On Thu, 2013-06-06 at 10:19 +0100, Jonathan Buzzard wrote:
>
> So given the OP wants consistent UID's on presumably his Samba file
> server running a 3.6.x variant of Samba how does sssd help?
Hi
sssd is an alternative to using winbind to extract information from AD.
It may help the OP to try it
On Thu, 2013-06-06 at 10:25 +0200, steve wrote:
> On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
>
> >
> > As far as I can tell sssd does not provide a mechanism for the smbd on
> > at least 3.5 (the 4.x series might be different but the OP is running
> > 3.6) to see an incoming SID
On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
>
> As far as I can tell sssd does not provide a mechanism for the smbd on
> at least 3.5 (the 4.x series might be different but the OP is running
> 3.6) to see an incoming SID and work out the UID.
It would be pretty useless without.
On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
> On 05/06/13 17:56, steve wrote:
> > On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
> >> On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
> >>>
> >>> I never said that I couldn't get it to work, I just said that it is
>
On 05/06/13 17:56, steve wrote:
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
I never said that I couldn't get it to work, I just said that it is
just too complicated. Yes I can read and there was no need to get
personal
Y
On Wed, 2013-06-05 at 18:32 +0100, Rowland Penny wrote:
> Well said Steve
>
>
> From what I have read on the two samba mailing lists, Samba 4 is
> supposed to be a clone of windows AD, well windows AD does not have
> winbind, so I suppose this begs the question, why when running as a DC
> control
Well said Steve
>From what I have read on the two samba mailing lists, Samba 4 is supposed
to be a clone of windows AD, well windows AD does not have winbind, so I
suppose this begs the question, why when running as a DC controller does
Samba4?
On 5 June 2013 17:56, steve wrote:
> On Wed, 201
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
> On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
> >
> > I never said that I couldn't get it to work, I just said that it is
> > just too complicated. Yes I can read and there was no need to get
> > personal
> >
>
> You said you
Oh yes it works ok
on the samba4 server, using winbind
getent passwd user
DOMAIN\user:*:3001106:20513::/home/DOMAIN/user:/bin/bash
uid=3001106(DOMAIN\user) gid=20513(DOMAIN\Domain Users)
groups=20513(DOMAIN\Domain Users),21110(DOMAIN\linuxusers)
change to sssd
getent passwd user
user:*:3001106:2
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
>
> I never said that I couldn't get it to work, I just said that it is
> just too complicated. Yes I can read and there was no need to get
> personal
>
You said you gave up because it was too complicated. Also if you are
setting up a Samba
I never said that I couldn't get it to work, I just said that it is just
too complicated. Yes I can read and there was no need to get personal
You can have an smb.conf like this:
[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.LAN
encrypt passwords = yes
On Wed, 2013-06-05 at 13:30 +0100, Rowland Penny wrote:
> Hi, I gave up on winbind, it is just too complicated and most, if not all,
> of the webpages I found via google are incomplete or just down right wrong.
>
It's actually dead simple, and these days the manual page is actually
accurate. Real
Yes, he could do that, providing his users never go anywhere near any files
or directories stored on a samba4 server, if they do, they will suddenly
find that have a different id on the server, I have been there and it is
just a mess, it took me a bit to realise why users did not own the files
the
Why not use the rid backend for your idmap. That is what I use for my
member servers and my accounts have identical ids across machines.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Hi, I gave up on winbind, it is just too complicated and most, if not all,
of the webpages I found via google are incomplete or just down right wrong.
Why not try sssd, it just works, all you need to do is add uidNumbers to
your users, set up sssd and away you go, have a look here:
http://linuxco
Hi JAB
I've tried this every whichway, including making ranges not overlap. It
looks to me to depend on this line:
idmap config BECAUSE : range = 1000-8000
If I add it, wbinfo for jingram gives a UID of 2338, but
no getent passwd entry.
If I remove it, getent passwd jingram gives a uidnumber i
Hi all,
I'm trying to set up a samba (3.6.6, debian wheezy 64bit) member server on
a 2008R2 domain. I'd like to be able to specify the uidnumbers users get on
here in AD but I'm getting really erratic results.
