I've been running netatalk for my OS X clients with great success. The
performance isn't as good as Windows to Samba, but its a HUGE improvement
over any version of OS X with any SMB server. 30 seconds with wireshark
will tell you why OS X's browsing performance is so horrible.
Another point of OS
I'm not sure if this is still an issue in modern versions of OS X, but in
past you have had to disable unix extensions on the server if UID/GIDs
didn't match up with what the client had. It really sucks that there's not
another workaround, especially for off-domain Macs.
Personally, I've been runn
It looks like you're not pointing to yourself for DNS. Check to make sure
DNS is working correctly (especially the SRV kerberos records for this
issue).
On Mon, Sep 9, 2013 at 4:31 AM, Alexander Busam <
a.bu...@hofmann-foerdertechnik.com> wrote:
> Hello!
>
> I tried to install samba 4 as describ
Did you smbpasswd the user on that machine?
On Thu, Aug 29, 2013 at 5:27 PM, Paul D. DeRocco wrote:
> I have a Windows home network with a bunch of Windows boxes and two Ubuntu
> boxes. Everything can access shares on everything else, with one
> exception: no one can get to the one share on the
ing a mapped alias to
the HOST SPN. If HOST exists, we can map it to CIFS, if it does not, we
should tell the client that the principal does not exist.
I will open a bug for this.
On Tue, Jul 30, 2013 at 9:44 PM, Ryan Bair wrote:
> Last bit of info.
>
> This article, http://support.mi
gt; On Tue, Jul 30, 2013 at 6:02 PM, Andrew Bartlett wrote:
>
>> On Tue, 2013-07-30 at 05:33 -0400, Ryan Bair wrote:
>> > Hi Andrew,
>> >
>> >
>> > To clarify, it is the Win7 client sending the TGS request to the DC
>> > and the DC responds posi
.
On Tue, Jul 30, 2013 at 9:31 PM, Andrew Bartlett wrote:
> On Tue, 2013-07-30 at 21:25 -0400, Ryan Bair wrote:
> > Understood. The machine I'm trying to connect is just a member, not a
> > DC. This is something which was well supported in earlier versions of
> > Windo
In
> that case the machine(s) should be airgapped from any regular network with
> internet access. If you follow security news you can imagine why it
> is important to keep unpatched systems physically isolated from the
> internet or other networks.
>
>
>
>
>
>
2000 when creating a new
machine account. I wonder what this does and if we could use it somehow. I
know it's not stored anywhere directly, but I'd suspect its there for a
reason.
On Tue, Jul 30, 2013 at 6:02 PM, Andrew Bartlett wrote:
> On Tue, 2013-07-30 at 05:33 -0400, Ryan Ba
I'm running Samba 4.0.7 on CentOS 6.4 running double duty as DC and file
server.
OS X clients are taking a _long_ time to list long directories. One
directory with 10K entries is taking 3-4 minutes to display the entries in
Finder.
I captured a few seconds worth of packets and noticed that it's d
Q cifs/nt4test` confirms does not exist. I can't confirm the
behavior in #5 is a bug, but it certainly seems suspect.
On Jul 30, 2013 1:07 AM, "Andrew Bartlett" wrote:
> On Mon, 2013-07-29 at 19:29 -0400, Ryan Bair wrote:
> > Yes, AD has explicit support for pre-2000 c
ey systems were in DNS helped solve some issues.
>
>
>
>
>
>
>
> On 07/29/13 17:05, Ryan Bair wrote:
>
>> Oh, forgot to mention. Samba 4.0.7-4 Sernet packages running on CentOS
>> 6.4.
>>
>>
>> On Mon, Jul 29, 2013 at 5:00 PM, Ryan Bair wr
Oh, forgot to mention. Samba 4.0.7-4 Sernet packages running on CentOS 6.4.
On Mon, Jul 29, 2013 at 5:00 PM, Ryan Bair wrote:
> I'm attempting to get an old NT4 client participating in a Samba4 domain.
> Users can logon to the machine locally and access network shares on other
&g
I'm attempting to get an old NT4 client participating in a Samba4 domain.
Users can logon to the machine locally and access network shares on other
machines in the network. However, no one can access shares on the NT4
machine using the machine name. Attempting this results in an error "The
account
I migrated over a Samba 3/LDAP domain to Samba 4 in a test environment.
After a few bumps due to not having all my machine accounts as
posixAccounts and clashing user/group names, the migration went relatively
smoothly. Great work, Samba team!
I have a few standing issues that I haven't been able
Thank you for confirming. I do have g+s on the directory. I'll file a bug
about this issue today.
On Thu, Jul 25, 2013 at 3:30 AM, steve wrote:
> On Wed, 2013-07-24 at 22:34 -0400, Ryan Bair wrote:
> > I'm running Samba 4.0.7 on CentOS 6.4 as a AD DC with s3fs.
>
I'm running Samba 4.0.7 on CentOS 6.4 as a AD DC with s3fs.
