Re: Time sync in Samba4

On Fri, 2011-04-29 at 14:51 -0400, felix <at> epepm.cupet.cu wrote:
> Hello.
> 
> How can I have my windows clients synchronized with my Samba4 domain
> controller without using startup scripts??
> 
> I've played with Group Policies the same way they are configured when a
> w2k3 server is used and I couldn't make it this way.
> 
> I also tried installing ntpd.
> I'm using Samba4 alpha 15 in a Debian Lenny Box.

ntpd needs to be configured to talk to Samba4.   This looks like an
accurate guide:
http://www.whitemiceconsulting.com/2010/12/configuration-of-ntp-for-samba4.html

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Time sync in Samba4

On 5/1/2011 6:03 AM, Andrew Bartlett wrote:
>
> ntpd needs to be configured to talk to Samba4.   This looks like an
> accurate guide:
> http://www.whitemiceconsulting.com/2010/12/configuration-of-ntp-for-samba4.html
>
Thank you. I have been trying to solve this as well.

Trever

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Cannot set ACL for "Authenticated Users"

Hi Jeremy, thanks for your answer.

Le 29/04/2011 20:00, Jeremy Allison a écrit :
> On Fri, Apr 29, 2011 at 04:11:34PM +0200, Arnaud Lesauvage wrote:
>>  Yes, windows PDC running Windows 2003 R2 (NO unix extensions).
>>  wbinfo -u works fine.
>>
>>  But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid"
>>  And that is exactly what happened to the OP of the discussion I
>>  quoted in my original message.
>
> Try "force unknown acl user = yes"

Nope, no better.

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Issue providing seamless migrtion (3.0.24 to 3.5.6) - sambaNTPassword mystery

Hello everyone,

I am operating a migration of samba from 3.0.24 (mysql passdb backend) 
to 3.5.6 (openldap passdb), samba working as a domain controller (PDC) 
and file share. The main challenge is to provide a seamless migration 
for users.
For this new version, I am using smbldap-tools 0.9.6, nss_ldap, openldap 
2.4. Everything run on FreeBSD 8.2.

To get used to samba, I have managed to make samba 3.5 work as a new 
domain, computers joining it, etc... But since I want a seamless 
migration, I now try to provide enough information to samba 3.5 to auth 
users like the old version.

Currently, I can't achieve to have machine accounts which can be on the 
new domain with the samba root login, without joining the domain through 
windows manual procedure.
The new domain have the same "netbios name", "workgroup", domain SID, 
local SID. And now the challenge is to fill accounts (users but first 
workstation/machine) in ldap.
I have copy and paste every *.tdb file from the old samba to the new : 
/var/db/samba/*.tdb and /usr/local/etc/samba/*.tdb (+ smbpasswd file).
Moreover, to test everything, I have a computer which have a ethernet 
interface toward the old working samba, and another one toward the new 
domain. When I try to switch from the old to the new samba, I shutdown 
the right interface, unlog and try to log with the root login of the new 
samba (I always wait few minutes in order to have the new pdc "recognized").
As I read that someone is able to upgrade his samba seamlessly by 
shutting down computers & samba (old & new), then starting new samba 
then computers, I have tried each time this procedure. However, I don't 

s3 winbind loosing kerbers ticket

I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4,
CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind
looses the ticket. After this I have to do a net ads join on the server
to get things going. The main DC is a windows 2003 server with SP2. I do
have 2 more samba 4 DC's that I use for backup authentication only that
run on debian 6 that are a VM. Not sure if they could be causing a
problem or not.

This is what I am seeing in the logs.

winbindd/winbindd_util.c:289(trustdom_recv)  Could not receive trustdoms : 240 Time(s)

And

[root <at> pdc ~]# wbinfo -t
checking the trust secret for domain TAYLORTELEPHONE via RPC calls failed
Could not check secret
[root <at> pdc ~]# wbinfo -a someuser%password
plaintext password authentication failed
Could not authenticate user someuser%password with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: Access denied
Could not authenticate user someuser with challenge/response

[root <at> pdc ~]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator <at> TAYLORTELEPHONE.COM

Valid starting     Expires            Service principal

Re: s3 winbind loosing kerbers ticket

I also found this in the logs on both servers.

