[Samba] samba Digest, Vol 147, Issue 19
Dania Ramirez Moya
dania181087 at gmail.com
Sat Mar 14 13:43:38 MDT 2015
Hello, thanks for replying.
I installed and configured samba 4.1.7 and ntp 4.2.6 according to
https://wiki.samba.org/index.php/Time_Synchronisation. I don't need further
time updates. I need to change the date to DC samba4 the first days of
every months by the last day of the previous month and my clients
automatically update their time. I am aware of problems this can trigger
but in this department had worked this way for years. Currently I have in
operation a server with Windows 2003 .So, I want to migrate the server
Windows 2003 to samba4.With Windows the automatically time update works
well , when changing the time on the server with clients previously logged
into the domain, computers synchronize date and time even without logging
off. With samba4 + ntp server I don't get a similar behavior unless I run
the synchronization command manually.I could configure the automatic
synchronization in other ways but in theory my clients should synchronize
its time with DC Samba4.
thanks again
Sorry for my english
Best Regards
2015-03-14 14:00 GMT-04:00 <samba-request at lists.samba.org>:
> Send samba mailing list submissions to
> samba at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.samba.org/mailman/listinfo/samba
> or, via email, send a message with subject or body 'help' to
> samba-request at lists.samba.org
>
> You can reach the person managing the list at
> samba-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba digest..."
>
> Today's Topics:
>
> 1. Re: samba 4.2 RDP problem (Marc Muehlfeld)
> 2. the windows xp clients do not automatically synchronize their
> time against DC (Dania Ramirez Moya)
> 3. Some types of GPOs doesn't work when applied to a specific OU
> (FM)
> 4. New production system - a couple of issues hope you can help
> (Rich Webb)
> 5. Re: SOLVED: Re: Windows XP sees fedora14/samba3 shares but
> not fedora20/samba4 shares (TAKAHASHI Motonobu)
> 6. 4.2 on Raspberry Pi as AD DC - success ! (Matthias Busch)
> 7. Re: LDAP with Samba4 (TAKAHASHI Motonobu)
> 8. Re: samba 4.1.17 on raspberry pi as ad dc - final thoughts,
> success and follow up link (Matthias Busch)
> 9. Re: samba 4.1.17 on raspberry pi as ad dc - final thoughts,
> success and follow up link (FM)
> 10. Re: samba 4.1.17 on raspberry pi as ad dc - final thoughts,
> success and follow up link (Matthias Busch)
> 11. Re: samba 4.1.17 on raspberry pi as ad dc - final thoughts,
> success and follow up link (FM)
> 12. the windows xp clients do not automatically synchronize their
> time against DC (Dania Ramirez Moya)
> 13. Re: the windows xp clients do not automatically synchronize
> their time against DC (Carlos R. Pena Evertsz)
>
>
> ---------- Mensaje reenviado ----------
> From: Marc Muehlfeld <mmuehlfeld at samba.org>
> To: "Heinz Hölzl" <heinz.hoelzl at gvcc.net>, samba at lists.samba.org
> Cc:
> Date: Fri, 13 Mar 2015 19:47:37 +0100
> Subject: Re: [Samba] samba 4.2 RDP problem
> Hello Heinz,
>
> Am 13.03.2015 um 18:26 schrieb Heinz Hölzl:
> > i did some tests wit samba 4.2 as a ADS DC on arch linux.
> > On a Win8.1 client i can do local logins as every user,
> > i can login via RDP as local user, but i am not able to
> > login as a domain user via RDP.
> > After the loginscreen, appears "Welcome" and the
> > mousepointer continues to spinn....
> >
> > Same issue on Ubuntu 14.04, samba 4.2 installed from source.
> >
> > On Ubuntu and samba 4.1.17 (installed also from source) all works fine.
>
> I don't have 4.2 in production at work. But I tried in my test
> environment here at home (2 DCs - both 4.2.0):
>
> RDP
> Win10 -> Win81: OK
> Win10 -> Win7: OK
> Win81 -> Win7: OK
> Win7 -> Win81: OK
>
> For testing I created a new user (no home drive, no logonscript, no
> server base profile, etc.) in AD and allowed the domain group "domain
> users" to login via RDP on all three machines.
>
> I can't see a problem here.
>
> * What does the Windows event log says?
> * Any interesting messages on your DC logfile?
