On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why
Hey Steve,
I knew the error Can't initialize directory with the auto-create
method of pam+winbind for home directories as well,
but I think my setup is a little bit different than yours...
My setup looks like this:
- 50 linux-server
- 5 AD secondary DC's (Active Directory w2k8 R2)
- 1 Master-DC
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh?
On 08/08/12 16:41, steve wrote:
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012
On Wed, Aug 08, 2012 at 09:40:02AM +0100, Jonathan Buzzard wrote:
Do you think it is likely that I would have a production file server
system in place with over 900 active SMB connections using an Alpha
release piece of software?
I don't even use 3.6 yet because it is showing too many
On 08/08/2012 05:57 PM, Jonathan Buzzard wrote:
On 08/08/12 16:41, steve wrote:
On 08/08/12 10:40, Jonathan Buzzard wrote:
On 08/08/12 08:49, steve wrote:
On 08/08/2012 12:35 AM, Jonathan Buzzard wrote:
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
folders for the two domains and inside those a folder for each home.
We are
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
folders for the two domains and inside those
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS share containing
steve wrote:
On 07/08/12 16:15, Jonathan Buzzard wrote:
On 07/08/12 15:10, steve wrote:
On 04/08/12 22:06, NdK wrote:
Il 04/08/2012 21:13, steve ha scritto:
Uh? wide links seems a bad idea to me... At least from a security
perspective.
Why a single home directory? We have a single NFS
NdK wrote:
Il 04/08/2012 12:00, steve ha scritto:
You have many ways to obtain that same mapping objective. I chose to
use rid 'cause I couldn't modify my AD schema. But the preferred way is
extend AD schema and specify there the UIDs and GIDs.
You don't have to extend the schema. You can
Il 05/08/2012 12:32, Jonathan Buzzard ha scritto:
A supported version of Windows Server 2003 (aka the 2003R2) has the
RFC2307 extensions in the schema. The installation of the R2 service
pack extends the schema to include RFC2307, your windows admins simply
don't get a choice over that bit.
Il 03/08/2012 16:21, steve ha scritto:
That's quite easy in Samba3 but which tdb's must I remove in Samba4? In
fact, how would I rejoin the DC to itself?
You shouldn't use DCs for anything else other than DC. No file server.
No gateway. *Nothing*. They're a crytical piece of your network
On 04/08/12 09:39, NdK wrote:
Il 03/08/2012 16:21, steve ha scritto:
That's quite easy in Samba3 but which tdb's must I remove in Samba4? In
fact, how would I rejoin the DC to itself?
You shouldn't use DCs for anything else other than DC. No file server.
No gateway. *Nothing*. They're a
Il 04/08/2012 12:00, steve ha scritto:
You have many ways to obtain that same mapping objective. I chose to
use rid 'cause I couldn't modify my AD schema. But the preferred way is
extend AD schema and specify there the UIDs and GIDs.
You don't have to extend the schema. You can store all the
On 04/08/12 13:21, NdK wrote:
Il 04/08/2012 12:00, steve ha scritto:
You have many ways to obtain that same mapping objective. I chose to
use rid 'cause I couldn't modify my AD schema. But the preferred way is
extend AD schema and specify there the UIDs and GIDs.
You don't have to extend the
Il 04/08/2012 13:40, steve ha scritto:
Too bad my AD controllers are M$ W2k3, w/o rfc2307 extension :( That's
why I'm stuck with rid.
Ah I see. I didn't mean to offend.
No offense perceived :)
I simply assumed you were using Samba4.
If only I could...
I think m$ gave them the 2008 schema as
On 04/08/12 20:34, NdK wrote:
Il 04/08/2012 13:40, steve ha scritto:
Too bad my AD controllers are M$ W2k3, w/o rfc2307 extension :( That's
why I'm stuck with rid.
Ah I see. I didn't mean to offend.
No offense perceived :)
Hi
That's good to know it wasn't a misunderstanding.
Most of our
Il 04/08/2012 21:13, steve ha scritto:
In comparison, winbind seems overcomplicated and restrictive (and simply
does not work with either Ubuntu nor openSUSE 3.6.3). It also seems very
restricted in that we have turn off unix attributes and use wide links
so we can symlink to the only
On 02/08/12 20:57, NdK wrote:
Il 02/08/2012 18:42, steve ha scritto:
The shares are mounted via kerberized nfs on the client and _did_ map
correctly before this thread started.
Are you sure you updated /etc/nnsswitch.conf to use winbind after
purging the old Samba install?
BYtE,
Diego.