I've tried changing various range options, and as far as I can tell it
works sometimes,
Dear samba-mailinglist,
We're using samba 4.0.5 as an active directory domain controller.
We used to set up some file shares on basis security=user in the old
samba version. I was able to set up the shares as they used to be .
My Question:
How can I set up "wich user kan read/write which share
On 6 February 2013 01:24, Vladimir Levijev wrote:
>> I have Debian Squeeze running Samba being a member of the domain (PDC
>> and BDC are Windows servers) and it's users are authenticated against
>> AD using winbind for years.
>>
>> Now there is a need to setup another virtual Debian box exactly
On 4 February 2013 21:38, Vladimir Levijev wrote:
> I have Debian Squeeze running Samba being a member of the domain (PDC
> and BDC are Windows servers) and it's users are authenticated against
> AD using winbind for years.
>
> Now there is a need to setup another virtual Debian box exactly like
Hi,
I have Debian Squeeze running Samba being a member of the domain (PDC
and BDC are Windows servers) and it's users are authenticated against
AD using winbind for years.
Now there is a need to setup another virtual Debian box exactly like
that. So the name of the first is STUDENT, I named the v
Hi there,
On Thu, 24 Jan 2013, Rainer Canavan wrote:
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to
make some directories accessible as a filesystem to (some of) our developers.
However, those directories are read and written by a web server, and all files
and direc
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to
make some directories accessible as a filesystem to (some of) our developers.
However, those directories are read and written by a web server, and all files
and directories in there should belong to www-data:www-data.
The
Hi all,
I am just struggling with SAMBA design and i was wondering whether anyone
here can help. In my environment, there is an AD server and my SAMBA
server is on an AIX box. I need to set up SAMBA so that it will use AD
authentication AND few particular users found in AD (but not yet in AIX)
w
Hello @List,
We have a pretty complex problem;
In our company AD is the one and only directory service, all other "clients"
need to follow the given settings and guidelines. We are connected via security
ADS , but every patch session on the PDC `s is a nightmare , does it still work
or not.
Hi all,
I have setup a Samba server (3.0.24-6etch9) which I wish to integrate in
an Active Directory domain using security = ads. I have followed the
section in chapter 6 of the Samba documentation as well as the O'Reilly
Samba book by Jerry et al. (3rd ed in french).
Everything seems to be
-D
and I trust a lot OpenSource community
;-P
Regards
And if some skilled guy notes something wrong...
PLEASE LET ME KNOW !
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: giovedì 10 maggio 2007 13.14
> A: samba
responsibility for taking protective
> and remedial action about viruses and other defects.DMS Multimedia is
> not liable for any loss or damage arising in any way from this message or
> its attachments
>
> -----Messaggio originale-
> *Da:* Urs Golla [mailto:[EMAIL PROTECTED]
> *I
dì 10 maggio 2007 10.04
> A: samba@lists.samba.org
> Oggetto: Re: R: [Samba] security = ads --> invalide user
>
>
> Hi
>
> Still the same problem...
>
> I think the connection to the domain is ok. because if i use a
> non existent
> user, the log says: "FAILED with err
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: giovedì 10 maggio 2007 10.04
> A: samba@lists.samba.org
> Oggetto: Re: R: [Samba] security = ads --> invalide user
>
>
> Hi
>
> Still the sam
AIL PROTECTED]> wrote:
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: giovedì 10 maggio 2007 9.44
> A: samba@lists.samba.org
> Oggetto: [Samba] security = ads --> invalide user
>
>
> Hello
>
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> conto di Urs Golla
> Inviato: giovedì 10 maggio 2007 9.44
> A: samba@lists.samba.org
> Oggetto: [Samba] security = ads --> invalide user
>
>
> Hello
>
> I try to run SA
Hello
I try to run SAMBA with security = ads on AIX 5.3 with SAMBA 3.0.23d.
"net ads join" was successful and the machine is now visible in the Domain
with the netbios name.
When I try to access the shares on the machine the log.smbd files says:
(...)
[2007/05/10 08:58:16, 1] smbd/sesssetup.c:r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale Schroeder wrote:
> You are quite correct that adding the missing parameter
> to the hosts file and rejoining the domain would fix
> this problem.
