Rowland,
I've gotten a bit further. It appears my use of '.local' is
causing
the issue from what I've researched. I ran '|/etc/init.d/avahi-daemon
stop'. |This allowed me to successfully join the domain.
Enter administrator at DOMAIN.LOCAL's password:
Using short domain name -- DOMAIN
Joined 'PFMEMBER1' to dns domain 'domain.local'
DNS Update for pfmember1.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
||
On 1/2/2015 8:55 AM, Rowland Penny wrote:> On 02/01/15 13:41, James wrote:
>> Hi Rowland,
>>
>> If you don't mind I like to post my member server configuration
>> as I attempt again. This is how my member server(Ubuntu 12.04) is
>> configured after fresh install and prior to Samba build. Anything
I'm
>> missing that could cause my issue as I proceed? I assume no other
>> prerequisites must be done on the other DC's either? Thanks.
>>
>> /*# From Wiki for DC build*/
>> apt-get install build-essential libacl1-dev libattr1-dev libblkid-dev
>> libgnutls-dev libreadline-dev python-dev libpam0g-dev
>> python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils
>> libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl
>>
>>
>> /*# Fstab file*/
>> ext4 errors=remount-ro,user_xattr,acl,barrier=1 1 1
>>
>>
>> */# Hosts File/*
>> 127.0.0.1 localhost
>> 172.16.232.25 pfmember1.domain.local pfmember1
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1 ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> */# Hostname/* */File/*
>> pfmember1.domain.local
>
> if you are referring to /etc/hostname, then it should just contain
> 'pfmember1'.
>
> Also, are you fixed on using Ubuntu 12.04, if you were to use Debian
> Wheezy and backports, you wouldn't have to compile samba4.
>
> Rowland
>
>>
>> */#/network/interfaces/*
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>>
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # The primary network interface
>> auto eth0
>> iface eth0 inet static
>> address 172.16.232.25
>> netmask 255.255.255.0
>> gateway 172.16.232.201
>> network 172.16.232.0
>> broadcast 172.16.232.255
>> dns-search domain.local
>> dns-nameservers 172.16.232.29
>>
>>
>>
>>
>>
>> On 1/1/2015 4:34 AM, Rowland Penny wrote:
>>> On 01/01/15 00:07, James wrote:
>>>> Hi Rowland,
>>>>
>>>> I forgot to tell you the results were from my Domain
Controller
>>>> and not the member server. Member server returned something to
the
>>>> effect of 'user not found'. I am only starting the 3
>>>> services(smbd,nmbd and windbindd) listed in the wiki. Should I
be
>>>> starting Samba with command line switches to start as a member
>>>> server? Is that even possible?
>>>
>>> Hi, there are two ways of running samba4, the classic or original
>>> way that samba3 was used, or as an AD DC. If you run samba4 in the
>>> classic way, you need to start the smbd & nmbd deamons and
>>> optionally the winbind daemon. If you use samba4 as an AD DC, then
>>> you only start the samba daemon, this will start any other required
>>> deamons, you only start the samba daemon on an AD DC.
>>>
>>> As you are trying to set up a member server, you must carry out the
>>> tests on the member server.
>>>
>>> Rowland
>>>
>>>>
>>>> Thanks for you smb.conf. I will attempt again using your
>>>> smb.conf as a template and try again.
>>>>
>>>> On 12/31/2014 2:20 PM, Rowland Penny wrote:
>>>>> On 31/12/14 19:07, James wrote:
>>>>>> Rowland,
>>>>>>
>>>>>> I decided to start over with a fresh install and
attempted
>>>>>> again. Only change I made was to start my mappings at
10000. I
>>>>>> gave 'Domain Users' group gid 10000 and
'tuser' has uid 10001.
>>>>>> Still didn't work btw.
>>>>>>
>>>>>> dn: CN=Test User,CN=Users,DC=domain,DC=local
>>>>>> objectClass: top
>>>>>> objectClass: person
>>>>>> objectClass: organizationalPerson
>>>>>> objectClass: user
>>>>>> cn: Test User
>>>>>> sn: User
>>>>>> givenName: Test
>>>>>> instanceType: 4
>>>>>> whenCreated: 20141231172021.0Z
>>>>>> displayName: Test User
>>>>>> uSNCreated: 477557
>>>>>> name: Test User
>>>>>> objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78
>>>>>> userAccountControl: 66048
>>>>>> codePage: 0
>>>>>> countryCode: 0
>>>>>> pwdLastSet: 130645200220000000
>>>>>> primaryGroupID: 513
>>>>>> objectSid:
S-1-5-21-940051827-2291820289-3341758437-3126
>>>>>> accountExpires: 9223372036854775807
>>>>>> sAMAccountName: tuser
>>>>>> sAMAccountType: 805306368
>>>>>> userPrincipalName: tuser at domain.local
>>>>>> objectCategory:
>>>>>> CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
>>>>>> unixUserPassword: ABCD!efgh12345$67890
>>>>>> uid: tuser
>>>>>> msSFU30Name: tuser
>>>>>> msSFU30NisDomain: domain
>>>>>> uidNumber: 10001
>>>>>> loginShell: /bin/sh
>>>>>> unixHomeDirectory: /home/tuser
>>>>>> gidNumber: 10000
>>>>>> whenChanged: 20141231185807.0Z
>>>>>> uSNChanged: 477620
>>>>>> distinguishedName: CN=Test
User,CN=Users,DC=domain,DC=local
>>>>>>
>>>>>>
>>>>>> On 12/31/2014 1:50 PM, Rowland Penny wrote:
>>>>>>> On 31/12/14 18:28, James wrote:
>>>>>>>> Hi Rowland,
>>>>>>>>
>>>>>>>> passwd: compat winbind
>>>>>>>> group: compat winbind
>>>>>>>>
>>>>>>>> 'getent passwd tuser' results in a
blank terminal line.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12/31/2014 1:12 PM, Rowland Penny wrote:
>>>>>>>>> On 31/12/14 17:55, James wrote:
>>>>>>>>>> Hi Rowland,
>>>>>>>>>>
>>>>>>>>>> I did. Unfortunately something is
still amiss. I do
>>>>>>>>>> receive a response from 'getent
group domain
>>>>>>>>>> users'(users:x:100).
