databasehdb
suffix "dc=noc1,dc=example,dc=com"
#checkpoint
checkpoint 32 30
rootdn "cn=Manager,dc=noc1,dc=example,dc=com"
rootpw {SSHA}NKPLHlyvmElwAqKZhmaYYpqftovBUFhq
directory /var/lib/openldap-data
# Indices to maintain
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index sambaDomainNameeq
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
Thanks,
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
ath = /backup/tech
write list = @"domain admins"
force create mode = 0770
[test]
comment = test
path = /backup/test
write list = @"domain users", "@domain users", "@domain admins",
@"domain admins"
Thanks,
Charlie Pa
tc/smb.conf
has no affect.
Thanks,
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
tc/smb.conf
has no affect.
Thanks,
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have no problems using samba to serve files from an AOE SAN which is
about twice the size of yours.
--Charlie
On Thu, Jul 31, 2008 at 2:07 PM, Phillip Demers
<[EMAIL PROTECTED]> wrote:
> I've been handed a server environment with samba serving a 1.5 terabyte SAN
> mount, and f
figured LDAP server will not allow anything but the
samba daemons to read windows hashes; they are plaintext password
equivalent since they can be cracked quite trivially with freely
downloadable tools.
Do not send your password hashes over an unencrypted network
connection, for the same reason
WINS only.
# 4M-node: Mixed - broadcast, then WINS
# 8H-node: Hybrid - WINS, then broadcast
# It should be obvious that this is a bit-mapped value, more info in
RFCs 1001 and 1002
You can really clog up a network fast with broadcast name
resolution, so you want to restrict that as much a
samba to write your root DSE in this stanza:
> access to dn.base=""
>by dn="cn=samba,dc=jetsys,dc=de" write
>by * read
I have never heard of anyone doing this before; is there a reason?
--Charlie
--
To unsubscribe from this list go to the following UR
the windows password hash algorithm to fill your
userPassword attribute, among other things. It might be easier to
just replace parts of the authentication subsystem in your windows
clients (see http://rulink.rutgers.edu/pgina.html for example).
--Charlie
--
To unsubscribe from this list go to t
but the SID of a server that is a PDC or a BDC is identical to the
domain SID of the domain being served. Unfortunately, there is
nothing that enforces this uniqueness except human intervention, so it
is easy to break things when connecting two or more previously
unconnected networks.
If the above soun
On Thu, Jul 3, 2008 at 2:54 PM, Charlie <[EMAIL PROTECTED]> wrote:
>
> The most common problem I see with busted referrals is when someone
> sets up a program (such as samba) to use the local replica's
> rootdn/rootpw as defined in /etc/slapd.conf (which allows bypassing
t have the ability to write the master slapd, it won't
matter if it has unrestricted access to the slave.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
d LDAP search result like OpenLDAP might return.
I prefer using net setlocalsid and smbpasswd rather than just copying
over an old secrets.tdb - but use tdbdump on the old one to see if
there is anything else in there (like domain trust passwords) before
you decide.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
files that do drive mappings based
on group membership, you can run autoit, kixtart, or winbatch
executables, load reg files, et cetera ad infinitum.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
ces and access controls. Samba expands what you can do with
LDAP even more, because samba allows arbitrarily defined actions to be
triggered by network logon and file access events.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
On Wed, Jun 18, 2008 at 2:21 AM, Volker Lendecke
<[EMAIL PROTECTED]> wrote:
>
> If I understood you correctly then you have users in LDAP
> that are to be authenticated in more than one domain.
Correct. This is a highly desirable configuration that offers
tremendous competitive advantages to comm
eel comfortable with rewriting their authentication backend
access controls in a large live network probably shouldn't do it.
If I have explained this poorly, I apologize - interpersonal
communications skills are not my area of speciality.
--Charlie
On Tue, Jun 17, 2008 at 6:13 PM, Volk
eds of users on each logon server without incurring
the high licensing costs of Microsoft PDCs.
--Charlie
On Tue, Jun 17, 2008 at 3:32 PM, Leandro Tracchia <[EMAIL PROTECTED]> wrote:
> wow thats very helpful (i didn't realize the logon script could be
> that complicated). thanks!
r versions (such as stacked backends and domain trusts with
user-specified names, for example). I hope nobody will take this as a
criticism, I appreciate and admire the work of the Samba Team.
--Charlie
On Tue, Jun 17, 2008 at 7:45 AM, Michael Adam <[EMAIL PROTECTED]> wrote:
> Hi,
>
&
than anything else I've tried, but it does
make LDAP configuration a bit dicey since the Samba Team doesn't yet
understand why anyone would want to combine a unified authentication
infrastructure with geographically localized network control. Setting
up domain trusts with our configurati
Most of my samba servers have had four NICs in them for at least a
decade. Several have six.
--Charlie
On Sat, Jun 14, 2008 at 4:55 AM, John Drescher <[EMAIL PROTECTED]> wrote:
>> No: I am trying to access it using a file manager.
>> When I will be back at office, on monda
e are lots of
broken versions around) always creates the home directory as specified
in the user's POSIX homeDirectory field - it's not going to ask samba
where to create it, it's going to look at the homeDirectory associated
with the userid.
--Charlie
On Tue, Jun 3, 2008 at 1:56 A
orked organization".
I believe that inetOrgPerson should only be used for actual human
people since that's what it was designed for.
--Charlie
On Mon, Jun 2, 2008 at 4:48 AM, Cristian Laufer
<[EMAIL PROTECTED]> wrote:
>
> is there a possibility of changing the standard Objectclass, a
will become clear ;-)
No, David, look here: http://oreilly.com/catalog/9780596002565/
The book you are recommending (which was excellent in its time) has
been superseded.
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
you can get your interdomain trusts set up right I think you can do
what you want, but it's probably going to be dependent on how well you
can control access to your directory backend.
You haven't specified what directory backend you are running...
Microsoft AD? Novell eDirectory? Ope
t the smbpasswd
backend instead of LDAP and make your life much simpler.
--Charlie
On Thu, Jun 5, 2008 at 10:52 AM, Collen Blijenberg
<[EMAIL PROTECTED]> wrote:
> Hi all, i'm a bit confused,
>
> can i setup samba (3.0.30) with LDAP backend, and have the "posix/local
> li
Have you tried setting your "announce version" instead of just
manipulating OS level?
announce version = 4.9 is the default, which is less than XP for example.
Perhaps an "announce version = 5.3" would solve your problem, I dunno.
--Charlie
On Wed, Jun 11, 2008 at
L-restricted LDAP tree that lets your samba PDCs
see only the stuff that is relevant to the local domain (test
*thoroughly* with ldapsearch) you will be able to establish and
maintain interdomain trusts for any number of domains. Or, at least
four, that's how many I have.
Good luck; I apolog
Apologies to the original poster for Rob & I chopping this all up...
On Fri, May 30, 2008 at 4:37 PM, Rob Shinn <[EMAIL PROTECTED]> wrote:
> On Fri, May 30, 2008 at 3:12 PM, Charlie <[EMAIL PROTECTED]> wrote:
>>
>> When I converted our networks to samba a decade o
ers
passwords expire over the course of the next two weeks.
That way I had matching NT, LM, and SMD5 password hashes which we've
maintained to this day in our enterprise LDAP directory.
--Charlie
On Fri, May 30, 2008 at 4:31 AM, Olivier Miquel
<[EMAIL PROTECTED]> wrote:
> Hello,
>
;net" toolset doesn't seem to create or modify it.
Sorry this post is no help. :( If you figure out what exactly the
relationship is between WINS and domain trusts, please post your
findings!
Thanks,
--Charlie
On Thu, May 29, 2008 at 8:59 AM, <[EMAIL PROTECTED]> wrote:
> Hell
from a functioning older server.
--Charlie
On Tue, May 27, 2008 at 4:54 PM, Adam Williams
<[EMAIL PROTECTED]> wrote:
> move all of the .tdb files, and /etc/samba/* and everything in
> /var/lib/samba/* and of course any data you have. write down the SID of
> the old server (
It looks like your LDAP backend is rejecting the bind - if the backend
was OpenLDAP, this would be because the LDAP administrator disabled
anonymous (passwordless) binds. I don't know eDirectory, I jumped
ship on NDS years ago.
That's all I know, sorry.
--Charlie
On Sat, May 17, 2008
e person who currently maintains it.
--Charlie
On Fri, May 16, 2008 at 3:55 PM, Leandro Tracchia <[EMAIL PROTECTED]> wrote:
> hi, thank you for replying... i do see an -m option which is for creating a
> home directory. i am not actually using Red Hat, i am using the much talked
>
code to detect unset variables.
Hope that helped!
--Charlie
On Wed, May 14, 2008 at 9:15 PM, Michael Heydon <[EMAIL PROTECTED]> wrote:
> This seems a bit Rube Goldberg to me, you have direct access to the file
> system, why not use it?
>
> If you are really worried that rm -rf /f
ngs
because I don't understand them either. My knowledge of CIFS and
samba is pretty shallow.
We may be off in the weeds here, though - you should check out samba's
automagical [homes] share and see if you can make it do what you want
without having to do the %U thing.