>
> That leaves only the 'valid users' bug you mentioned.
> Of the three parameters following:
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale Schroeder wrote:
I've attached the screenshots, but I think my
confusion was expecting the pdc to display the FQDN
from its DNS records for the samba system,
not the hosts file on the samba system.
I will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(added the list back to CC)
Dale Schroeder wrote:
> I've attached the screenshots, but I think my
> confusion was expecting the pdc to display the FQDN
> from its DNS records for the samba system,
> not the hosts file on the samba system.
I will alm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale,
>>> *1.* getent passwd no longer lists machine accounts.
>>
>> Only machines? Or no domain users at all? Please read
>> the release notes. 'winbind enum users' was disabled by
>> default in 3.0.23.
>
> Domain users are listed, machines are no
Howard,
I had already set the 1st two from day 1. Unfortunately, adding the
last directive had no effect either.
Thanks anyway,
Dale
Howard Wilkinson wrote:
You need to set
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = no
[ not certain about the last but it
You need to set
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = no
[ not certain about the last but it worked for me ]
Howard.
Dale Schroeder wrote:
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale Schroeder wrote:
Since upgrad
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale Schroeder wrote:
Since upgrading to 3.0.23 I have encountered several problems. (latest
Debian Sarge with deb's from samba.org and security = ADS). All was
working flawlessly before.
*1.* getent passwd no longe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale Schroeder wrote:
> Since upgrading to 3.0.23 I have encountered several problems. (latest
> Debian Sarge with deb's from samba.org and security = ADS). All was
> working flawlessly before.
>
> *1.* getent passwd no longer lists machine accounts.
Since upgrading to 3.0.23 I have encountered several problems. (latest
Debian Sarge with deb's from samba.org and security = ADS). All was
working flawlessly before.
*1.* getent passwd no longer lists machine accounts.
*2.* On the Win2K pdc, the samba system's "DNS name" on the general tab
is
hey friends,
I have 2 problems in samba I am narrating my problems below:
a) I have configured samba with security =ads in FC3 workstation and
my domain controller is windows 2003 ,the samba is working fine with
the configured options.As my domain consists of windows ,linux and
unix clients an
2005 2:35 PM
To: Ryan Frantz; samba@lists.samba.org
Subject: RE: [Samba] 'security = ads' & 'valid users ='
If you're fine with users being prompted to enter their login
credentials, then yes the passwords can be different. If you want it to
be seamless, ke
nuary 25, 2005 11:28 AM
> To: samba@lists.samba.org
> Subject: RE: [Samba] 'security = ads' & 'valid users ='
>
> Would it be feasible to use the options 'guest account' and 'guest ok'
> for shares along with ADS security?
>
> Or
amba@lists.samba.org
Subject: RE: [Samba] 'security = ads' & 'valid users ='
I think as long as the passwords are the same, your approach of creating
the domain users you need as local users will work.
-Marc
> -Original Message-
> From: Rya
ts.samba.org
> Subject: [Samba] 'security = ads' & 'valid users ='
>
> I will be upgrading my Samba server from 2.2.8a to 3.0.10. I
currently
> have security set to 'share' and plan on migrating to 'ads' for
improved
> authentication. I
I will be upgrading my Samba server from 2.2.8a to 3.0.10. I currently
have security set to 'share' and plan on migrating to 'ads' for improved
authentication. I have one snag, though...
I have remote users who reside in and are managed by a Windows domain
that is not in my control. There is no
Hello Mat,
first , I compiled and installed the binaries Version 1.3.3 by myself
on my Debian Woody without any problems, then Samba worked fine.
But before you upgrade to Debian sarge, you should uninstall these
libraries, because ist was a little bit difficult to solve all my problems
after th
I've been trying to get samba to integrate with a Win2000 ADS, with
very limited success.. but from recent postings I think I have found
my problem. I am only using libkrb 1.2.4. I know I need 1.3.3, but
don't particularly want to compile from source. I'm running a Debian
Stable machine, so was
For sure. I'll do that on the weekend!