>>>>>>>>>>
>>>>>>>>>> On 12/31/2014 12:26 PM, Rowland Penny
wrote:
>>>>>>>>>>> On 31/12/14 17:23, James wrote:
>>>>>>>>>>>> Rowland,
>>>>>>>>>>>>
>>>>>>>>>>>> I set a user with a uid and
domain users group with a
>>>>>>>>>>>> gid but I'm still unable to
view them using 'id'. I do
>>>>>>>>>>>> notice a few strange
observations. If I go to another user
>>>>>>>>>>>> to attempt to assign a uid. I
get the default value of
>>>>>>>>>>>> 10000. I would expect 2001
given I set the first user with
>>>>>>>>>>>> uid 2000. Groups however appear
to increment.
>>>>>>>>>>>>
>>>>>>>>>>>> On 12/31/2014 10:52 AM, Rowland
Penny wrote:
>>>>>>>>>>>>> On 31/12/14 15:42, James
wrote:
>>>>>>>>>>>>>> Hello Stefan,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I learned the hard
way about .local. I understand
>>>>>>>>>>>>>> going forward.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I do have an issue with
the member server. Following
>>>>>>>>>>>>>> along with the wiki I
get stuck at 'Testing the Winbind
>>>>>>>>>>>>>> user/group
mapping'. Wbinfo works as expected but not
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> #*id DomainUser*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> #*getent passwd*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> #*getent group*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> #*chown
DomainUser:DomainGroup file*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> #*chgrp DomainGroup
file*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> etc.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I receive 'id:
sambauser: No such user'. It will only
>>>>>>>>>>>>>> retrieve local machine
users. Let me preface by saying
>>>>>>>>>>>>>> this is a Ubuntu 12.04
server with Samba 4.1.14. Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 12/31/2014 10:00 AM,
Stefan Kania wrote:
>>>>>>>>>>>>>>> -----BEGIN PGP
SIGNED MESSAGE-----
>>>>>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello James,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Am 31.12.2014 um
15:48 schrieb James:> Hello,
>>>>>>>>>>>>>>>> I'm
following along with the wiki(Setup a Samba AD
>>>>>>>>>>>>>>>> Member Server)
>>>>>>>>>>>>>>>> and I have a
question after reading the 'Set up a basic
>>>>>>>>>>>>>>>> smb.conf'
>>>>>>>>>>>>>>>> section.
>>>>>>>>>>>>>>> Please show us your
smb.conf
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Do I need to
extend the schema in order for my member
>>>>>>>>>>>>>>> server to
>>>>>>>>>>>>>>>> successfully
join and service file shares?
>>>>>>>>>>>>>>> No, you dont have
to.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Do I need to
configure a
>>>>>>>>>>>>>>>> krb5.conf file?
Thanks.
>>>>>>>>>>>>>>> If your DC is a
samba4 DC just copy krb5.conf to your
>>>>>>>>>>>>>>> new memberserver
>>>>>>>>>>>>>>> Stefan
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> - -- Stefan Kania
>>>>>>>>>>>>>>> Landweg 13
>>>>>>>>>>>>>>> 25693 St.
Michaelisdonn
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Signieren jeder
E-Mail hilft Spam zu reduzieren.
>>>>>>>>>>>>>>> Signieren Sie ihre
>>>>>>>>>>>>>>> E-Mail. Weiter
Informationen unter http://www.gnupg.org
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Mein Schl?ssel
liegt auf
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
hkp://subkeys.pgp.net
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> -----BEGIN PGP
SIGNATURE-----
>>>>>>>>>>>>>>> Version: GnuPG v1
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>>>>>>>> =SOSt
>>>>>>>>>>>>>>> -----END PGP
SIGNATURE-----
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> If you followed the wiki,
you will be using the 'ad'
>>>>>>>>>>>>> backend. For this to work,
you need to add 'uidNumber'
>>>>>>>>>>>>> attributes to your users
and a 'gidNumber' attribute to at
>>>>>>>>>>>>> least the Domain Users
group. the numbers that you add
>>>>>>>>>>>>> must be between the range
you set in your smb.conf, again
>>>>>>>>>>>>> if you followed the wiki,
this will be between 500-40000.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> You have restarted samba,
haven't you ?