Il 03/08/2012 08:01, steve ha scritto:
getent passwd/group works fine. I get the names and coresponding uid:gid
numbers within the range specified in smb.conf but all I get when I list
files on the nfs share, are numerical uid:gid values. I want those
values to be DOMAIN\username DOMAIN\group
On 03/08/12 09:01, NdK wrote:
Il 03/08/2012 08:01, steve ha scritto:
getent passwd/group works fine. I get the names and coresponding uid:gid
numbers within the range specified in smb.conf but all I get when I list
files on the nfs share, are numerical uid:gid values. I want those
values to be
On 03/08/12 10:22, steve wrote:
On 03/08/12 09:01, NdK wrote:
Il 03/08/2012 08:01, steve ha scritto:
It looks as though it's this:
https://bugzilla.samba.org/show_bug.cgi?id=8676
Ubuntu 12.04 ships with 3.6.3 :-(
--
To unsubscribe from this list go to the following URL and read the
On 03/08/12 07:01, steve wrote:
On 02/08/12 20:57, NdK wrote:
Il 02/08/2012 18:42, steve ha scritto:
The shares are mounted via kerberized nfs on the client and _did_ map
correctly before this thread started.
Are you sure you updated /etc/nnsswitch.conf to use winbind after
purging the old
2012-08-03 10:22 keltezéssel, steve írta:
On 03/08/12 09:01, NdK wrote:
Il 03/08/2012 08:01, steve ha scritto:
getent passwd/group works fine. I get the names and coresponding
uid:gid
numbers within the range specified in smb.conf but all I get when I
list
files on the nfs share, are
On 03/08/12 11:03, Gémes Géza wrote:
2012-08-03 10:22 keltezéssel, steve írta:
On 03/08/12 09:01, NdK wrote:
Il 03/08/2012 08:01, steve ha scritto:
getent passwd/group works fine. I get the names and coresponding
uid:gid
numbers within the range specified in smb.conf but all I get when I
Il 03/08/2012 10:22, steve ha scritto:
It doesn't seem to matter. I can have the same id range on both server
and client. What is uid 327 on the server becomes uid 302 on the
client.
Remember to delete all .tdb files and rejoin the machine between tests
w/ different backends, or you'll
On 03/08/12 13:07, NdK wrote:
Il 03/08/2012 10:22, steve ha scritto:
It doesn't seem to matter. I can have the same id range on both server
and client. What is uid 327 on the server becomes uid 302 on the
client.
Remember to delete all .tdb files and rejoin the machine between tests
Il 03/08/2012 13:18, steve ha scritto:
Thanks for the tip. In fact, Samba4 defaults to 30-40 which I
think is pretty safe?
Only for a small domain... In our tree it would be WAY too small (could
contain no more than about 20% of the groups we have in a single domain...).
My main
On 03/08/12 13:54, NdK wrote:
Il 03/08/2012 13:18, steve ha scritto:
Thanks for the tip. In fact, Samba4 defaults to 30-40 which I
think is pretty safe?
Only for a small domain... In our tree it would be WAY too small (could
contain no more than about 20% of the groups we have in a
Hi everone.
Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC
Clients:
smb.conf
[global]
realm = polop.site
workgroup = POLOP
security = ADS
wide links = Yes
unix extensions = No
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
idmap uid =
On 02/08/12 16:01, steve wrote:
Hi everone.
Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC
Clients:
smb.conf
[global]
realm = polop.site
workgroup = POLOP
security = ADS
wide links = Yes
unix extensions = No
template shell = /bin/bash
winbind enum users = Yes
winbind enum
Hi Steve,
please use idmap config * : range = ... instead of idmap uid/gid.
Best regards
Björn
On 08/02/2012 05:01 PM, steve wrote:
Hi everone.
Ubuntu 12.04 v3.6 clients with winbind joined to 12.04 Samba4 DC
Clients:
smb.conf
[global]
realm = polop.site
workgroup = POLOP
security =
On 02/08/12 17:14, Bjoern Baumbach wrote:
Hi Steve,
please use idmap config * : range = ... instead of idmap uid/gid.
Thanks Jonathan and Bjoern
I have that now.
I chose:
idmap config * : range = 3-4
I have deleted the winbind files from /var/lib/samba and
/var/cache/samba and
2012-08-02 17:45 keltezéssel, steve írta:
On 02/08/12 17:14, Bjoern Baumbach wrote:
Hi Steve,
please use idmap config * : range = ... instead of idmap uid/gid.
Thanks Jonathan and Bjoern
I have that now.
I chose:
idmap config * : range = 3-4
I have deleted the winbind files from
On 02/08/12 18:16, Gémes Géza wrote:
2012-08-02 17:45 keltezéssel, steve írta:
On 02/08/12 17:14, Bjoern Baumbach wrote:
Hi Steve,
please use idmap config * : range = ... instead of idmap uid/gid.
Thanks Jonathan and Bjoern
I have that now.
I chose:
idmap config * : range = 3-4
I
Il 02/08/2012 18:42, steve ha scritto:
The shares are mounted via kerberized nfs on the client and _did_ map
correctly before this thread started.
Are you sure you updated /etc/nnsswitch.conf to use winbind after
purging the old Samba install?
BYtE,
Diego.
--
To unsubscribe from this list go
38 matches
Mail list logo