Linux/Samba Authentications

Similar Messages

• Different File Sizes on Linux Samba - depending if bound to AD or not

  The Macs are running 10.5.7 and are bound to a 2003 Active Directory. We connect to a Redhat Linux Samba file server. The authentication is handled by AD. The issue is that all the file sizes show up too large. Anything less than a 1MB is shown as 1MB or more; ie 140KB is 1MB.
  The OS X Servers (also bound to AD) running both AFP and SMB show the file sizes correctly.
  IF I unbind the Mac from AD and connect (authentication still handled by AD) the file sizes show up correctly. ie 140KB IS 140 KB.
  Any ideas or suggestions?

  Follow up: Everything shows up correctly on the WIndows Servers via SMB.

• Do I need and how to secure the Unix/Linux agents authentication and communication to RMS?

  Hi everybody
  We have an environment including SCOM 2012 SP1, 10 windows server, 40 linux servers and 10 HP-UX servers. all of them are joined a trusted domain. I know the authentication method between windows agents and management server is kerberos. but not for linux and
  HP-UX servers.
  Now I want to secure the Unix/Linux agents authentication and communication to RMS. some questions:
  1- how much secure and credible is current authentication method? and in a high secure environment can I trust SCOM self signed Certificates?
  2- Considering this point that Unix/linux computers are joined to active directory domain and are using Kerberos to authenticate, can I use this
  authentication method between RMS and linux Agents? 
  3- if I make a decision to use certificates should I use gateway server? (considering all servers and RMS are in same trusted domain)
  any other suggestion?
  Thanks in advance

  nothing?

• How To join Max OS C Clients to a Linux Samba PDC

  Hi,
  we do have a working Linux Samba PDC for a lot of Windows XP Clients. Now, we'd like to join the fewer Mac OS X Clients also to the PDC, so that users can login to the hopefully same profile/home directory from PC and Mac.
  Is this possible? If not, is it possible to only authenticate the Mac OS X Users against the samba pdc (without automounting shares ...)?
  Are there any How To?
  Thanks for any hint and suggestion! Best regards.
  Götz Reinicke

  Hi Luis,
  You also need to add the Linux user to samba using the smbpasswd -a username command, aslo the machine you are accessing needs to be added to the smbpasswd file using the -m (this can be run only by root)
  for more details on the command do a
  man smbpasswd.
  Hope this helps.
  Thanks.

• SCOM 2012 Unix/linux agents authentication method

  Hi everybody
  We have an environment including SCOM 2012 SP1, 10 windows server, 40 linux servers and 10 HP-UX servers. all of them are joined a trusted domain. I know the authentication method between windows agents and management server is kerberos. but about linux
  and HP-UX servers? I have read :
  "UNIX and Linux agent monitoring in Operations Manager requires certificates to secure the SSL communication channel between the Management Servers and agents. The
  Operations Manager UNIX/Linux agent is a very lightweight agent implementation, comprising a CIM Object Manager (OpenPegasus) and CIM Providers.  There are two
  protocols involved in the communication between the Management Server and the UNIX/Linux agent:  ssh and WS-Management."
  Now I want to secure the Unix/Linux agents authentication and communication to RMS. some questions:
  1- how much secure and credible is current authentication method? and in a high secure environment can I trust SCOM self signed Certificates?
  2- Considering this point that Unix/linux computers are joined to active directory domain and are using Kerberos to authenticate, can I use this authentication method between RMS and linux Agents? 
  3- if I make a decision to use certificates should I use gateway server? (considering all servers and RMS are in same trusted domain)
  any other suggestion?
  Thanks in advance

  Hi Ghasem,
  Some helpful links for your questions:
  http://technet.microsoft.com/en-us/library/hh487288.aspx
  http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx
  Natalya

