similar to: Strange behaviour with "force user" parameter

Hi, I'm stuck since one week on how to give access on a kerberized nfs4 share to client-side local account (more precisely www-data account)... My client setup and step-by-step configuration : - Installed OS : XUbuntu 16.04 x64 1. Installing Samba4 from repos 2. Configuring Samba : My client-side smb.conf : [global] netbios name = TEMPOINST workgroup = WKG security =

Hi, I come to find new ideas about a problem which is blocking me since many days.... I've an AD DC on Samba 4.1.11, and a file server (on Samba 4.1.11 too) member of the domain. They works fine (apparently). I've a Win7 Enterprise x64 client, joined to the domain. I've created a new user 'foo' to test openning session. When I log for the first time, my user get a local

Hi, I've a really big problem with my SAMBA 4.1.11 production server.... it doesn't want to start smbd anymore.... nmbd starts fine but not smbd. I've tried to start smbd in interactive mode to see what's happened : # /srv/progs/samba4/sbin/smbd -i -d9 produce a lot of lines about configuration (all fine), some last lines are : added interface lo ip=::1

Hi, I've a SAMBA4 AD Domain that works nicely. All my W7 joined perfectly and all my Linux clients authenticates against kerberos part of SAMBA. All work perfectly, now I'm trying to secure my NFS mounts by using kerberos part of SAMBA. My NFS server works and I can mount NFS4 exports without kerberos (and without problem ;-) ), but when I want to mount a gss/krb5 export on a linux

If not done, add the server to the AD. Add the host and nfs to the COMPUTERNAME($) account. And use winbind to refresh the keytab. Stop samba, remove the keytab, create the new with the new SPN's in it, start samba. And Use the second keytab for apache with only http as upn in it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at

** I truncate my initial mail below for size reason ** I've tried your tips but nothing better.... AD users can still accessing share (ouf !!), but local users not more. I can't find where it blocks.... Thanks for your help Louis, Greetz, Bruno Le 02/08/2016 à 15:33, L.P.H. van Belle a écrit : > > You keep 2 ranges. > > One for the “local (linux) users” > >

Hi, I don't stop to have problems with samba :s ... Now after having workaround the bug of scanning all LDAP users for each connexion... smbd crash very often. In some workstation log files i can see something like this : ... [2009/10/01 16:28:12, 2] smbd/open.c:580(open_file) baala opened file .profiles/firefox/cookies.sqlite-journal read=No write=No (numopen=20) [2009/10/01

You need for the apache keytab something like Alias /webmail /usr/share/webmail # <Directory /usr/share/ webmail > AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbServiceName HTTP KrbAuthRealms EXAMPLE.COM Krb5KeyTab /etc/httpd/conf/keytab require valid-user </Directory> chmod 400 /etc/httpd/conf/keytab chown

Hi all, I've a SAMBA4 AD DC primary controller, another server joined as DC too, all worked pretty good since this morning.... This morning, I need to join a lot of workstations to the domain, I begin on the first one and get an error message 'This operation must be done on the primary domain controller'.... strange. I go on my first PDC checking network, DNS (dbcheck returns no

Hi, I'm working in an educational environment so I've some obligations that complicate my work. For example in all rooms of practical class all the workstations are in dual boot (Win7 + XUbuntu 14.04). I've tried 2 solutions : 1- Setting the same hostname to both OS, joigning Win7 to AD and using the created (by joining) keytab on linux side for sssd. 2-

Hi, Like explained in my precedent mail (Permission Problems), I want to do a share (called partinfo) with basic behaviour : * everybody in group 'info' can create file into the share. * everybody in group 'info' can modify file into the share (not only owned files) * only owner of a file can delete it/rename it ! I put a Sticky Bit on my share folder so I've got :

Hi, I successfully set up an AD DC, and now, I want to join a file server as member in this domain. I followed this tutorial : https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server All works fine, my server join my AD without problem, samba starts fine and winbind too. But when I look at my domain users, the uid/gid returned by winbind are in the TDB range instead of the AD

It's ok So, if I create a httpuser and an httpgroup in my AD and use these at owner and group for my apache2 daemon, this one could access to userdirs (while permissions granting it) ? But I need to cron 'kinit' to keep valid ticket... ? My local root user always can't access to the share, but my other problem seems to be resolved. Thanks Le 02/08/2016 à 16:37, Rowland

Hi, I've got a strange behaviour on a share when I copy files with files explorers (like Thunar, Nautilus, ...). This is the share configuration : [share1] comment = Share 01 path = /home/shares/share1 valid users = +share1 force group = share1 read only = No create mask = 0660 force create mode = 0660 directory mask = 1770 force directory mode = 1770 browseable = No

Hi, My problems with Samba continue... I'm very disappointed, i've never had as problems with Samba before (on my old server with Gentoo/Samba 3.0.23...). So the new problem is : When a student want to compile a C program into his home (mounted in CIFS), the produced executable can't be executed "./tst: cannot execute binary file". Tried on ubuntu-9.04 with mount.cifs

Hello all, I've got an old server running SAMBA 3.3.0. I've some shares on it. All shares looks like this : [partinfo] path=/shares/partinfo valid users = +info force user = %U force group = info read only = No create mask = 0660 directory mask = 0770 All works perfectly : When I create a file on this share other users in the info group can modify it but nobody can delete it

Hey all, i do have the following problem: i set up a PDC with Samba with an LDAP backend. Everything works fine but the machine account lookup. If i try to logon to the domain i have to create the machine account in ou=People,dc=testing,dc=de. Everything works fine with this. But if i create the machine account in ou=Computers,dc=testing,dc=de and change all suffixes according to this the

Ah ok, you are using "public_html" from a default setup. Now i understand what you exact want. If you have the apache keytab created. Create a cron job and run : kinit -t /path/to/keytab as the www user. Dont forget het disable the password change in the AD user for the "apache Service user" account. You probely also need to export some kerberos variables like :

Hi ! I've got a server with Samba 3.5.3 with LDAP backend running on it. When I want to add a workstation I've got a strange result First there is the workstation LDAP account : dn: cn=TOTO$,ou=machines,o=ADM-SC,dc=univ-rouen,dc=fr objectClass: top objectClass: person objectClass: posixAccount objectClass: sambaSamAccount cn: TOTO$ sn: TOTO$ uid: TOTO$ uidNumber: 5037

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking