2008/8/11 Wojtek Bogusz [EMAIL PROTECTED]
hi. thank you for reply.
i enabled connection from firewall to windows server on 137/udp, 138/udp,
139/udp and 139/tcp.
i tunnelled 137, 138 and 139 to windows server over SSH in putty.
i switched off 'file and printer sharing in MS network'
and it
Of course, it is possible. Enable the WINS server on your PDC and tell your
clients to use it. This can be achieved in two ways:
- setting them up by hand (slow and painful solution, if your network has a
lot of hosts)
- using DHCP options number 44 and number 46. Option 44 stands for WINS
server
I think, you have to enable the following UDP ports on your firewall to use
Samba:
- 137/udp
- 138/udp
Also, you have to use WINS or DNS to resolve computer names, if you need to.
You don't have to enable any other ports to use WINS. DNS runs on ports
53/tcp and 53/udp. Enable these ports on
What error message do your users get? The error message you mentioned can be
ignored. Sometimes I get the same message, but I have no problems with
copying files or logging in to my domain.
Please attach your smb.conf file, so that we can see where the problem is
and not just guess, what the
You can join your Samba server to your AD domain as a member server. It
should work with Samba 3. The basic steps you have to take:
1, Install the Kerberos libraries (I have already tried Heimdal Kerberos,
it's known to work)
Look for the appropriate client package in your package manager. If you
In my opinion, the reason could be a network overload. Make sure you have a
fast network connection (Gigabit Ethernet for backbone connections and Fast
Ethernet for connecting your clients to the network), and enable the WINS
server of Samba. It will dramatically increase your network performance.
Hi Jools,
I'm not an expert of this, but I have some ideas:
1, WINS was made exactly, what you would like to use it for. I should not
cause any problems, if you split your network to multiple subnets (as long
as you modify your firewall scripts according to the new topology). WINS is
part of
[global]
server string = Samba Proxy
password server = win2003test
security = domain
encrypt passwords = yes
workgroup = TEST.LOCAL
winbind separator = @
template homedir = /home/%D/%U
template shell = /bin/bash
winbind uid = 1-2
winbind gid = 1-2
winbind
First of all, try to re-join the machine to your domain. Add the machines to
a local workgroup (you can assign any name to it), then, after a reboot, try
to rejoin the machines to your domain. If this doesn't help, check user data
in the LDAP database:
id username
you should see something like
Check, if user nobody has at least read access to /home/Guest. If not,
then it must be the reason, why you get an access denied error message (you
cannot access a child directory, if you don't have at least read access to
the parent directory).
Chown the directory /home/Guest as nobody:root or
, and the ldap data is exactly the same.
So I'm a bit lost, I do have the schema with sambaSID SUB and a sub index
on sambaSID, the schema's are also the same as in the old situation.
cheers,
Jeroen.
On Tue, Jul 22, 2008 at 8:02 PM, kissg [EMAIL PROTECTED] wrote:
Check the GID of your Domain Admins
,
Jeroen.
On Tue, Jul 22, 2008 at 8:02 PM, kissg [EMAIL PROTECTED] wrote:
Check the GID of your Domain Admins group. It should end with 512 and
should be mapped to a UNIX group which have a GID of the same value. If it's
anything else, that can be a reason why your admin users actually don't have
= /F
writeable = yes
; browseable = yes
guest ok = yes
oplocks = yes
level2 oplocks = no
- Original Message - *From:* kissg [EMAIL PROTECTED]
*To:* Tito [EMAIL PROTECTED]
*Cc:* samba@lists.samba.org
*Sent:* Tuesday, July 22, 2008 6:45 PM
*Subject:* Re: [Samba] Acess from windows
I'm not sure about it, but probably your user should be a member of the
squid group, as its primary group. But that way, Windows wouldn't let the
user to log in to the system...
Another option could be to leave the original permissions alone and copy the
log file to a Samba share (for example,
It's because PAM rejects user nobody. Adding the following line to the
[global] section of /etc/samba/smb.conf should help:
obey pam restrictions = No
Try it, and see what happens. By the way, it's always a good idea to attach
your config files if you experience problems. It's much easier to
Check the GID of your Domain Admins group. It should end with 512 and
should be mapped to a UNIX group which have a GID of the same value. If it's
anything else, that can be a reason why your admin users actually don't have
administrator rights on the client machines.
Run the following command to
Could you please try what happens if you set admin dn in smb.conf to your
LDAP administrator account?
In my opinion, it would be better to use the scripts provided by
smbldap-tools to change unix account information, and let Samba to handle
the rest of the attributes. That way, use of the passwd
_
--- On *Fri, 18/7/08, kissg [EMAIL PROTECTED]* wrote:
From: kissg [EMAIL PROTECTED]
Subject: [Samba] WINS name resolution doesn't work
To: samba@lists.samba.org
Date: Friday, 18 July, 2008, 8:20 PM
I've set up my Samba PDC to act as a WINS server
I've set up my Samba PDC to act as a WINS server, because I need remote
access to it (through a VPN connection). I put wins support = Yes into the
smb.conf file. As far as I know, WINS doesn't use a unique port number, so
enabling the usual NetBIOS ports (137/udp, 138/udp, 139/tcp) on the firewall
First of all, check the domain SID on the new server. It should match the
domain SID which was used on the old server. Also make sure, that
permissions are correctly set on profile directories.
To display the domain SID, type the following on the PDC:
net getlocalsid
To set the domain SID use
Try to set obey pam restrictions = No and see if it solves your problem.
In most cases, it's not required to use PAM for authenticating domain
clients.
2008/7/16 Achim Frank [EMAIL PROTECTED]:
Hi List,
since the upgrade of a LDAP based PDC/BDC system to PDC/BDC and fileserver
we
have
Try to replace the last three lines (map archive/system/hidden) with a
single line like this:
store dos attributes = Yes
This will ensure, that file attributes get correctly set by using extended
attributes (see the smb.conf manual for more details). I think, it's a lot
better way for storing
Have you installed the libnss-ldap module on Server B? It's required if you
have your users in an LDAP-database.
What do you see if you type the command on Server B:
id username
For example, I have a user in my LDAP database, named kissg_02a. In my
case, I see the followings:
[EMAIL PROTECTED]
I still haven't found any solution. Have anyone of you ever had this
problem?
I also tried it with tdbsam backend, and I got the same error, so it's not
an LDAP-related issue. I have upgraded to Samba version 3.0.30, but the
problem still exists.
Please help, I'm out of ideas!
My original
Do you get the same results if you try to log in or join the domain from
another machine?
Have you set up a machine trust account? You have to create a machine
account for each workstation in your domain, unless you have set an add
machine script in your smb.conf file, which would do this job
First of all, I am new to Samba, so please pardon me if I ask something
stupid. Thanks!
I recently set up a PDC using Samba version 3.0.28a. According to the
official Samba documentation, I should be able to use the Microsoft User
Manager tool to manage my Samba domain controller. I am able to
It seems, that sometimes your system is unable to resolve UIDs and GIDs.
Maybe it's a problem with your Samba configuration or the network connection
to the domain controller.
I'm not an expert of this, but I'm sure, that experienced Samba users and
developers will help you to solve your problem.
Dear Marc,
it's always a good idea to read man pages (this is from the smb.conf man
page):
%m
the NetBIOS name of the client machine (very useful).
This parameter is not available when Samba listens on port 445,
as
clients no longer send this information. If you
28 matches
Mail list logo