I have a shared directory with the setgid bit set. From the shell on the
server, new files and directories inherit the group as expected. However,
new items created through samba get the user's primary group instead.
Config for the share
No, this is not possible. Samba3 cannot act domain controller for AD
domains, nor can it act as a BDC for NT domains.
Samba4, which is currently in alpha, will have the ability to serve as
an AD domain controller as well as a read-only domain controller along
side Windows servers. Some people are
Unfortunately I'm not seeing a similar extension point on s4. I
wouldn't imagine adding one would be too terrible though.
On Mon, Jul 5, 2010 at 3:58 PM, Jorijn Schrijvershof wrote:
> Hi,
>
> On Jul 5, 2010, at 21:52 :42, Michael Wood wrote:
>
>> No, I don't think so. From Jorijn's e-mail I thou
It looks like the new sync module also supports SHA1 and MD5 hashed passwords.
"To synchronize passwords from LDAP, you will need an LDAP attribute that stores
passwords in plain text, MD5 or SHA1 format. "
Not sure if Samba4 stores in these formats or not though...
On Mon, Jul 5, 2010 at 3:28 A
Have you migrated the user data to the new ldap server? Unless Samba
knows about the users, they won't be able to log in.
On Tue, Jul 14, 2009 at 1:28 PM, wrote:
>
> sgm...@mail.bloomfield.k12.mo.us wrote:
>> I did not get this finished last summer, so decided to just wait and do it
>> this summe
Everything should be looked up by DNS. There's no notion of a PDC/BDC
in AD (although 2008 has readonly slaves I believe).
On Fri, Feb 27, 2009 at 7:26 AM, Mark Adams wrote:
> Hi All,
>
> I haven't been able to track down any info on this so would be
> appreciative of any input. Links to any info
You may want to try switching to the deadline I/O scheduler. I had
issues with slow directory listings using the CFQ scheduler when the
server was under even the slightest load. I tried tweaking some of the
CFQ settings but ultimately gave up as I could never beat the
responsiveness of the deadline
Samba should run fine on ARM. Debian even has a package for it.
http://packages.debian.org/lenny/arm/samba
On Sun, Dec 14, 2008 at 8:00 PM, Jerry Dong wrote:
> Hi everyone,
>
> I am tying to port samba to ARM ( AT91SAM9260 ), could you please tell
> me some idea or articals about it?
> --
> To un
You can't create the UNIX hash from the NT hash as they are different
1 way transformations. As an alternative, you could have PAM
authenticate using winbind which would probably give the desired
effect.
On Thu, Nov 27, 2008 at 2:11 PM, <[EMAIL PROTECTED]> wrote:
> I don't have the plain password
Samba4 is currently in Alpha state and under active development.
The most recent Alpha was alpha5, release about 4 months ago. The
current source is in the main samba Git repository in the source4
directory. As is noted all over the place, the software is alpha
quality and should not be used in te
Samba3 cannot act as an AD domain controller and therefore cannot
operate in a trust with a native mode AD domain. Samba4 will be able
to do this but it is still under heavy development.
If you put your AD domain in mixed mode, you should be able to create
the trust although I'm not sure if you ca
You just need the owner of the files? You can do this quite easily
using the find utility with the -printf option.
--Ryan
On Thu, Oct 23, 2008 at 3:21 PM, Steve Hanselman <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm writing a utility that needs to smbmount various shares from servers in
> numerous d
ity to use only one server for all domains?
>
> F. Niedernolte
>
>
> -Ursprüngliche Nachricht-
> Von: Ryan Bair [mailto:[EMAIL PROTECTED]
> Gesendet: Samstag, 18. Oktober 2008 00:41
> An: Niedernolte, Frederik, D-CS-IT ICS
> Cc: samba@lists.samba.org
> Be
Typically you would want the two domains to trust each other and you
would only be a member of one. If you had multiple Sambas running you
might be able to join two domains, but it wouldn't be pretty.
On Fri, Oct 17, 2008 at 3:25 AM, <[EMAIL PROTECTED]> wrote:
> I want to use Samba together with
I just noticed I'm getting some pretty extreme CPU usage on my Samba
server when transferring files. The Samba server has a quad core
2.0gHz Core2. During transfers, CPU use spikes to 100-200% with a
throughput around 30MB/s.
I'm using the registry config backend.
[global]
use kerberos ke
;
>> -Original Message-
>> From:
>> [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]
> .org] On Behalf Of Ryan Bair
>> Sent: Sunday, 05 October, 2008 10:44
>> To: Gerald (Jerry) Carter
>> Cc: samba@lists.samba.org
>> Subject: Re: [Samba] Re:
Sorry, meant to reply all on that.
On Sun, Oct 5, 2008 at 10:22 PM, Ryan Bair <[EMAIL PROTECTED]> wrote:
> By showing up I assume you mean showing up in the listing of shares
> for the computer?