• Weblogic 9.2 cluster install across 2 linux servers - authentication errors

  Hello all,
                      I am currently trying to install a 9.2 cluster across two Linux machines, but am having a few problems that I was hoping someone here could help with. I?ve been reading the documentation, but feel as though it?s getting me nowhere.
                      I have two servers, on which I have installed weblogic portal 9.2. On the first I have then used the configuration wizard to great an admin server and cluster members 1, 2 and 3.
                      A cluster is created and the three cluster members are assigned to it.
                      Then I configure two unix machines, for the servers 1 and 2.
                      I assign the admin server and cluster member 1 to the first server. Cluster members 2 and 3 are assigned to the second server.
                      The connection pools and JMS stores I left as the default values.
                      The configuration completes and a domain is created on the first server.
                      I have copied the complete user_projects directory to the second server. I didn?t want to go through the configuration steps on each server that weblogic was to be installed on, so this looked like the easiest way to get the startManagedWeblogic scripts onto the second server. Also I didn?t find anything in the documentation that mentioned how to set up a cluster across multiple machines in any detail, only how to install multiple instances on a single server and run them as a cluster.
                      I manage to start the admin server ok and can connect through the web based admin console.
                      The first cluster member also starts up on the first server.
                      Now I go to the second server again, and when I try to start the cluster members here I get Authentication errors:
                      <Jan 31, 2007 2:56:22 PM CET> <Error> <Security> <BEA-090854> <SAMLCredentialMapper provider initialization failed: Could not retrieve credentials for AssertionSigningKey.>
            <Jan 31, 2007 2:56:23 PM CET> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
            <Jan 31, 2007 2:56:23 PM CET> <Error> <com.bea.weblogic.kernel> <000000> <[Security:090735]The DBMS connection was not usable>
            <Jan 31, 2007 2:56:23 PM CET> <Critical> <Security> <BEA-090403> <Authentication for user weblogic denied>
            <Jan 31, 2007 2:56:23 PM CET> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
            weblogic.security.SecurityInitializationException: Authentication for user weblogic denied
                    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:947)
                    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
                    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:854)
                    at weblogic.security.SecurityService.start(SecurityService.java:141)
                    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
                    Truncated. see log file for complete stacktrace
            >
            <Jan 31, 2007 2:56:24 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
            <Jan 31, 2007 2:56:24 PM CET> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
            <Jan 31, 2007 2:56:24 PM CET> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
            Autonomy engine processes stopped
                                What am I doing wrong / forgetting to do.
                      Any help or suggestions are most helpful
                      Regards
                                IV

  Hello ,
            I can help you in this regard, (let me see).
            Let me start from the beginning.
            Assumptions:
            M1 is hosting 1-Admin server(AdminServer), 2-Managed Server(ms1,ms2),
            M2 is hosting 1 -managed server (ms3)
            1. Install WebLogic Server/Portal product on M1 and M2 say /home/user1/bea1 - on M1
            /home/user1/bea1 - on M2
            2. Create Cluster Domain using ConfigWiz/WLST.
                 [ here I will talk abt Config Wiz)
                 - Open config Wiz
            - Create domain in Production Mode.(ideally Cluster is not supported in Dev mode )
                 - Create 1 Admin server, 3 Managed server Host = <M1> and config SSL port
                      AdminServer ? Host_M1
                      Ms1     ? Host_M1
                      Ms2     ? Host_M1
                      Ms3     ? Host_M2
            NOTE: *** Don't use IP addresses - use hostnames. The hostnames need to be specified in the correct format. When specifying a hostname, use the receiving server side's rules for SSL certificate hostname format when specifying the server address. The address that a client uses needs to match up with the server's SSL certificate host identity field ((example: pint21.bea.com on both server/client side, not just pint21 and other pint21.bea.com)
            Using the 'keytool' Java utility, verify the content of hostname identity embedded in the demo SSL certificate
            $ keytool -list -v -alias demoidentity -keystore DemoIdentity.jks
            Owner: CN=pisol18, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US
            -     Config Data Source (conn pool) to Any DB Type you like, test them and run the DB scripts if applicable (Run DB).
            3. Create Managed Server template Using Pack/Unpack tool
            3.1     Using <WL_HOME>\common\bin\pack.cmd with ?managed option create managed server template.
            3.2     Using <WL_HOME>\common\bin\unpack.cmd on M2 to create the domain on Host2
            4. Starting the Admin Server
            5. Start the Managed server in many way. As given on edocs.
            http://edocs.bea.com/wls/docs92/ConsoleHelp/taskhelp/clusters/StartOrStopAServer.html
            I hope this helps you,
            Thanks
            Viswa
            ------------