> * Can you temporary disable logonscript, connection of home drive, etc.)?
>
>
> Regards,
> Marc
>
>
>
> ---------- Mensaje reenviado ----------
> From: Dania Ramirez Moya <dania181087 at gmail.com>
> To: samba <samba at lists.samba.org>
> Cc:
> Date: Fri, 13 Mar 2015 17:08:41 -0400
> Subject: [Samba] the windows xp clients do not automatically synchronize
> their time against DC
> Hello list
> Why my windowsxp clients do not *automatically* synchronize their time
> against DC Samba4?.
> If I run this command on the client *net time \\ nombre_DC / set /
> yes*, the pcs update their time but if I change the date on the DC,
> but if I change date on the DC , computers don't do it.
> I will appreciate any help you can give me
> Best regards
> Dania
>
>
>
> ---------- Mensaje reenviado ----------
> From: FM <seeder.p2p at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Fri, 13 Mar 2015 21:21:24 +0000
> Subject: [Samba] Some types of GPOs doesn't work when applied to a
> specific OU
> Hi Guys!
>
> I've been testing Zentyal for some time and I find an odd situation.
>
> There are some kind of gpo settings that are not applied when the GPO is
> linked into an OU.
>
> Example: setting a wallpaper with "administrative templates" or creating a
> folder via gpo.
>
> Other types works everywhere. Example: Computer Configuration - >
> Preferences -> Windows Settings -> Shortcuts
>
> Any explanation?
>
> The very same GPO when applied to the root of the domain works.
>
> When I run
>
> sudo samba-tool gpo aclcheck
>
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/shares.conf"
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/gpo.py", line 1150,
> in run
> ds_sd_ndr = m['nTSecurityDescriptor'][0]
>
> Don't know if it's related...
> Hints?
>
> Samba 4.1.17
>
>
>
> ---------- Mensaje reenviado ----------
> From: Rich Webb <rwebb at zylatech.com>
> To: <samba at lists.samba.org>
> Cc:
> Date: Fri, 13 Mar 2015 21:31:45 -0400
> Subject: [Samba] New production system - a couple of issues hope you can
> help
> Set up a samba 4 DC everything there seems fine.
>
> Set up a member server according to this article:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> The setup went fine - also set up a home share according to this:
> https://wiki.samba.org/index.php/Setting_up_a_home_share
>
> I'm using sernet-samba-ad for the domain controller and
> sernet-samba-winbind for the member server both versions are 4.1.
>
> The issues are first that when I go into gpmc.msc for managing group
> policy through RSAT I right-click a policy and click edit I get an error
> about "MMC has detected an error in a snap-in. It is recommended that you
> shut down and restart MMC."
>
> I can Ignore and continue which still allows me to edit the group policy.
>
> Next on the home shares I had issues with users getting "access denied"
> errors when I had set the permissions set up as listed in the wiki page.
> Also in ADUC selecting "connect to" in the user's profile to map the home
> share will create the directory when a new user is created but it doesn't
> end up mapping the drive. I went into GP and set a windows preference for
> drive mapping and told it to map the P drive to \\server\home\%logonuser%
> and it still won't map the user's drive.
>
> Also I was getting access denied to everything until I set the unix
> attributes (which I thought were just for granting permissions under
> Unix.) I guess I'm not real clear about what the unix attributes tab is
> for. I thought it was for mapping a unix UID to a windows user account so
> that unix permissions could be set using windows accounts maybe? If there
> is an article that someone can point me to I would be happy to read on my
> own. I've already read in the howto for setting up a member server but
> that brief section explaining it I guess isn't clear enough for me.
>
> If I could solve a few of these issues we will have a very stable and fast
> system.
>
> Thanks in advance.
> Rich
>
> Thanks,
>
> Richard Webb
> Zylatech, LLC
>
>
>
> ---------- Mensaje reenviado ----------
> From: TAKAHASHI Motonobu <monyo at monyo.com>
> To: Al Schapira <a_schapira at verizon.net>
> Cc: samba at lists.samba.org
> Date: Sat, 14 Mar 2015 12:41:35 +0900 (JST)
> Subject: Re: [Samba] SOLVED: Re: Windows XP sees fedora14/samba3 shares
> but not fedora20/samba4 shares
> From: Rowland Penny <rowlandpenny at googlemail.com>
> Date: Sat, 07 Mar 2015 09:09:27 +0000
>
> > On 07/03/15 02:02, Al Schapira wrote:
> >> On Fri, 2015-03-06 at 21:59 +0000, Rowland Penny wrote:
> >>
> >>> try adding 'map to guest = Bad User' to smb.conf
> >>>
> >>> Rowland
> >>>
> >> IT WORKED!!! THANK YOU.