>>>>>>>>>>> You may have to wait a short time,
or clear the cache with
>>>>>>>>>>> 'net cache flush'
>>>>>>>>>>>
>>>>>>>>>>> Rowland
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> OK, can you post the 'passwd' &
'group' lines from /etc/nsswitch
>>>>>>>>>
>>>>>>>>> Do you get anything from 'getent passwd
<a domain user>'
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>>
>>>>>>> OK, install ldb-tools if not already installed,
then run:
>>>>>>>
>>>>>>> ldbedit -e nano -H /var/lib/samba/private/sam.ldb
>>>>>>> sAMAccountName=tuser
>>>>>>>
>>>>>>> Post the (sanitized) result
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>
>>>>>
>>>>> OK, you added that user with ADUC (RSAT) and as such you
are using
>>>>> the std windows start number 10000, which is the way I run
samba.
>>>>> Here is my smb.conf from the laptop I am writing this on:
>>>>>
>>>>> [global]
>>>>> workgroup = EXAMPLE
>>>>> security = ADS
>>>>> realm = EXAMPLE.COM
>>>>> dedicated keytab file = /etc/krb5.keytab
>>>>> kerberos method = secrets and keytab
>>>>> server string = Samba 4 Client %h
>>>>> winbind enum users = yes
>>>>> winbind enum groups = yes
>>>>> winbind use default domain = yes
>>>>> winbind expand groups = 4
>>>>> winbind nss info = rfc2307
>>>>> winbind refresh tickets = Yes
>>>>> winbind normalize names = Yes
>>>>> idmap config * : backend = tdb
>>>>> idmap config * : range = 2000-9999
>>>>> idmap config EXAMPLE : backend = ad
>>>>> idmap config EXAMPLE : range = 10000-999999
>>>>> idmap config EXAMPLE : schema_mode = rfc2307
>>>>> printcap name = cups
>>>>> cups options = raw
>>>>> usershare allow guests = yes
>>>>> domain master = no
>>>>> local master = no
>>>>> preferred master = no
>>>>> os level = 20
>>>>> map to guest = bad user
>>>>> vfs objects = acl_xattr
>>>>> map acl inherit = Yes
>>>>> store dos attributes = Yes
>>>>>
>>>>> Compare it with yours, I can assure you it works.
>>>>>
>>>>> Rowland
>>>>>
>>>>
>>>
>>
>> --
>> -James
>
--
-James
On 02/01/15 16:57, James wrote:> Rowland, > > I've gotten a bit further. It appears my use of '.local' is > causing the issue from what I've researched. I ran > '|/etc/init.d/avahi-daemon stop'. |This allowed me to successfully > join the domain. > > Enter administrator at DOMAIN.LOCAL's password: > Using short domain name -- DOMAIN > Joined 'PFMEMBER1' to dns domain 'domain.local' > DNS Update for pfmember1.local failed: ERROR_DNS_UPDATE_FAILED > DNS update failed: NT_STATUS_UNSUCCESSFUL > || > On 1/2/2015 8:55 AM, Rowland Penny wrote: >> On 02/01/15 13:41, James wrote: >>> Hi Rowland, >>> >>> If you don't mind I like to post my member server configuration >>> as I attempt again. This is how my member server(Ubuntu 12.04) is >>> configured after fresh install and prior to Samba build. Anything >>> I'm missing that could cause my issue as I proceed? I assume no >>> other prerequisites must be done on the other DC's either? Thanks. >>> >>> /*# From Wiki for DC build*/ >>> apt-get install build-essential libacl1-dev libattr1-dev >>> libblkid-dev libgnutls-dev libreadline-dev python-dev libpam0g-dev >>> python-dnspython gdb pkg-config libpopt-dev libldap2-dev dnsutils >>> libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl >>> >>> >>> /*# Fstab file*/ >>> ext4 errors=remount-ro,user_xattr,acl,barrier=1 1 1 >>> >>> >>> */# Hosts File/* >>> 127.0.0.1 localhost >>> 172.16.232.25 pfmember1.domain.local pfmember1 >>> >>> # The following lines are desirable for IPv6 capable hosts >>> ::1 ip6-localhost ip6-loopback >>> fe00::0 ip6-localnet >>> ff00::0 ip6-mcastprefix >>> ff02::1 ip6-allnodes >>> ff02::2 ip6-allrouters >>> >>> >>> */# Hostname/* */File/* >>> pfmember1.domain.local >> >> if you are referring to /etc/hostname, then it should just contain >> 'pfmember1'. >> >> Also, are you fixed on using Ubuntu 12.04, if you were to use Debian >> Wheezy and backports, you wouldn't have to compile samba4. >> >> Rowland >> >>> >>> */#/network/interfaces/* >>> # This file describes the network interfaces available on your system >>> # and how to activate them. For more information, see interfaces(5). >>> >>> # The loopback network interface >>> auto lo >>> iface lo inet loopback >>> >>> # The primary network interface >>> auto eth0 >>> iface eth0 inet static >>> address 172.16.232.25 >>> netmask 255.255.255.0 >>> gateway 172.16.232.201 >>> network 172.16.232.0 >>> broadcast 172.16.232.255 >>> dns-search domain.local >>> dns-nameservers 172.16.232.29 >>> >>> >>> >>> >>> >>> On 1/1/2015 4:34 AM, Rowland Penny wrote: >>>> On 01/01/15 00:07, James wrote: >>>>> Hi Rowland, >>>>> >>>>> I forgot to tell you the results were from my Domain >>>>> Controller and not the member server. Member server returned >>>>> something to the effect of 'user not found'. I am only starting >>>>> the 3 services(smbd,nmbd and windbindd) listed in the wiki. Should >>>>> I be starting Samba with command line switches to start as a >>>>> member server? Is