• Leopard 10.5.5 and Linux Samba shares not connecting

  I have seen this talked about many times, but I have not found the answer. And my situation is always slightly different from others...so here it is!
  when I try to connect to our samba share, here are my steps...
  Go
  Connect to Server
  smb://10.xx.xx.xx
  Connect
  here's where the problem is: the enter username and password pops up, and asks me to put them in...there is no user/password on our samba shares, and I cannot connect via guest either.
  in Tiger, there was a work around through terminal to connect, but that doesn't apply to Leopard. We only have 2 Leopard machines here, all the rest are still Tiger, but we are eyeing upgrades, and would be forced to go up to Leopard since we can't buy new Macs with Tiger anymore.

  best answer...get rid of Linux share, replaced it with an OS X server, no problems at all...

• Tiger Cannot see Linux Samba Share

  My network at home is an amalgam of different systems, with a few set up as web-servers or file-sharing boxes. The primary file sharing box is set up in linux(Gentoo) using samba. The server doesn't appear when I browse through my network to try and find it, and when I try to connect to server through apple-K and using the IP address, I get this message: Connection Failed. Server may not exist or it is not functional at this time. Check the server name or IP address and try again.
  But it works fine on every Windows machine my roommate tries to use. Can somebody give me some help here?
  He is running the latest versions of both gentoo and samba.

  First, determine the workgroup name that these WindowsPCs and the Samba/linux have.
  Then check to be sure that your mac has that, too.
  Utilities>DirectoryAccess>(unlock)>Click SMB/CIFS>Click Configure...Put that Workgroup name in the appropriate box.
  You should be able to safely ignore the WINS server box.

• Using OSX as our LDAP and connecting Linux Samba Server

  I've been pulling my hair out for a few days now getting my linux box running samba to use my os x server ldap. I just can't seem to find the correct way to set up my smb.conf file that allows it to work. Currently when I try to connect to the samba share it spins for a while and then says, Connection failed. There was an error connecting to the server. Check the server name or IP. Then you hit ok and it says: Could not connect to the server because the name or password is not correct.
  It never does actually ask me for a name or password. So does anybody know for a linux box how we set up the smb.conf file correctly? I've tried to follow the examples online and it just does not seem to work.

  You might want check this thread: https://discussions.apple.com/thread/5470507?tstart=0
  If you have a hard drive with space, you might try partitioning so you could install Mavericks, while preserving your current system, to see whether it works with the apps you have.

• Network browsing with Samba, Linux and Windows

  I'm having trouble with OSX 10.4.8 and a SMB network. My
  server is running Linux Debian, and exporting shares via Samba.
  I have a couple of XP boxes on the network, and they can see all the shares in the workgroup, and can mount them.
  However, from the OSX machines, when I click on 'connect to server' and then click 'browse' I get an empty box.
  If I enter the server share manually, (smb://server/share)I can mount it as normal.
  Also, if I go to the terminal, smbtree shows the entire tree correctly (the same as viewed from XP). Also smbclient -L server shows a list of
  all shares, and nmblookup returns correct data.
  I can ping all the machines, and they are all on the same subnet.
  I have recently done the following:
  on the Linux Samba server:
  set OS level to 255
  set domain master yes
  set local master yes
  set wins support yes
  preferred master yes
  From the Windows machine I can see the whole network, including the Mac. I can also mount the user's home dir which is shared on the Mac.
  From the Mac, I see nothing when I click 'browse' from 'connect to server', but still I can connect if I manually type the path. Notably, I cannot the Mac listed in it's own browse window.
  From the Mac terminal I can see the whole network using smbtree, including the Mac and it's share.
  The Mac smb.conf file sets the os level to 8, and wins server to the IP address of the Linux Samba server.
  smbclient -L localhost -U also works, showing the local machine's NETBIOS name, and the shared home directory.
  If I run nmblookup -M WORKGROUP, the master is reported as 192.168.168.2, correctly.
  However, nmblookup -T 192.168.168.2 does not work. I don't know if it should.
  Any help / suggestion would be appreciated.
  Stuart
  Mac Pro   Mac OS X (10.4.8)  