- Original Message -
From: "John H Terpstra" <[EMAIL PROTECTED]>
To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, July 23, 2004 3:05 PM
Subject: Re: [Samba] security = ADS
oy:
>
> http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory
>
>
> - Original Message -
> From: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>
> To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>; "Tom Skeren"
> <[EMAIL PROTECTED]>
> Cc: &l
Message -
From: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>
To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>; "Tom Skeren"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, July 23, 2004 2:18 PM
Subject: Re: [Samba] security = ADS - IT WOR
: Thursday, July 22, 2004 7:25 PM
Subject: Re: [Samba] security = ADS
Rashaad S. Hyndman wrote:
That seems to be an interesting concept but does work in this case for some
reason. Here is what i did:
C:\Documents and Settings\rshyndman>net use * \\10.55.222.82\public\
System error 67
le will help? Hmmm
:-(
- Original Message -
From: "Tom Skeren" <[EMAIL PROTECTED]>
To: "Rashaad S. Hyndman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, July 22, 2004 4:07 PM
Subject: Re: [Samba] security = ADS
> Yes I've seen th
John H Terpstra wrote:
On Thursday 22 July 2004 14:07, Tom Skeren wrote:
Yes I've seen this behavior a LOT. I've replied to it. For some
reason, the Samba when joined to ads needs to contacted for shares by IP
addy. The XP shares then authenticate properly.
No way, your ADS server is ans
On Thursday 22 July 2004 14:07, Tom Skeren wrote:
> Yes I've seen this behavior a LOT. I've replied to it. For some
> reason, the Samba when joined to ads needs to contacted for shares by IP
> addy. The XP shares then authenticate properly.
No way, your ADS server is answering on port 445 - the
Yes I've seen this behavior a LOT. I've replied to it. For some
reason, the Samba when joined to ads needs to contacted for shares by IP
addy. The XP shares then authenticate properly.
Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an
on the samba server. You'll see th
Hi all,
I've been fighting with joining my samba server (debian) to my active directory domain
for 4 days now. The problem here is that users in my active directory domain on
windows machines are not able to browse my samba shares without being prompted for
authentication.
I can:
- Join the
I've attached an Apple XServe to our Windows domain, and have successfully
setup all the Active Directory integration.
I've been able to expose a file share to Windows via Samba from the XServe,
but it's still requring a guest account login. For example, when i try and
open \\xserve\AppStorage
tienne-Hugues Fortin
Sent: June 10, 2004 08:50
To: Paul Gienger
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] security = ads: problem join XP Pro?
Hi Paul,
> Where are you getting with adding the machines? You should get a posix
> user added with machinename$ for the uid, then that user will be
> m
Hi Paul,
> Where are you getting with adding the machines? You should get a posix
> user added with machinename$ for the uid, then that user will be
> modified to include the sambaSamAccount data.
That's what I got when I tried joining the domain while security was set
to domain. However, I've
Where are you getting with adding the machines? You should get a posix
user added with machinename$ for the uid, then that user will be
modified to include the sambaSamAccount data.
I would suggest these for 'official' resources:
http://us2.samba.org/samba/docs/man/howto/samba-pdc.html*
*and
h
Hi Paul,
It's the second option that I'm having. I'm pretty sure security = user
will fix the problem. Is it me or in previous version of samba, security
= user was for workgroup only?
Below is my smb.conf. Note that I've changed the security to reflect what
you suggested but it was exactly th
Are you running any windows servers in your setup or just one samba box
and the clients?
Assuming the latter, which sounds like you unless I'm badly mis-reading
you here, you don't *need* any special DNS entries to make things work.
Perhaps you could attach your smb.conf file? It sounds like
> Does your DNS server have the following entries:
> If not it won't work.
It's the first time I'm seeing this list. I know that XP Pro was asking
for something like _ldap._tcp. but even googling on this
didn't helped me getting what you just sent.
I'll add this to my DNS. Just to make sure eve
Does your DNS server have the following entries:
If not it won't work.
_ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389
server.fsklaw.net.
_ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.n
Hi,
I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as
a PDC. At first, I had some problem with the user administrator. I've
then found the workaround a few days ago. Now that this is fixed, I'm
trying to join a XP Pro workstation to my domain. I've done multiple test
a
68 matches
Mail list logo