--Charlie
On Wed, May 1
If you do a "net getlocalsid" at your shell prompt on the samba server
that hosts the share, does the preamble of the SID returned match that
of the SID you see in your error messages?
I'm betting not...
--Charlie
On Tue, May 13, 2008 at 2:39 PM, Wes Modes <[EMAIL PROTECTED]
Check out the "deadtime" and "keepalive" parameters, they might help.
--Charlie
On Fri, May 9, 2008 at 8:49 AM, Matt Ingram <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I've seen a few messages similar to my problem, looking back through the
> mailing lis
ame.
>>
>> I have two domains running on a single server (different NICs) and they
>> share the WINS server.
>>
>> Can anyone help me?
>>
> --
> Allysson Steve Mota Lacerda
> stevelacerda
> http://www.stevelacerda.net
>
I do not believe I've bee
oses I would be
tremendously grateful!
Thanks,
--Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
PROTECTED]>
#
# Cleanup and corrections by
# Michal Jaegermann <[EMAIL PROTECTED]>
# Message to send can be now also fed (quietly) from stdin; a pipe will
do.
# Modified 20060414 to work with Samba v3 by
# Charlie Wilkinson <[EMAIL PROTECTED]>
# Added call to nmblook
or otherwise get the
netbios name, or convince smbclient it doesn't need the name. Any
further pointers that might help me along would be greatly appreciated.
-cw-
-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED]
Sent: Friday, April 14, 2006 1:13 PM
To: Wilkinson Char
bcc=0
lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
message start: ERRSRV - ERRmsgoff (Not receiving messages.)
Is there enough info there to determine a specific cause? Any clues
greatly appreciated!!
Thanks,
Charlie
--
Charlie Wilkinson
SysAdmin, Programmer
Help appreciated.
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
not useful for my purposes.
> Any help would be appreciated.
> Charlie Meyer
> Computer Science
> University of Illinois at Urbana-Champaign
> [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.o
creates a massive
amount of information, most of which is not useful for my purposes.
Any help would be appreciated.
Charlie Meyer
Computer Science
University of Illinois at Urbana-Champaign
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
Any ideas? I've found similar complaints about ldapsam_delete_entry not
building, but it wasn't helpful here. I'm using openldap-2.3.4 and
krb5-1.3.1 on Sol9.
Please CC me; I'm not on the list. Oh, and thanks :)
-Charlie
%> make
Using FLAGS = -I/pkgs/crypto/krb5/incl
I have the same trouble, but in my case is with Win XP machines and
G5.The G5, lost some files in transfers of big number of files, and
then this same files look like dissapear in the XP machine when you
browse from G5.You look into the XP from XP an there it is.
weird!!!
Any clues about this?
I am trying to get ntlm_auth to work but our nt usernames all contain
spaces, e.g. "charlie grosvenor", does anybody know if its possible for this
to work?
Thank you
__
This email has been scanned by the Message
hanks,
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
in addition to telling your server to accept those objectclasses you'll
need to add a couple other attributes to add those (uidNumber,
gidNumber, homeDirectory, etc -- see schema definitions of those
objectClasses (in nis.schema that comes with openLDAP -- you didn't say
which LDAP server you'r
running on this on
experts exchange if anyone wants to answer it there:
http://www.experts-exchange.com/Networking/Linux_Networking/Q_20749863.h
tml
Do I need to subscribe to the list to get an answer?
Many thanks in advance,
Charlie Leach
--
To unsubscribe from this list go to the following
.
So it comes down to: Is it possible to have samba answer a request that
comes from the same machine?
Thanks,
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Getting error message:
Error connecting to my_pdc
Unable to join domain my_domain
when I run 'smbpasswd -j my_domain -r my_pdc' from linux_box
my_pdc is the primary domain controller for my_domain. I have three
win2k machines that are all using the pdc for domain authentication.
They all work
doesn't make
any sense to me as to exactly how I would use those. Could someone maybe
explain how to do that or give me an example of them used? Plz email me
back [EMAIL PROTECTED]
Charlie Huddleston
_
STOP MORE SPAM with the ne
lso show that a series of
connections are made, and that each are ESTABLISHED. I've tried this with 2.0.6 and
2.2.4 with the same results. Once again it works on Solaris with 2.0.6. I'm going to
try running the connections through xinet, but if anyone has any suggestions, please
let
r the Profiles
share hides the problem quite effectively.
I can provide more information if anyone needs help to find the but.
--
Charlie
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Hi
My samba
machine (running samba 2.2.3) is set up to except domain logins, this worked
fine with my win2k machine until I installed sp2, now when ever I log into the
domain I get the following messages:
“Windows cannot copy file
\\server1\charlie\profile\Application Data
58 matches
Mail list logo