that even possible? >>>> >>>> Hi, there are two ways of running samba4, the classic or original >>>> way that samba3 was used, or as an AD DC. If you run samba4 in the >>>> classic way, you need to start the smbd & nmbd deamons and >>>> optionally the winbind daemon. If you use samba4 as an AD DC, then >>>> you only start the samba daemon, this will start any other required >>>> deamons, you only start the samba daemon on an AD DC. >>>> >>>> As you are trying to set up a member server, you must carry out the >>>> tests on the member server. >>>> >>>> Rowland >>>> >>>>> >>>>> Thanks for you smb.conf. I will attempt again using your >>>>> smb.conf as a template and try again. >>>>> >>>>> On 12/31/2014 2:20 PM, Rowland Penny wrote: >>>>>> On 31/12/14 19:07, James wrote: >>>>>>> Rowland, >>>>>>> >>>>>>> I decided to start over with a fresh install and attempted >>>>>>> again. Only change I made was to start my mappings at 10000. I >>>>>>> gave 'Domain Users' group gid 10000 and 'tuser' has uid 10001. >>>>>>> Still didn't work btw. >>>>>>> >>>>>>> dn: CN=Test User,CN=Users,DC=domain,DC=local >>>>>>> objectClass: top >>>>>>> objectClass: person >>>>>>> objectClass: organizationalPerson >>>>>>> objectClass: user >>>>>>> cn: Test User >>>>>>> sn: User >>>>>>> givenName: Test >>>>>>> instanceType: 4 >>>>>>> whenCreated: 20141231172021.0Z >>>>>>> displayName: Test User >>>>>>> uSNCreated: 477557 >>>>>>> name: Test User >>>>>>> objectGUID: 90f95763-fe52-42b9-af86-8a84a4d5dd78 >>>>>>> userAccountControl: 66048 >>>>>>> codePage: 0 >>>>>>> countryCode: 0 >>>>>>> pwdLastSet: 130645200220000000 >>>>>>> primaryGroupID: 513 >>>>>>> objectSid: S-1-5-21-940051827-2291820289-3341758437-3126 >>>>>>> accountExpires: 9223372036854775807 >>>>>>> sAMAccountName: tuser >>>>>>> sAMAccountType: 805306368 >>>>>>> userPrincipalName: tuser at domain.local >>>>>>> objectCategory: >>>>>>> CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local >>>>>>> unixUserPassword: ABCD!efgh12345$67890 >>>>>>> uid: tuser >>>>>>> msSFU30Name: tuser >>>>>>> msSFU30NisDomain: domain >>>>>>> uidNumber: 10001 >>>>>>> loginShell: /bin/sh >>>>>>> unixHomeDirectory: /home/tuser >>>>>>> gidNumber: 10000 >>>>>>> whenChanged: 20141231185807.0Z >>>>>>> uSNChanged: 477620 >>>>>>> distinguishedName: CN=Test User,CN=Users,DC=domain,DC=local >>>>>>> >>>>>>> >>>>>>> On 12/31/2014 1:50 PM, Rowland Penny wrote: >>>>>>>> On 31/12/14 18:28, James wrote: >>>>>>>>> Hi Rowland, >>>>>>>>> >>>>>>>>> passwd: compat winbind >>>>>>>>> group: compat winbind >>>>>>>>> >>>>>>>>> 'getent passwd tuser' results in a blank terminal line. >>>>>>>>> >>>>>>>>> >>>>>>>>> On 12/31/2014 1:12 PM, Rowland Penny wrote: >>>>>>>>>> On 31/12/14 17:55, James wrote: >>>>>>>>>>> Hi Rowland, >>>>>>>>>>> >>>>>>>>>>> I did. Unfortunately something is still amiss. I do >>>>>>>>>>> receive a response from 'getent group domain >>>>>>>>>>> users'(users:x:100). >>>>>>>>>>> >>>>>>>>>>> On 12/31/2014 12:26 PM, Rowland Penny wrote: >>>>>>>>>>>> On 31/12/14 17:23, James wrote: >>>>>>>>>>>>> Rowland, >>>>>>>>>>>>> >>>>>>>>>>>>> I set a user with a uid and domain users group with a >>>>>>>>>>>>> gid but I'm still unable to view them using 'id'. I do >>>>>>>>>>>>> notice a few strange observations. If I go to another user >>>>>>>>>>>>> to attempt to assign a uid. I get the default value of >>>>>>>>>>>>> 10000. I would expect 2001 given I set the first user with >>>>>>>>>>>>> uid 2000. Groups however appear to increment. >>>>>>>>>>>>> >>>>>>>>>>>>> On 12/31/2014 10:52 AM, Rowland Penny wrote: >>>>>>>>>>>>>> On 31/12/14 15:42, James wrote: >>>>>>>>>>>>>>> Hello Stefan, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I learned the hard way about .local. I understand >>>>>>>>>>>>>>> going forward. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I do have an issue with the member server. Following >>>>>>>>>>>>>>> along with the wiki I get stuck at 'Testing the Winbind >>>>>>>>>>>>>>> user/group mapping'. Wbinfo works as expected but not >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> #*id DomainUser* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> #*getent passwd* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> #*getent group* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> #*chown DomainUser:DomainGroup file* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> #*chgrp DomainGroup file* >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> etc. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I receive 'id: sambauser: No such user'. It will only >>>>>>>>>>>>>>> retrieve local machine users. Let me preface by saying >>>>>>>>>>>>>>> this is a Ubuntu 12.04 server with Samba 4.1.14. Thanks. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 12/31/2014 10:00 AM, Stefan Kania wrote: >>>>>>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>>>>>>>>>>>> Hash: SHA1 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hello James, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Am 31.12.2014 um 15:48 schrieb James:> Hello, >>>>>>>>>>>>>>>>> I'm following along with the wiki(Setup a Samba AD >>>>>>>>>>>>>>>>> Member Server) >>>>>>>>>>>>>>>>> and I have a question after reading the 'Set up a >>>>>>>>>>>>>>>>> basic smb.conf' >>>>>>>>>>>>>>>>> section. >>>>>>>>>>>>>>>> Please show us your smb.conf >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Do I need to extend the schema in order for my member >>>>>>>>>>>>>>>> server to >>>>>>>>>>>>>>>>> successfully join and service file shares? >>>>>>>>>>>>>>>> No, you dont have to. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Do I need to configure a >>>>>>>>>>>>>>>>> krb5.conf file? Thanks. >>>>>>>>>>>>>>>> If your DC is a samba4 DC just copy krb5.conf to your >>>>>>>>>>>>>>>> new memberserver >>>>>>>>>>>>>>>> Stefan >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> - -- Stefan Kania >>>>>>>>>>>>>>>> Landweg 13 >>>>>>>>>>>>>>>> 25693 St. Michaelisdonn >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Signieren jeder E-Mail hilft Spam zu reduzieren. >>>>>>>>>>>>>>>> Signieren Sie ihre >>>>>>>>>>>>>>>> E-Mail. Weiter Informationen unter http://www.gnupg.org >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Mein Schl?ssel liegt auf >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> hkp://subkeys.pgp.net >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -----BEGIN PGP SIGNATURE----- >>>>>>>>>>>>>>>> Version: GnuPG v1 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> LScAoLDzorUJNDCik4FP9dBUxKCbAbGN >>>>>>>>>>>>>>>> =SOSt >>>>>>>>>>>>>>>> -----END PGP SIGNATURE----- >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> If you followed the wiki, you will be using the 'ad' >>>>>>>>>>>>>> backend. For this to work, you need to add 'uidNumber' >>>>>>>>>>>>>> attributes to your users and a 'gidNumber' attribute to >>>>>>>>>>>>>> at least the Domain Users group. the numbers that you add >>>>>>>>>>>>>> must be between the range you set in your smb.conf, again >>>>>>>>>>>>>> if you followed the wiki, this will be between 500-40000. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Rowland >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> You have restarted samba, haven't you ? >>>>>>>>>>>> You may have to wait a short time, or clear the cache with >>>>>>>>>>>> 'net cache flush' >>>>>>>>>>>> >>>>>>>>>>>> Rowland >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> OK, can you post the 'passwd' & 'group' lines from /etc/nsswitch >>>>>>>>>> >>>>>>>>>> Do you get anything from 'getent passwd <a domain user>' >>>>>>>>>> >>>>>>>>>> Rowland >>>>>>>>>> >>>>>>>>> >>>>>>>> OK, install ldb-tools if not already installed, then run: >>>>>>>> >>>>>>>> ldbedit -e nano -H /var/lib/samba/private/sam.ldb >>>>>>>> sAMAccountName=tuser >>>>>>>> >>>>>>>> Post the (sanitized) result >>>>>>>> >>>>>>>> Rowland >>>>>>>> >>>>>>> >>>>>> >>>>>> OK, you added that user with ADUC (RSAT) and as such you are >>>>>> using the std windows start number 10000, which is the way I run >>>>>> samba. Here is my smb.conf from the laptop I am writing this on: >>>>>> >>>>>> [global] >>>>>> workgroup = EXAMPLE >>>>>> security = ADS >>>>>> realm = EXAMPLE.COM >>>>>> dedicated keytab file = /etc/krb5.keytab >>>>>> kerberos method = secrets and keytab >>>>>> server string = Samba 4 Client %h >>>>>> winbind enum users = yes >>>>>> winbind enum groups = yes >>>>>> winbind use default domain = yes >>>>>> winbind expand groups = 4 >>>>>> winbind nss info = rfc2307 >>>>>> winbind refresh tickets = Yes >>>>>> winbind normalize names = Yes >>>>>> idmap config * : backend = tdb >>>>>> idmap config * : range = 2000-9999 >>>>>> idmap config EXAMPLE : backend = ad >>>>>> idmap config EXAMPLE : range = 10000-999999 >>>>>> idmap config EXAMPLE : schema_mode = rfc2307 >>>>>> printcap name = cups >>>>>> cups options = raw >>>>>> usershare allow guests = yes >>>>>> domain master = no >>>>>> local master = no >>>>>> preferred master = no >>>>>> os level = 20 >>>>>> map to guest = bad user >>>>>> vfs objects = acl_xattr >>>>>> map acl inherit = Yes >>>>>> store dos attributes = Yes >>>>>> >>>>>> Compare it with yours, I can assure you it works. >>>>>> >>>>>> Rowland >>>>>> >>>>> >>>> >>> >>> -- >>> -James >> > > -- > -JamesOK, you have *now* found out one of the reasons you shouldn't use the .local suffix But does anything else work? Rowland
Rowland,
I had a typo in my hosts file which is the reason my initial DNS
update failed. Corrected and joined again. Successfully joined and
updated DNS A record. I then made sure to give 'Domain users' a id of
10000. I am now able to run' getent passwd' and see all my domain users!
YES! However I still see something that confuses me. When I run 'id
tuser' I get the following.
uid=2155(tuser) gid=2002(domain_users)
groups=2002(domain_users),2004(remote_desktop_users_group),2001(BUILTIN\users)
Why is the uid 2155 and not 10001?