> >> Now the XP machine can see both the f14 and f20 shares. (It was not
> >> even necessary to restart nmbd or smbd on the f20 machines.)
> >>
> >> Now, if I'm not asking for too much, can you please explain why this
> >> worked. :-)
>
> Because on your f14 box, "security = share" is set, instead of
> "security = user".
>
> "security = share" is now marked as deprecated, so f20's setting is
> better now.
>
> ---
> TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
> facebook.com/takahashi.motonobu
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Matthias Busch <catwiesel at gmx.net>
> To: samba at lists.samba.org
> Cc:
> Date: Sat, 14 Mar 2015 04:54:31 +0100
> Subject: [Samba] 4.2 on Raspberry Pi as AD DC - success !
> after the last few days playing around with 4.1.17 I decided to start new
> and try 4.2
>
> --- Hardware, OS:
> Pi B+, Raspbian 2015-02-16
>
> --- Getting packages:
>
> - install packages: build-essential libacl1-dev libattr1-dev libblkid-dev
> libgnutls-dev libreadline-dev python-dev libpam0g-dev python-dnspython gdb
> pkg-config libpopt-dev libldap2-dev dnsutils libbsd-dev attr krb5-user
> docbook-xsl libcups2-dev acl libkrb5-dev
> - install more packages: acl python-xattr util-linux gnutls-bin
> python-setproctitle
> - (did NOT install slapd docbook xsltproc cups *)
> - wget samba..., tar -xvzf samba-4.2.0.tar.gz (rc5?)
>
> * my previous tests suggest that those packages may cause problems.
> - openldap may bind to 389 before samba is started and cause sambaldap to
> fail.
> - cups installs a LOT of stuff (also avahi-daemon) which did cause trouble
> but may have been related to me chosing .local domain. I do not plan to use
> the pi as print server.
> - without docbook and xsltproc man pages will not be created during make.
> with them make aborted for me, at least 4.1.17 did
>
> --- pre-setup:
> (will cause pi to lose internet - or rather dns)
>
> - static ip, dns-nameservers [pi ip] [googledns], dns-search my-domain.home
> - hostname adserver.my-domain.home
> - hosts: 127.0.0.1 localhost localhost.my-domain and [pi ip] adserver
> adserver.my-domain.home
> - resolv.conf: nameserver [pi ip], domain my-domain.home
> - reboot :)
>
> --- building samba:
> - configure /--prefix=/usr/local/samba //--with-piddir=/usr/local/samba/var/run
> //--with-syslog //--with-quotas //--with-acl-support
> - make
> - make install
> (together >6 hours...)
>
> --- add /usr/local/samba/bin and /usr/local/samba/sbin to $PATH (see
> /etc/profile)
>
> --- samba-tool domain provision --use-rfc230 --interactive
> I was able to use default (just press enter) everywhere except for the DNS
> forwarder. type in the dns of your router or a public dns like google
> (8.8.8.8)
>
> --- copy the krb5.conf provided by samba (in /usr/local/samba/private) to
> /etc/krb5.conf
>
> --- run samba
> (internet should be back)
>
> --- get init.d script for samba-ad-dc, edit it according to the guide,
> make executeable, run update-rc.d
>
> --- reboot
>
> --- test:
> - kinit administrator at MY-DOMAIN.HOME: works, no errors
> - samba_dnsupdate --verbose: no errors
> - samba_upgradedns: no errors
> - host -t ... : no errors
> - dns forwarder: ping google.com : good
>
> --- test2:
> - added win7 pro to domain: no error, login with admin: ok
> - download and install rsat: ok
>
> --- further settings to test soon:
> - create a testing share
> - SeDiskOperatorPrivilege for administrator
> (see https://wiki.samba.org/index.php/Setup_and_configure_file_
> shares_with_Windows_ACLs )
> (unclear if required!)
>
> --- test3 (with rsat)
> - added user to domain
> - added OU to domain, moved pc in new ou
> - added gpo (flash player.msi install) to OU
> - connect to adserver with computer management, edit share settings
> (read/write etc)
> - gpupdate /force : looks good
> - reboot
>
> --- test4
> - login with new user: good
> - msi installed: good
> - test fileshare settings
>
> --- logs:
> - get lots of errors about printer list: as expected without cups
> - get lots of errors binding to :::[PORT] failing --> still seems to be
> something up with ipv6
>
> --- the end?
> further testing and finetuning will definately be required.
> I will try to add ntp-server, dhcp (with dynamic dns update), and radius
> server next (not in that order)
>
> --- what I learned which was not clear through all the documentation I
> found when looking around
>
> - stay clear of the "AD member server" guide, stick with "the ad dc howto"
> - winbindd and stuff seems not to be neccesary (or is configured correctly
> out of the box) for "just ad dc"
> - openldap/slapd is NOT required
> - you guys rock. i had much help to get where it actually works... hope
> this summary with "success" helps other people!
>
>
>
>
>
>
> /
>
>
>
> ---------- Mensaje reenviado ----------
> From: TAKAHASHI Motonobu <monyo at monyo.com>
> To: adi at cg.tuwien.ac.at
> Cc: samba at lists.samba.org
> Date: Sat, 14 Mar 2015 13:57:48 +0900 (JST)
> Subject: Re: [Samba] LDAP with Samba4
> From: Adi Kriegisch <adi at cg.tuwien.ac.at>
> Date: Mon, 9 Mar 2015 16:13:38 +0100
>
> > We're still running a Samba3 Domain Controller but need to upgrade to
> > Samba4/AD soon. The core of our DC is an OpenLDAP server that holds
> > authentication information for many services including Samba3.
> (snip)
> > The question is how can we continue to use a LDAP server for
> authentication
> > while keeping accounts and passwords in sync?
> > Is there still some development going on for the OpenLDAP backend of
> > Samba4[1]?
> > How did others solve such a situation?
>
> If you *need* to upgrade to Samba4 but do *not* need to upgrade to AD,
> you can still use NT4-style Domain (compatible with Samba3) with Samba4.
>
> Does this solve this situation?
>
> ---
> TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo
> facebook.com/takahashi.motonobu
>
>
>
>
> ---------- Mensaje reenviado ----------
> From: Matthias Busch <catwiesel at gmx.net>
> To: samba at lists.samba.org
> Cc:
> Date: Sat, 14 Mar 2015 11:50:59 +0100
> Subject: Re: [Samba] samba 4.1.17 on raspberry pi as ad dc - final
> thoughts, success and follow up link
> Hey List,
>
> first, let me give a huge thanks to everyone who replied and helped.
> I learned a lot and I could not have done it in any reasonable time frame
> without your suggestions and answers!
>
> I started new from scratch to make sure no old configuration / data was
> screwing with further attempts.
>
> It pretty much worked without problem. A few things that were done
> different ...
>
> - samba 4.2, not 4.1.17
> - no slapd installed
> - no cups installed (cups will install avahi) - dont plan on using pi as
> print server
> - my-domain.home instead of .local (or .lan or maybe .private)
> - not getting confused by the issue ad member and ad d controller
>
> see reported success here: https://lists.samba.org/
> archive/samba/2015-March/190057.html
>
>
>
> ---------- Mensaje reenviado ----------
> From: FM <seeder.p2p at gmail.com>
> To: Matthias Busch <catwiesel at gmx.net>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Date: Sat, 14 Mar 2015 11:04:25 +0000
> Subject: Re: [Samba] samba 4.1.17 on raspberry pi as ad dc - final
> thoughts, success and follow up link
> Hi!
>
> Did you managed to correctly deploy GPOs?
>
> I'm facing some issues with some types of gpo not being applied.
>
> Thanks
>
> Filipe Moreira
> Enviado de um dispositivo móvel
>
> No dia 14/03/2015, às 10:50, Matthias Busch <catwiesel at gmx.net> escreveu:
>
> > Hey List,
> >
> > first, let me give a huge thanks to everyone who replied and helped.
> > I learned a lot and I could not have done it in any reasonable time
> frame without your suggestions and answers!
> >
> > I started new from scratch to make sure no old configuration / data was
> screwing with further attempts.
> >
> > It pretty much worked without problem. A few things that were done
> different ...