[2011/05/02 16:52:01.425379,  0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module ldap already registered!
[2011/05/02 16:52:01.496966,  0]
winbindd/idmap.c:201(smb_register_idmap_alloc)
  idmap_alloc module tdb already registered!
[2011/05/02 16:52:01.569375,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module passdb already registered!
[2011/05/02 16:52:01.641802,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module nss already registered!
[2011/05/02 16:52:01.708285,  0] winbindd/idmap.c:149(smb_register_idmap)
  Idmap module rid already registered!
[2011/05/02 16:52:01.774795,  0] lib/module.c:69(do_smb_load_module)
  Module '/usr/lib64/samba/idmap/rid.so' initialization failed:
NT_STATUS_OBJECT_NAME_COLLISION
[2011/05/02 16:52:01.836023,  1] winbindd/idmap.c:580(idmap_alloc_init)
  could not find idmap alloc module rid:TAYLORTELEPHONE=500-4000000

Jonn

On 05/02/2011 12:14 PM, Taylor, Jonn wrote:
> I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4,
> CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind
> looses the ticket. After this I have to do a net ads join on the server
> to get things going. The main DC is a windows 2003 server with SP2. I do
> have 2 more samba 4 DC's that I use for backup authentication only that
> run on debian 6 that are a VM. Not sure if they could be causing a
> problem or not.

Re: Time sync in Samba4

>
> ntpd needs to be configured to talk to Samba4.   This looks like an
> accurate guide:
> http://www.whitemiceconsulting.com/2010/12/configuration-of-ntp-for-samba4.html
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>

Thanks for your answer. It's really helpful.

--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Connecting to AD and OpenLDAP

We are trying to connect a file server to our AD for sid info, while 
trying to use our OpenLDAP server for uid, gid and other posix info. Is 
there any way to do this? We already have uids, gids, and sids so we 
can't dynamically create them.
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: Linker error for Samba 3.5.8 on Solaris 5.8

On Wed, Apr 27, 2011 at 08:41:27PM -0500, lineman <at> halo.nu wrote:
> I get the following linker error when compiling Samba on Solaris Sparc 5.8:
> ld: fatal: Symbol referencing errors. No output written to bin/libnetapi.so.0
> collect2: ld returned 1 exit status
> make: *** [bin/libnetapi.so.0] Error 1

I fixed that by doing this:

bash-2.03# ls -l libico*
-rw-r--r--   1 bin      bin          803 Jan 12  2005 libiconv.la
lrwxrwxrwx   1 root     other         17 Aug  4  2005 libiconv.so -> libiconv.so.2.1.0
lrwxrwxrwx   1 root     other         17 Aug  4  2005 libiconv.so.2 -> libiconv.so.2.1.0
-rwxr-xr-x   1 bin      bin       685176 Jan 12  2005 libiconv.so.2.0.3
-rwxr-xr-x   1 bin      bin      1147960 Jan 12  2005 libiconv.so.2.1.0
-rwxr-xr-x   1 bin      bin      1159488 Jan 12  2005 libiconv.so.2.2.0
-rw-r--r--   1 bin      bin      1148932 Jan 12  2005 libiconv_plug.so
bash-2.03# nm libiconv.so.2 | grep relocat
bash-2.03# nm libiconv.so.2.0.3 | grep relocat
bash-2.03# nm libiconv.so.2.1.0 | grep relocat
bash-2.03# nm libiconv.so.2.2.0 | grep relocat
00015f6c T libiconv_relocate
00015d40 T libiconv_set_relocation_prefix
00015c2c t set_this_relocation_prefix
bash-2.03# mv libiconv.so.2 libiconv.so.2.old-link.alan
bash-2.03# ln -s libiconv.so.2.2.0 !!:1
ln -s libiconv.so.2.2.0 libiconv.so.2
bash-2.03# 

Now there is a new problem, any help would be appreciated.

Samba DFS-Proxy . No PDF-Files can be opened

Dear all,

I have to samba sernet 3.5.8 running on centos 5.5.
One Samba (server)uses the dfs-proxy settings to point to the other sambas
shares(ServerB):
[test]
Msdfs root=yes
Msdfs proxy=\\ServerBs\share

When the clients now connect to ServerA they are redirected to ServerB.
Now every file-type can be opened  expect PDF-files?

Is this a feature or a bug ?!

Greetings
Daniel

-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller <at> tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------