On 1/2/2015 12:00 PM, Rowland Penny wrote:> On 02/01/15 16:57, James wrote:
>> Rowland,
>>
>> I've gotten a bit further. It appears my use of
'.local' is
>> causing the issue from what I've researched. I ran
>> '|/etc/init.d/avahi-daemon stop'. |This allowed me to
successfully
>> join the domain.
>>
>> Enter administrator at DOMAIN.LOCAL's password:
>> Using short domain name -- DOMAIN
>> Joined 'PFMEMBER1' to dns domain 'domain.local'
>> DNS Update for pfmember1.local failed: ERROR_DNS_UPDATE_FAILED
>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>> ||
>> On 1/2/2015 8:55 AM, Rowland Penny wrote:
>>> On 02/01/15 13:41, James wrote:
>>>> Hi Rowland,
>>>>
>>>> If you don't mind I like to post my member server
configuration
>>>> as I attempt again. This is how my member server(Ubuntu 12.04)
is
>>>> configured after fresh install and prior to Samba build.
Anything
>>>> I'm missing that could cause my issue as I proceed? I
assume no
>>>> other prerequisites must be done on the other DC's either?
Thanks.
>>>>
>>>> /*# From Wiki for DC build*/
>>>> apt-get install build-essential libacl1-dev libattr1-dev
>>>> libblkid-dev libgnutls-dev libreadline-dev python-dev
libpam0g-dev
>>>> python-dnspython gdb pkg-config libpopt-dev libldap2-dev
dnsutils
>>>> libbsd-dev attr krb5-user docbook-xsl libcups2-dev acl
>>>>
>>>>
>>>> /*# Fstab file*/
>>>> ext4 errors=remount-ro,user_xattr,acl,barrier=1 1 1
>>>>
>>>>
>>>> */# Hosts File/*
>>>> 127.0.0.1 localhost
>>>> 172.16.232.25 pfmember1.domain.local pfmember1
>>>>
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1 ip6-localhost ip6-loopback
>>>> fe00::0 ip6-localnet
>>>> ff00::0 ip6-mcastprefix
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters
>>>>
>>>>
>>>> */# Hostname/* */File/*
>>>> pfmember1.domain.local
>>>
>>> if you are referring to /etc/hostname, then it should just contain
>>> 'pfmember1'.
>>>
>>> Also, are you fixed on using Ubuntu 12.04, if you were to use
Debian
>>> Wheezy and backports, you wouldn't have to compile samba4.
>>>
>>> Rowland
>>>
>>>>
>>>> */#/network/interfaces/*
>>>> # This file describes the network interfaces available on your
system
>>>> # and how to activate them. For more information, see
interfaces(5).
>>>>
>>>> # The loopback network interface
>>>> auto lo
>>>> iface lo inet loopback
>>>>
>>>> # The primary network interface
>>>> auto eth0
>>>> iface eth0 inet static
>>>> address 172.16.232.25
>>>> netmask 255.255.255.0
>>>> gateway 172.16.232.201
>>>> network 172.16.232.0
>>>> broadcast 172.16.232.255
>>>> dns-search domain.local
>>>> dns-nameservers 172.16.232.29
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 1/1/2015 4:34 AM, Rowland Penny wrote:
>>>>> On 01/01/15 00:07, James wrote:
>>>>>> Hi Rowland,
>>>>>>
>>>>>> I forgot to tell you the results were from my
Domain
>>>>>> Controller and not the member server. Member server
returned
>>>>>> something to the effect of 'user not found'. I
am only starting
>>>>>> the 3 services(smbd,nmbd and windbindd) listed in the
wiki.
>>>>>> Should I be starting Samba with command line switches
to start as
>>>>>> a member server? Is that even possible?
>>>>>
>>>>> Hi, there are two ways of running samba4, the classic or
original
>>>>> way that samba3 was used, or as an AD DC. If you run samba4
in the
>>>>> classic way, you need to start the smbd & nmbd deamons
and
>>>>> optionally the winbind daemon. If you use samba4 as an AD
DC, then
>>>>> you only start the samba daemon, this will start any other
>>>>> required deamons, you only start the samba daemon on an AD
DC.
>>>>>
>>>>> As you are trying to set up a member server, you must carry
out
>>>>> the tests on the member server.
>>>>>
>>>>> Rowland
>>>>>
>>>>>>
>>>>>> Thanks for you smb.conf. I will attempt again using
your
>>>>>> smb.conf as a template and try again.
