Samba: Difference between revisions

From DWIKI
 
(73 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Documentation==
=Documentation=


*[http://www.samba.org Homepage]
*[http://www.samba.org Homepage]
Line 8: Line 8:
*[http://unattended.sourceforge.net/ fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003]
*[http://unattended.sourceforge.net/ fully automating the installation of Windows 2000 Professional and Server, Windows XP, and Windows Server 2003]
*[http://samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html User Rights and Privileges]
*[http://samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html User Rights and Privileges]
*[http://samba.osmirror.nl/samba/docs/man/Samba-HOWTO-Collection/locking.html Oplocks]
*[http://www.wlug.org.nz/SambaErrorMessages Samba error messages]
*[http://docs.hp.com/en/B8725-90074/ch11s02.html Samba Domain Model]
*[http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1155693,00.html groups members etc]
==Samba and ACLs==
*http://www.bluelightning.org/linux/samba_acl_howto/
==Migration==
*[http://us3.samba.org/samba/docs/man/Samba-Guide/ntmigration.html NT to Samba migration]
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Migration from NT4 PDC to Samba-3 PDC]
*http://lists.samba.org/archive/samba/2005-December/114772.html
*[http://www.opensubscriber.com/message/samba%40lists.samba.org/2866267.html Migrating profiles]
=smb.conf=
*[https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html smb.conf manpage]
==server role==
*[https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERROLE server role]
==Samba and DNS==
*[https://wiki.samba.org/index.php/DNS_Administration DNS Administration]


== Samba and LDAP ==
== Samba and LDAP ==
*[http://autosambaldap.sourceforge.net/ Automated Samba + LDAP Installation For FreeBSD 7.1]
*[http://wiki.samba.org/index.php/Samba_&_LDAP Samba&LDAP doc]
*[http://wiki.samba.org/index.php/Samba_&_LDAP Samba&LDAP doc]
*[[smbldap-tools]]
*[[smbldap-tools]]
Line 15: Line 39:
*[http://www.nomis52.net/?section=docs&page=samldap Debian Samba 3 / LDAP / PHP LDAP Admin HOWTO]
*[http://www.nomis52.net/?section=docs&page=samldap Debian Samba 3 / LDAP / PHP LDAP Admin HOWTO]
*[http://www.ofb.net/~jheiss/samba/ldap.shtml samba and ldap]
*[http://www.ofb.net/~jheiss/samba/ldap.shtml samba and ldap]
*[http://mawi.org/sambaldap/Samba_and_LDAP_on_Debian.html Samba & LDAP ...on Debian made simple!]
*[http://aqua.subnet.at/~max/ldap/ Part I: Using OpenLDAP on Debian Woody to serve Linux and Samba Users]
*[http://aqua.subnet.at/~max/ldap/ Part I: Using OpenLDAP on Debian Woody to serve Linux and Samba Users]
*[http://swik.net/Samba+LDAP http://swik.net/Samba+LDAP] (vague collection of links)
*[http://swik.net/Samba+LDAP http://swik.net/Samba+LDAP] (vague collection of links)
Line 24: Line 47:
*[http://www.nomis52.net/?section=docs&page=samldap Another pam/ldap page, just some broken pics there]
*[http://www.nomis52.net/?section=docs&page=samldap Another pam/ldap page, just some broken pics there]
*[http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html Samba (v.3) PDC LDAP howto]
*[http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html Samba (v.3) PDC LDAP howto]
*http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setup
*[http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/ Samba-LDAP howto]


==Samba as PDC==
==Samba as PDC==
*[[Samba as PDC]]
*[http://daniel.fiser.cz/?go=samba Samba PDC mini-HOWTO]
*[http://daniel.fiser.cz/?go=samba Samba PDC mini-HOWTO]
*[http://www.novell.com/coolsolutions/feature/5832.html Troubleshooting Roaming Profiles on Microsoft Windows NT/2000]
*[http://www.novell.com/coolsolutions/feature/5832.html Troubleshooting Roaming Profiles on Microsoft Windows NT/2000]
Line 33: Line 59:
*[http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#sbeuseraddn UNIX and Windows User Management]
*[http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#sbeuseraddn UNIX and Windows User Management]
*[http://searchopensource.techtarget.com/tip/0,289483,sid39_gci1159865,00.html Managing Samba: Remote GUI tools]
*[http://searchopensource.techtarget.com/tip/0,289483,sid39_gci1159865,00.html Managing Samba: Remote GUI tools]
*[http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Performance_Tuning HOWTO LDAP SAMBA PDC Performance Tuning]
*[http://itdump.wordpress.com/2007/11/22/how-to-setup-pdc-using-samba/ How to setup PDC using Samba in Debian]


  net rpc group addmem  "Domain Users" someuser
  net rpc group addmem  "Domain Users" someuser
Line 40: Line 68:
cpau.exe to run stuff as other user
cpau.exe to run stuff as other user