> >
> > - samba 4.2, not 4.1.17
> > - no slapd installed
> > - no cups installed (cups will install avahi) - dont plan on using pi as
> print server
> > - my-domain.home instead of .local (or .lan or maybe .private)
> > - not getting confused by the issue ad member and ad d controller
> >
> > see reported success here:
> https://lists.samba.org/archive/samba/2015-March/190057.html
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> ---------- Mensaje reenviado ----------
> From: Matthias Busch <catwiesel at gmx.net>
> To: samba at lists.samba.org
> Cc:
> Date: Sat, 14 Mar 2015 12:36:39 +0100
> Subject: Re: [Samba] samba 4.1.17 on raspberry pi as ad dc - final
> thoughts, success and follow up link
> so far, I've only tried to deploy msi via gpo.
> what gpo type is troubling you? i could try and report back...
>
> when I had initial gpo trouble it was because dns wasnt working quite
> right (when adding a new pc to the domain, it was not added to dns and
> hence could not gpoupdate)
>
> does gpoupdate /force give any errors?
>
>
>
> ---------- Mensaje reenviado ----------
> From: FM <seeder.p2p at gmail.com>
> To: Matthias Busch <catwiesel at gmx.net>
> Cc: "samba at lists.samba.org" <samba at lists.samba.org>
> Date: Sat, 14 Mar 2015 11:44:26 +0000
> Subject: Re: [Samba] samba 4.1.17 on raspberry pi as ad dc - final
> thoughts, success and follow up link
> Hi,
>
> There are some kind of gpo settings that are not applied when the GPO is
> linked into an OU.
>
> Example: setting a wallpaper with "administrative templates" or creating a
> folder via gpo.
>
> The very same GPO when applied to the root of the domain works.
>
> Other types works everywhere. Example: Computer Configuration - >
> Preferences -> Windows Settings -> Shortcuts
>
> Thanks
>
> Filipe Moreira
> Enviado de um dispositivo móvel
>
> No dia 14/03/2015, às 11:36, Matthias Busch <catwiesel at gmx.net> escreveu:
>
> > so far, I've only tried to deploy msi via gpo.
> > what gpo type is troubling you? i could try and report back...
> >
> > when I had initial gpo trouble it was because dns wasnt working quite
> right (when adding a new pc to the domain, it was not added to dns and
> hence could not gpoupdate)
> >
> > does gpoupdate /force give any errors?
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> ---------- Mensaje reenviado ----------
> From: Dania Ramirez Moya <dania181087 at gmail.com>
> To: samba <samba at lists.samba.org>
> Cc:
> Date: Sat, 14 Mar 2015 09:11:26 -0400
> Subject: [Samba] the windows xp clients do not automatically synchronize
> their time against DC
> Hello list
> Why my windowsxp clients do not *automatically* synchronize their time
> against DC Samba4?.
> If I run this command on the client *net time \\ nombre_DC / set /
> yes*, the pcs update their time but if I change the date on the DC,
> but if I change date on the DC , computers don't do it.
> I will appreciate any help you can give me
> Best regards
> Dania
>
>
>
> ---------- Mensaje reenviado ----------
> From: "Carlos R. Pena Evertsz" <carlosrpevertsz at gmail.com>
> To: samba at lists.samba.org
> Cc:
> Date: Sat, 14 Mar 2015 09:40:13 -0400
> Subject: Re: [Samba] the windows xp clients do not automatically
> synchronize their time against DC
> Hi Dania,
>
> I think you have to use ntp syncronization. By default windows xp should
> update the time from the DC server at login, but if you need further time
> updates you should read the section "Configuring the Windows Time service
> to use an external time source" at the following link:
>
> http://support.microsoft.com/en-us/kb/314054
>
> If someone doesn't have a better idea I hope this help you.
>
> Best regards,
> Carlos
> Santo Domingo, Dominican Republic
>
> On Mar/14/2015 9:11 AM, Dania Ramirez Moya wrote:
>
>> Hello list
>> Why my windowsxp clients do not *automatically* synchronize their time
>> against DC Samba4?.
>> If I run this command on the client *net time \\ nombre_DC / set /
>> yes*, the pcs update their time but if I change the date on the DC,
>> but if I change date on the DC , computers don't do it.
>> I will appreciate any help you can give me
>> Best regards
>> Dania
>>
>
>
>
> _______________________________________________
> samba mailing list
> samba at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list