>>>>>>
>>>>>> On 12/31/2014 2:20 PM, Rowland Penny wrote:
>>>>>>> On 31/12/14 19:07, James wrote:
>>>>>>>> Rowland,
>>>>>>>>
>>>>>>>> I decided to start over with a fresh
install and attempted
>>>>>>>> again. Only change I made was to start my
mappings at 10000. I
>>>>>>>> gave 'Domain Users' group gid 10000 and
'tuser' has uid 10001.
>>>>>>>> Still didn't work btw.
>>>>>>>>
>>>>>>>> dn: CN=Test User,CN=Users,DC=domain,DC=local
>>>>>>>> objectClass: top
>>>>>>>> objectClass: person
>>>>>>>> objectClass: organizationalPerson
>>>>>>>> objectClass: user
>>>>>>>> cn: Test User
>>>>>>>> sn: User
>>>>>>>> givenName: Test
>>>>>>>> instanceType: 4
>>>>>>>> whenCreated: 20141231172021.0Z
>>>>>>>> displayName: Test User
>>>>>>>> uSNCreated: 477557
>>>>>>>> name: Test User
>>>>>>>> objectGUID:
90f95763-fe52-42b9-af86-8a84a4d5dd78
>>>>>>>> userAccountControl: 66048
>>>>>>>> codePage: 0
>>>>>>>> countryCode: 0
>>>>>>>> pwdLastSet: 130645200220000000
>>>>>>>> primaryGroupID: 513
>>>>>>>> objectSid:
S-1-5-21-940051827-2291820289-3341758437-3126
>>>>>>>> accountExpires: 9223372036854775807
>>>>>>>> sAMAccountName: tuser
>>>>>>>> sAMAccountType: 805306368
>>>>>>>> userPrincipalName: tuser at domain.local
>>>>>>>> objectCategory:
>>>>>>>>
CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=local
>>>>>>>> unixUserPassword: ABCD!efgh12345$67890
>>>>>>>> uid: tuser
>>>>>>>> msSFU30Name: tuser
>>>>>>>> msSFU30NisDomain: domain
>>>>>>>> uidNumber: 10001
>>>>>>>> loginShell: /bin/sh
>>>>>>>> unixHomeDirectory: /home/tuser
>>>>>>>> gidNumber: 10000
>>>>>>>> whenChanged: 20141231185807.0Z
>>>>>>>> uSNChanged: 477620
>>>>>>>> distinguishedName: CN=Test
User,CN=Users,DC=domain,DC=local
>>>>>>>>
>>>>>>>>
>>>>>>>> On 12/31/2014 1:50 PM, Rowland Penny wrote:
>>>>>>>>> On 31/12/14 18:28, James wrote:
>>>>>>>>>> Hi Rowland,
>>>>>>>>>>
>>>>>>>>>> passwd: compat winbind
>>>>>>>>>> group: compat winbind
>>>>>>>>>>
>>>>>>>>>> 'getent passwd tuser' results
in a blank terminal line.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 12/31/2014 1:12 PM, Rowland Penny
wrote:
>>>>>>>>>>> On 31/12/14 17:55, James wrote:
>>>>>>>>>>>> Hi Rowland,
>>>>>>>>>>>>
>>>>>>>>>>>> I did. Unfortunately
something is still amiss. I do
>>>>>>>>>>>> receive a response from
'getent group domain
>>>>>>>>>>>> users'(users:x:100).
>>>>>>>>>>>>
>>>>>>>>>>>> On 12/31/2014 12:26 PM, Rowland
Penny wrote:
>>>>>>>>>>>>> On 31/12/14 17:23, James
wrote:
>>>>>>>>>>>>>> Rowland,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I set a user with a
uid and domain users group with a
>>>>>>>>>>>>>> gid but I'm still
unable to view them using 'id'. I do
>>>>>>>>>>>>>> notice a few strange
observations. If I go to another
>>>>>>>>>>>>>> user to attempt to
assign a uid. I get the default value
>>>>>>>>>>>>>> of 10000. I would
expect 2001 given I set the first user
>>>>>>>>>>>>>> with uid 2000. Groups
however appear to increment.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 12/31/2014 10:52 AM,
Rowland Penny wrote:
>>>>>>>>>>>>>>> On 31/12/14 15:42,
James wrote:
>>>>>>>>>>>>>>>> Hello Stefan,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I learned
the hard way about .local. I understand
>>>>>>>>>>>>>>>> going forward.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I do have an
issue with the member server. Following
>>>>>>>>>>>>>>>> along with the
wiki I get stuck at 'Testing the Winbind
>>>>>>>>>>>>>>>> user/group
mapping'. Wbinfo works as expected but not
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> #*id
DomainUser*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> #*getent
passwd*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> #*getent group*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> #*chown
DomainUser:DomainGroup file*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> #*chgrp
DomainGroup file*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> etc.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I receive
'id: sambauser: No such user'. It will only
>>>>>>>>>>>>>>>> retrieve local
machine users. Let me preface by saying
>>>>>>>>>>>>>>>> this is a
Ubuntu 12.04 server with Samba 4.1.14. Thanks.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 12/31/2014
10:00 AM, Stefan Kania wrote:
>>>>>>>>>>>>>>>>> -----BEGIN
PGP SIGNED MESSAGE-----
>>>>>>>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hello
James,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Am
31.12.2014 um 15:48 schrieb James:> Hello,
>>>>>>>>>>>>>>>>>> I'm
following along with the wiki(Setup a Samba AD
>>>>>>>>>>>>>>>>>> Member
Server)
>>>>>>>>>>>>>>>>>> and I
have a question after reading the 'Set up a
>>>>>>>>>>>>>>>>>> basic
smb.conf'
>>>>>>>>>>>>>>>>>>
section.