===Windows complaining about wrong rights on profile===
remember to add  option ''netbios-name-servers''  to ''dhcpd.conf''
*http://gentoo-wiki.com/HOWTO_Implement_Samba_as_your_PDC#Configure_Windows_XP_clients
 
*http://support.microsoft.com/kb/327259
 
==High Availability==
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SambaHA.html High Availability]
*[http://ctdb.samba.org/ CTDB]
*[http://www.how2forge.org/setting-up-an-active-active-samba-ctdb-cluster-using-gfs-and-drbd-centos-5.5 Setting Up An Active/Active Samba CTDB Cluster Using GFS & DRBD]
 
=HOWTO=
==Automatically create home directory==
On Ubuntu:
pam-auth-update --enable mkhomedir
 
 
==Rename linux domain member==
https://marc.info/?l=smb-clients&m=121764337631413
 
net ads leave -U administrator@MYDOMAIN.COM
 
Next,  change the netbios name value  in the /etc/samba/smb.conf file, e.g.
 
netbios name = <NEW NAME>
 
Restart the samba and winbind daemons
 
# /etc/init.d/smb restart && /etc/init.d/winbind restart
 
Finally,  you rejoin it  to the domain
 
net ads join -U administrator@MYDOMAIN.COM
 
Make sure everything OK.
 
net ads testjoin
getent passwd
getent group
 
Check  winbind
 
wbinfo -t
wbinfo  -u
 
 
==User management==
===List users===
pdbedit -L -v
 
=Software=
*http://www.samba.org/samba/GUI/
 


==Terms==
=Terms=
*[[RID]]
*[[RID]]
*[[SID]]
*[[SID]]


== Commands and tools==
= Commands and tools=
*net
==net==
*testparm
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Chapter 13. Remote and Local Management: The Net Command]
*pdbedit
==testparm==
*smbmount or just mount -t smbfs -o username=foo,password=bar //server/share /mnt/point
==pdbedit==
*smbclient
pdbedit -L
*smbstatus
==smbmount==
*nmblookup -M domainname
mount -t smbfs -o username=someuser //servername/sharename /mnt/sharename/
*nltest (on windows)
or in fstab:
//servername/sharename /mountpoint cifs noauto,username=foobar 0 0
If you get very vague warnings on debian this means you didn't install one of many smb* packages, probably '''smbfs'''
 
==[[smbclient]]==
==smbstatus==
==smbtree==
==nmblookup==
nmblookup -M domainname
 
==wins==
 
 
 
==dfree==
to show correct disk space/free
 
 
*[http://sourceforge.net/projects/lam  LDAP Account Manager]
*[http://sourceforge.net/projects/lam  LDAP Account Manager]
*[http://www.nomis52.net/data/mkntpwd.tar.gz mkntpwd.tar.gz]
*[http://www.nomis52.net/data/mkntpwd.tar.gz mkntpwd.tar.gz]
*[http://wiki.samba.org/index.php/Account_Management_Tools Samba Account Management Tools]
*gsambad too manage samba users
==tdbtool==
==tdbbackup==
=Windows commands=
(if not found, install NT 4.0 Resource Kit)
==nltest==
http://support.microsoft.com/kb/158148
==gpresult==
==gpedit==


==FAQ==
=FAQ=
===Cannot update roaming profile===
==Cannot update roaming profile==
Usually because a file is in use, check out
Usually because a file is in use, check out
  HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs
  HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs


===Can't join domain===
==Dump/check configuration==
testparm
 
==Windows complaining about wrong rights on profile==
*http://gentoo-wiki.com/HOWTO_Implement_Samba_as_your_PDC#Configure_Windows_XP_clients
*http://support.microsoft.com/kb/327259
*http://support.microsoft.com/kb/221833
 
 
==No security tab in Explorer==
*http://www.mydigitallife.info/2006/07/19/missing-or-no-security-tab-found-in-windows-xp-professional/
 
===Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security===
 
profile acls = yes
 
==Can't join domain==
close all shares
close all shares
log in to windows, no anonymous 'login'
log in to windows, no anonymous 'login'


