everywhere!
Is it possible?? ; the server comes with samba 3.2.8-0.27 with
smbpasswd as backend
thanx for answers
I am using the
I want to avoid this and I do not have administrator permission of the windows
machine.
Is there any client side setting that I can change to avoid the updation of
'last access date' on the server?
Mount the server's filesystem with the noatime option?
--
To unsubscribe from this list
Is there something I can do to ensure that RID=2*UID+1000 in every case?
See attribute sambaAlgorithmicRidBase under class sambaDomain.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Not to ask too stupid a question, but why would you want
to have a machine account? Would not the user account
suffice?
The Samba packages contain a book called: The Oficial Samba-3 HOWTO and
Reference Guide
Look at Chapter 4: Domain Control
--
To unsubscribe from this list go to the
2009/3/20 Linux Addict linuxaddi...@gmail.com
On Fri, Mar 20, 2009 at 10:46 AM, Linux Addict linuxaddi...@gmail.com
wrote:
Environment:
RHEL4 U6
Samba 3.2.8
After the installation, Winbind is taking 100% CPU. A restart seems to
fix
most of the times, but cant figure out the reason
2009/3/20 Linux Addict linuxaddi...@gmail.com
On Fri, Mar 20, 2009 at 1:47 PM, Miguel Jinez miguel.ji...@gmail.comwrote:
2009/3/20 Linux Addict linuxaddi...@gmail.com
On Fri, Mar 20, 2009 at 10:46 AM, Linux Addict linuxaddi...@gmail.com
wrote:
Environment:
RHEL4 U6
Samba 3.2.8
Hello all
I am running Samba 3.2.8 over CentOS 5.2, with a LDAP back end.
On some days, not all, strange entries appear in the Samba logs. I get
entries like this:
[2009/03/18 18:35:09, 0] smbd/service.c:make_connection(1366)
aurora (192.168.0.22) couldn't find service netlogo
The real
Can I automaticly connect the Home-Networkshare to a Network-Drive? Without
a Logon-Script?
In smb.conf:
logon drive = X:
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Since I got no answer, does it means that there is no possibility to force all
users to change their password the next time they will connect to the domain ?
It is possible, at least with LDAP. Now, I need to find a way to explain
how. I am in a hurry now. I will try to come back with
101 - 200 of 378 matches
Mail list logo