>>>>>>>>>>>>>>>>> Please show
us your smb.conf
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Do I need
to extend the schema in order for my
>>>>>>>>>>>>>>>>> member
server to
>>>>>>>>>>>>>>>>>>
successfully join and service file shares?
>>>>>>>>>>>>>>>>> No, you
dont have to.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Do I need
to configure a
>>>>>>>>>>>>>>>>>>
krb5.conf file? Thanks.
>>>>>>>>>>>>>>>>> If your DC
is a samba4 DC just copy krb5.conf to your
>>>>>>>>>>>>>>>>> new
memberserver
>>>>>>>>>>>>>>>>> Stefan
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> - -- Stefan
Kania
>>>>>>>>>>>>>>>>> Landweg 13
>>>>>>>>>>>>>>>>> 25693 St.
Michaelisdonn
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Signieren
jeder E-Mail hilft Spam zu reduzieren.
>>>>>>>>>>>>>>>>> Signieren
Sie ihre
>>>>>>>>>>>>>>>>> E-Mail.
Weiter Informationen unter http://www.gnupg.org
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Mein
Schl?ssel liegt auf
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
hkp://subkeys.pgp.net
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> -----BEGIN
PGP SIGNATURE-----
>>>>>>>>>>>>>>>>> Version:
GnuPG v1
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
iEYEARECAAYFAlSkD3EACgkQ2JOGcNAHDTZdlwCgwsQF0g/pFp65ldcTMWDcJ1O7
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
LScAoLDzorUJNDCik4FP9dBUxKCbAbGN
>>>>>>>>>>>>>>>>> =SOSt
>>>>>>>>>>>>>>>>> -----END
PGP SIGNATURE-----
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If you followed the
wiki, you will be using the 'ad'
>>>>>>>>>>>>>>> backend. For this
to work, you need to add 'uidNumber'
>>>>>>>>>>>>>>> attributes to your
users and a 'gidNumber' attribute to
>>>>>>>>>>>>>>> at least the Domain
Users group. the numbers that you
>>>>>>>>>>>>>>> add must be between
the range you set in your smb.conf,
>>>>>>>>>>>>>>> again if you
followed the wiki, this will be between
>>>>>>>>>>>>>>> 500-40000.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> You have restarted samba,
haven't you ?
>>>>>>>>>>>>> You may have to wait a
short time, or clear the cache with
>>>>>>>>>>>>> 'net cache flush'
>>>>>>>>>>>>>
>>>>>>>>>>>>> Rowland
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> OK, can you post the
'passwd' & 'group' lines from
>>>>>>>>>>> /etc/nsswitch
>>>>>>>>>>>
>>>>>>>>>>> Do you get anything from
'getent passwd <a domain user>'
>>>>>>>>>>>
>>>>>>>>>>> Rowland
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> OK, install ldb-tools if not already
installed, then run:
>>>>>>>>>
>>>>>>>>> ldbedit -e nano -H
/var/lib/samba/private/sam.ldb
>>>>>>>>> sAMAccountName=tuser
>>>>>>>>>
>>>>>>>>> Post the (sanitized) result
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> OK, you added that user with ADUC (RSAT) and as
such you are
>>>>>>> using the std windows start number 10000, which is
the way I run
>>>>>>> samba. Here is my smb.conf from the laptop I am
writing this on:
>>>>>>>
>>>>>>> [global]
>>>>>>> workgroup = EXAMPLE
>>>>>>> security = ADS
>>>>>>> realm = EXAMPLE.COM
>>>>>>> dedicated keytab file = /etc/krb5.keytab
>>>>>>> kerberos method = secrets and keytab
>>>>>>> server string = Samba 4 Client %h
>>>>>>> winbind enum users = yes
>>>>>>> winbind enum groups = yes
>>>>>>> winbind use default domain = yes
>>>>>>> winbind expand groups = 4
>>>>>>> winbind nss info = rfc2307
>>>>>>> winbind refresh tickets = Yes
>>>>>>> winbind normalize names = Yes
>>>>>>> idmap config * : backend = tdb
>>>>>>> idmap config * : range = 2000-9999
>>>>>>> idmap config EXAMPLE : backend = ad
>>>>>>> idmap config EXAMPLE : range = 10000-999999
>>>>>>> idmap config EXAMPLE : schema_mode =
rfc2307
>>>>>>> printcap name = cups
>>>>>>> cups options = raw
>>>>>>> usershare allow guests = yes
>>>>>>> domain master = no
>>>>>>> local master = no
>>>>>>> preferred master = no
>>>>>>> os level = 20
>>>>>>> map to guest = bad user
>>>>>>> vfs objects = acl_xattr
>>>>>>> map acl inherit = Yes
>>>>>>> store dos attributes = Yes
>>>>>>>
>>>>>>> Compare it with yours, I can assure you it works.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> --
>>>> -James
>>>
>>
>> --
>> -James
>
> OK, you have *now* found out one of the reasons you shouldn't use the
> .local suffix
>
> But does anything else work?
>
> Rowland
--
-James