==on access virus scanning==
*http://johannes.jakeapp.com/blog/?p=54
*http://www.dazuko.org
==Windows cannot connect to the domain, etc..==
Switch to workgroup, set system name first, reboot, join domain again, reboot.
==win2k: Error joining domain: User name could not be found==
means samba couldn't find MACHINE name, probably a failing add machine script?
also check /var/log/samba/log.machinename for Get_Pwnam and "add machine"
==create_builtin_users: Failed to create Users==
we can only guess
==Unable to sync browse lists in this workgroup==
Unable to find the Domain Master Browser name for the workgroup
find_domain_master_name_query_fail
==synching mess==
turn off csc policy
==CIFS VFS: cifs_mount failed w/return code = -5==
add sec=ntlm to options
==Find samba config file==
smbd -b | grep "CONFIGFILE"
==reload samba config==
smbcontrol smbd reload-config
#or all of them:
smbcontrol all reload-config
===Can't find pid for destination 'reload-config'===
You were using wrong syntax
===Failed to join domain: failed to find DC for domain FOO - The object was not found.===
start with checking dns


===smbmount===
mount -t smbfs -o username=someuser,uid=uidofmountpoint,gid=gidofmountpoint,fmask=775 //servername/sharename /mnt/sharename/


===Windows cannot connect to the domain, etc..===
===check_account: Failed to find local account with UID===
Switch to workgroup, reboot, join domain again, reboot.
Check for winbind plugins and presence in nsswitch.conf

Latest revision as of 10:29, 12 July 2024

Documentation

Samba and ACLs

Migration

smb.conf

server role


Samba and DNS



Samba and LDAP

Samba as PDC

net rpc group addmem  "Domain Users" someuser

nt 4.0 reskit to manage domain users!!

cpau.exe to run stuff as other user

remember to add option netbios-name-servers to dhcpd.conf


High Availability

HOWTO

Automatically create home directory

On Ubuntu:

pam-auth-update --enable mkhomedir


Rename linux domain member

https://marc.info/?l=smb-clients&m=121764337631413

net ads leave -U administrator@MYDOMAIN.COM

Next, change the netbios name value in the /etc/samba/smb.conf file, e.g.

netbios name = <NEW NAME>

Restart the samba and winbind daemons

  1. /etc/init.d/smb restart && /etc/init.d/winbind restart

Finally, you rejoin it to the domain

net ads join -U administrator@MYDOMAIN.COM

Make sure everything OK.

net ads testjoin
getent passwd
getent group

Check winbind

wbinfo -t
wbinfo  -u


User management

List users

pdbedit -L -v

Software


Terms

Commands and tools

net

testparm

pdbedit

pdbedit -L

smbmount

mount -t smbfs -o username=someuser //servername/sharename /mnt/sharename/

or in fstab:

//servername/sharename /mountpoint cifs noauto,username=foobar 0 0 

If you get very vague warnings on debian this means you didn't install one of many smb* packages, probably smbfs

smbclient

smbstatus

smbtree

nmblookup

nmblookup -M domainname

wins

dfree

to show correct disk space/free


  • gsambad too manage samba users


tdbtool

tdbbackup

Windows commands

(if not found, install NT 4.0 Resource Kit)

nltest

http://support.microsoft.com/kb/158148

gpresult

gpedit

FAQ

Cannot update roaming profile

Usually because a file is in use, check out

HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs

Dump/check configuration

testparm

Windows complaining about wrong rights on profile


No security tab in Explorer

Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security

profile acls = yes

Can't join domain

close all shares log in to windows, no anonymous 'login'

on access virus scanning


Windows cannot connect to the domain, etc..

Switch to workgroup, set system name first, reboot, join domain again, reboot.


win2k: Error joining domain: User name could not be found

means samba couldn't find MACHINE name, probably a failing add machine script? also check /var/log/samba/log.machinename for Get_Pwnam and "add machine"

create_builtin_users: Failed to create Users

we can only guess

Unable to sync browse lists in this workgroup

Unable to find the Domain Master Browser name for the workgroup
find_domain_master_name_query_fail

synching mess

turn off csc policy

CIFS VFS: cifs_mount failed w/return code = -5

add sec=ntlm to options

Find samba config file

smbd -b | grep "CONFIGFILE"

reload samba config

smbcontrol smbd reload-config
  1. or all of them:
smbcontrol all reload-config


Can't find pid for destination 'reload-config'

You were using wrong syntax


Failed to join domain: failed to find DC for domain FOO - The object was not found.

start with checking dns


check_account: Failed to find local account with UID

Check for winbind plugins and presence in nsswitch.conf