Samba: Difference between revisions

From DWIKI
 
(40 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Documentation==
=Documentation=


*[http://www.samba.org Homepage]
*[http://www.samba.org Homepage]
Line 11: Line 11:
*[http://www.wlug.org.nz/SambaErrorMessages Samba error messages]
*[http://www.wlug.org.nz/SambaErrorMessages Samba error messages]
*[http://docs.hp.com/en/B8725-90074/ch11s02.html Samba Domain Model]
*[http://docs.hp.com/en/B8725-90074/ch11s02.html Samba Domain Model]
 
*[http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1155693,00.html groups members etc]
===Samba and ACLs===
==Samba and ACLs==
http://www.bluelightning.org/linux/samba_acl_howto/
*http://www.bluelightning.org/linux/samba_acl_howto/
 
==Migration==
===Migration===
*[http://us3.samba.org/samba/docs/man/Samba-Guide/ntmigration.html NT to Samba migration]
*http://us3.samba.org/samba/docs/man/Samba-Guide/ntmigration.html#id2595241
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Migration from NT4 PDC to Samba-3 PDC]
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html Migration from NT4 PDC to Samba-3 PDC]
*http://lists.samba.org/archive/samba/2005-December/114772.html
*http://lists.samba.org/archive/samba/2005-December/114772.html
*[http://www.opensubscriber.com/message/samba%40lists.samba.org/2866267.html Migrating profiles]
*[http://www.opensubscriber.com/message/samba%40lists.samba.org/2866267.html Migrating profiles]
=smb.conf=
*[https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html smb.conf manpage]
==server role==
*[https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html#SERVERROLE server role]
==Samba and DNS==
*[https://wiki.samba.org/index.php/DNS_Administration DNS Administration]


== Samba and LDAP ==
== Samba and LDAP ==
*[http://autosambaldap.sourceforge.net/ Automated Samba + LDAP Installation For FreeBSD 7.1]
*[http://wiki.samba.org/index.php/Samba_&_LDAP Samba&LDAP doc]
*[http://wiki.samba.org/index.php/Samba_&_LDAP Samba&LDAP doc]
*[[smbldap-tools]]
*[[smbldap-tools]]
Line 59: Line 71:




==Terms==
==High Availability==
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SambaHA.html High Availability]
*[http://ctdb.samba.org/ CTDB]
*[http://www.how2forge.org/setting-up-an-active-active-samba-ctdb-cluster-using-gfs-and-drbd-centos-5.5 Setting Up An Active/Active Samba CTDB Cluster Using GFS & DRBD]
 
=HOWTO=
==Automatically create home directory==
On Ubuntu:
pam-auth-update --enable mkhomedir
 
 
==Rename linux domain member==
https://marc.info/?l=smb-clients&m=121764337631413
 
net ads leave -U administrator@MYDOMAIN.COM
 
Next,  change the netbios name value  in the /etc/samba/smb.conf file, e.g.
 
netbios name = <NEW NAME>
 
Restart the samba and winbind daemons
 
# /etc/init.d/smb restart && /etc/init.d/winbind restart
 
Finally,  you rejoin it  to the domain
 
net ads join -U administrator@MYDOMAIN.COM
 
Make sure everything OK.
 
net ads testjoin
getent passwd
getent group
 
Check  winbind
 
wbinfo -t
wbinfo  -u
 
 
==User management==
===List users===
pdbedit -L -v
 
=Software=
*http://www.samba.org/samba/GUI/
 
 
=Terms=
*[[RID]]
*[[RID]]
*[[SID]]
*[[SID]]


== Commands and tools==
= Commands and tools=
*net
==net==
*testparm
*[http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html Chapter 13. Remote and Local Management: The Net Command]
*pdbedit
==testparm==
*smbmount or just mount -t smbfs -o username=foo,password=bar //server/share /mnt/point
==pdbedit==
*smbclient
pdbedit -L
*smbstatus
==smbmount==
*smbtree
mount -t smbfs -o username=someuser //servername/sharename /mnt/sharename/
*nmblookup -M domainname
or in fstab:
*nltest (on windows)
//servername/sharename /mountpoint cifs noauto,username=foobar 0 0
*gpresult
If you get very vague warnings on debian this means you didn't install one of many smb* packages, probably '''smbfs'''
*gpedit
 
==[[smbclient]]==
==smbstatus==
==smbtree==
==nmblookup==
nmblookup -M domainname
 
==wins==
 
 
 
==dfree==
to show correct disk space/free
 
 
*[http://sourceforge.net/projects/lam  LDAP Account Manager]
*[http://sourceforge.net/projects/lam  LDAP Account Manager]
*[http://www.nomis52.net/data/mkntpwd.tar.gz mkntpwd.tar.gz]
*[http://www.nomis52.net/data/mkntpwd.tar.gz mkntpwd.tar.gz]
Line 81: Line 155:
*gsambad too manage samba users
*gsambad too manage samba users


==FAQ==
 
===Cannot update roaming profile===
==tdbtool==
==tdbbackup==
 
=Windows commands=
(if not found, install NT 4.0 Resource Kit)
==nltest==
http://support.microsoft.com/kb/158148
 
==gpresult==
==gpedit==
 
=FAQ=
==Cannot update roaming profile==
Usually because a file is in use, check out
Usually because a file is in use, check out
  HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs
  HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs


==Dump/check configuration==
testparm


===Windows complaining about wrong rights on profile===
==Windows complaining about wrong rights on profile==
*http://gentoo-wiki.com/HOWTO_Implement_Samba_as_your_PDC#Configure_Windows_XP_clients
*http://gentoo-wiki.com/HOWTO_Implement_Samba_as_your_PDC#Configure_Windows_XP_clients
*http://support.microsoft.com/kb/327259
*http://support.microsoft.com/kb/327259
Line 93: Line 181:




===No security tab in Explorer===
==No security tab in Explorer==
*http://www.mydigitallife.info/2006/07/19/missing-or-no-security-tab-found-in-windows-xp-professional/
*http://www.mydigitallife.info/2006/07/19/missing-or-no-security-tab-found-in-windows-xp-professional/


Line 100: Line 188:
  profile acls = yes
  profile acls = yes


===Can't join domain===
==Can't join domain==
close all shares
close all shares
log in to windows, no anonymous 'login'
log in to windows, no anonymous 'login'


===on access virus scanning===
==on access virus scanning==
*http://twoday.tuwien.ac.at/jo/stories/312310/
*http://johannes.jakeapp.com/blog/?p=54
*http://www.dazuko.org  
*http://www.dazuko.org
===smbmount===
mount -t smbfs -o username=someuser //servername/sharename /mnt/sharename/


If you get very vague warnings on debian this means you didn't install one of many smb* packages, probably '''smbfs'''


===Windows cannot connect to the domain, etc..===
==Windows cannot connect to the domain, etc..==
Switch to workgroup, set system name first, reboot, join domain again, reboot.
Switch to workgroup, set system name first, reboot, join domain again, reboot.




===win2k: Error joining domain: User name could not be found===
==win2k: Error joining domain: User name could not be found==
means samba couldn't find MACHINE name, probably a failing add machine script?
means samba couldn't find MACHINE name, probably a failing add machine script?
also check /var/log/samba/log.machinename for Get_Pwnam and "add machine"
also check /var/log/samba/log.machinename for Get_Pwnam and "add machine"


===create_builtin_users: Failed to create Users===
==create_builtin_users: Failed to create Users==
http://www.rmschneider.com/writing/xp_and_samba.html
we can only guess
 
==Unable to sync browse lists in this workgroup==
Unable to find the Domain Master Browser name for the workgroup
find_domain_master_name_query_fail
 
==synching mess==
turn off csc policy
 
==CIFS VFS: cifs_mount failed w/return code = -5==
add sec=ntlm to options
 
==Find samba config file==
smbd -b | grep "CONFIGFILE"
 
==reload samba config==
smbcontrol smbd reload-config
#or all of them:
smbcontrol all reload-config
 
 
===Can't find pid for destination 'reload-config'===
You were using wrong syntax
 
 
===Failed to join domain: failed to find DC for domain FOO - The object was not found.===
start with checking dns
 
 
===check_account: Failed to find local account with UID===
Check for winbind plugins and presence in nsswitch.conf

Latest revision as of 10:29, 12 July 2024

Documentation

Samba and ACLs

Migration

smb.conf

server role


Samba and DNS



Samba and LDAP

Samba as PDC

net rpc group addmem  "Domain Users" someuser

nt 4.0 reskit to manage domain users!!

cpau.exe to run stuff as other user

remember to add option netbios-name-servers to dhcpd.conf


High Availability

HOWTO

Automatically create home directory

On Ubuntu:

pam-auth-update --enable mkhomedir


Rename linux domain member

https://marc.info/?l=smb-clients&m=121764337631413

net ads leave -U administrator@MYDOMAIN.COM

Next, change the netbios name value in the /etc/samba/smb.conf file, e.g.

netbios name = <NEW NAME>

Restart the samba and winbind daemons

  1. /etc/init.d/smb restart && /etc/init.d/winbind restart

Finally, you rejoin it to the domain

net ads join -U administrator@MYDOMAIN.COM

Make sure everything OK.

net ads testjoin
getent passwd
getent group

Check winbind

wbinfo -t
wbinfo  -u


User management

List users

pdbedit -L -v

Software


Terms

Commands and tools

net

testparm

pdbedit

pdbedit -L

smbmount

mount -t smbfs -o username=someuser //servername/sharename /mnt/sharename/

or in fstab:

//servername/sharename /mountpoint cifs noauto,username=foobar 0 0 

If you get very vague warnings on debian this means you didn't install one of many smb* packages, probably smbfs

smbclient

smbstatus

smbtree

nmblookup

nmblookup -M domainname

wins

dfree

to show correct disk space/free


  • gsambad too manage samba users


tdbtool

tdbbackup

Windows commands

(if not found, install NT 4.0 Resource Kit)

nltest

http://support.microsoft.com/kb/158148

gpresult

gpedit

FAQ

Cannot update roaming profile

Usually because a file is in use, check out

HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\ExcludeProfileDirs

Dump/check configuration

testparm

Windows complaining about wrong rights on profile


No security tab in Explorer

Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security

profile acls = yes

Can't join domain

close all shares log in to windows, no anonymous 'login'

on access virus scanning


Windows cannot connect to the domain, etc..

Switch to workgroup, set system name first, reboot, join domain again, reboot.


win2k: Error joining domain: User name could not be found

means samba couldn't find MACHINE name, probably a failing add machine script? also check /var/log/samba/log.machinename for Get_Pwnam and "add machine"

create_builtin_users: Failed to create Users

we can only guess

Unable to sync browse lists in this workgroup

Unable to find the Domain Master Browser name for the workgroup
find_domain_master_name_query_fail

synching mess

turn off csc policy

CIFS VFS: cifs_mount failed w/return code = -5

add sec=ntlm to options

Find samba config file

smbd -b | grep "CONFIGFILE"

reload samba config

smbcontrol smbd reload-config
  1. or all of them:
smbcontrol all reload-config


Can't find pid for destination 'reload-config'

You were using wrong syntax


Failed to join domain: failed to find DC for domain FOO - The object was not found.

start with checking dns


check_account: Failed to find local account with UID

Check for winbind plugins and presence in nsswitch.conf