>
> The "browsable = no" would be your problem. It makes the share not
t confused
as to how this caused the problem, but I'm very happy to have it
fixed!
Thanks
On Sat, Oct 4, 2008 at 2:45 PM, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Ryan Bair wrote:
>> This seems to be related to t
/040338.html
I will try to work around using "setspn -A host/fqdn computer". Will
"net ads keytab create" pull all the SPNs available for the client or
is it set only do load the default ones?
On Sat, Oct 4, 2008 at 11:36 AM, Ryan Bair <[EMAIL PROTECTED]> wrote:
> Runnin
Running Samba 3.2.3 on Debian Lenny, amd64.
I'm joined to an AD realm, authentication works fine for Windows
clients. I'm able to see that the clients are using Kerberos, not NTLM
to authenticate to the shares. However when I look at the keytab, my
entries have the short names like "service/[EMAIL
>From what I'm reading, in 3.2 you need to have the
SePrintOperatorPrivilege in order to install drivers. Is there anyway
around this to allow certain users/groups to install without requiring
the privilege? I've tried using the printer admin option, but it
doesn't seem to have any effect.
Thanks
The newest Samba for RHEL 5.2 should be 3.0.28. Is there a reason this box
isn't up to date?
On Fri, Aug 29, 2008 at 6:16 PM, Brian D. McGrew <[EMAIL PROTECTED]>wrote:
> So now after I've been playing around with the configuration and such, it
> seems that the SMB server has become less usable.
Were the user accounts created with smbldap-tools or were the
pre-existing? If they were preexisting did you reset the passwords
with smbldap-passwd? You will need to do so to set the appropiate
hashes in LDAP.
Have you looked at the logs at all? Posting some samples from there
showing the server
Did you create NT passwords for the local users with smbpasswd -a?
Also, why is your security setting on share? That seems a bit odd for
AD integration.
--Ryan
On Thu, Jun 26, 2008 at 6:06 AM, alex.blackbit
<[EMAIL PROTECTED]> wrote:
>
> hi,
>
> my smb.conf looks like this:
>
>...
>
How will the users be authenticating? If you're going to be adding the
machines to an NT domain and you want users to authenticate against
that at login you will need to store all the samba account information
including the nt password hash in there. So although you can still
store your user info i
Although I have not done it, you can migrate the Samba domain similar
to how you would migrate an NT4 domain.
On Tue, Jun 10, 2008 at 8:20 AM, Luciano Andre Baramarchi
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I need to migrate a domain with Samba+ LDAP (openLDAP) to MS AD+ Exchange
> ... Is possible?
Definitely an OpenSUSE issue. That's a really terrible GUI design.
On Fri, May 30, 2008 at 3:48 PM, William W. Hammond <[EMAIL PROTECTED]> wrote:
> At 12:14 PM 5/30/2008, John H Terpstra wrote:
>>
>> On Friday 30 May 2008 12:54:33 William W. Hammond wrote:
>> > I was setting up Samba on an OpenSuS
You can't make a local user a member of an AD group since AD needs to
know about them.
You can however add an AD user to a local group just like you would
for a local user.
This is true with normal LDAP accounts as well.
On Fri, Apr 18, 2008 at 8:09 PM, TC Hough <[EMAIL PROTECTED]> wrote:
> Hell
I've been doing just fine with my broadcoms on my server. The
performance killer is probably CIFS module on the client. That has
never had very good performance, but it has come a long way. I use
NFSv4 on my Linux clients and Samba for Windows.
On Fri, Apr 18, 2008 at 1:40 PM, Adam Williams
<[EMAI
I have single directories with over 100,000 entries and about 4
million files on the system total spanning about 15TB. I don't think
you should have a problem. Only problem I have is that directory
listings take a while with 100K entries but that's to be expected.
On Mon, Mar 31, 2008 at 9:11 AM,
I'd recommend trying USMT ( user state migration tool ) from
Microsoft. It has options specifically for migrating local account
data and settings to domain accounts. I have not used it for the
purpose so more research would be advised before diving in.
On Mon, Mar 24, 2008 at 7:39 PM, Dennis McLeo
Samba 4 could eat your children and is still pretty incomplete
(printing isn't there at all last I checked). I'd highly recommend
sticking with 3.
For Samba 4, the AD toolkit can be used but again probably not ready
for primetime.
In Samba 3 I believe the NT Domain user manager can be used, but I
That all happens client side. The only way to work around it is to
make a share that encloses both shares and use that on the clients.
You will also have this problem with Windows clients.
Sorry Juan, I accidentally replied only to you in that last email.
On Feb 19, 2008 8:37 AM, Juan Ignacio Gar
I have a Debian Etch AMD64 server running Samba 3.0.24. It is joined
to an active directory domain. Most everything works quite well.
I had set up a user for a scanner but forgot to add it to a group so
that it could access the target folder, so the scans failed. I then
added the account to the gr
50 matches
Mail list logo