  There's going to be something about that OS Level setting, I think.
  Check your Mac's setting again (yours is 8, I see.)
  Make Debian's OS Level not quite so high?
  Disable mac's OS Level completely? (comment using semicolon)
  Something
  http://www.faqs.org/docs/securing/chap29sec284.html
  remembering to restart samba server at mac and/or Linux after any changes to SMB.conf?
  I'll keep looking. I run a similar network (Linux, Win x 7, Mac x 1) and it "Just Works"

• NTLMv2 Authentication in Linux

  I am creating a web services client in Java that is intended to extract data from a sharepoint site. My code works in the windows environment but not in the Linux environment. Research lead me to write a java.net.Authenticator implementation as described by the Java Documentation on HTTP Authentication. The link is provided below:
  http://java.sun.com/javase/6/docs/technotes/guides/net/http-auth.html
  I am using JDK 1.6.0_06. the Sharepoint server requires NTLMv2 Authentication. In windows the authenticator is not called my login credentials are automatically used. In Linux, the authenticator is called and fails. The Linux stack trace is:
  java.io.IOException: Server returned HTTP response code: 500 for URL: http://myserver/sites/asite/_vti_bin/Lists.asmx?WSDL
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
  at java.net.URL.openStream(URL.java:1009)
  at com.uboc.sharepoint.io.URLGetter.loadURLToStrings(URLGetter.java:26)
  at com.uboc.sharepoint.io.URLGetter.main(URLGetter.java:105)
  I tried every variation of the userid and password. This included:
  1 - Using the domain name as a prefix with a backslash seperator. (<DomainName>\<UserName>)
  2 - Using the system property -Dhttp.auth.ntlm.domain=<DomainName>
  3 - Omitting the domain name alltogether
  None of these work for me.
  Does anyone know whether Sun's Linux implementation of JDK 1.6 supports NTLMv2 authentication protocol?
  My authenticator code is as follows:
  import java.net.Authenticator;
  import java.net.PasswordAuthentication;
  public class WindowsAuthenticator extends Authenticator {
       private String user;
       private String password;
       public WindowsAuthenticator()
            super();
       public WindowsAuthenticator(String user, String password)
            this.user = user;
            this.password = password;
       @Override
       protected PasswordAuthentication getPasswordAuthentication()
            PasswordAuthentication auth;
          System.out.println("RequestingHost=" + this.getRequestingHost());
          System.out.println("RequestingProtocol=" + this.getRequestingProtocol());
          System.out.println("RequestingPort=" + this.getRequestingPort());
          System.out.println("RequestingScheme=" + this.getRequestingScheme());
          System.out.println("RequestingPrompt=" + this.getRequestingPrompt());
          System.out.println("RequestingSite=" + this.getRequestingSite());
          System.out.println("RequestingURL=" + this.getRequestingURL().toString());
          if (this.getRequestorType() == Authenticator.RequestorType.PROXY)
              System.out.println("RequestType=PROXY");
          else if (this.getRequestorType() == Authenticator.RequestorType.SERVER)
              System.out.println("RequestType=SERVER");
          System.out.println("UserID=\"" + this.getUser() +"\"");
          System.out.println("Password=\"" + this.getPassword()+ "\"");
            auth = new PasswordAuthentication(this.user, this.password.toCharArray());
            return auth;
       * @return the password
      public String getPassword()
          return password;
       * @param password the password to set
      public void setPassword(String password)
          this.password = password;
       * @return the user
      public String getUser()
          return user;
       * @param user the user to set
      public void setUser(String user)
          this.user = user;
  My URLGetter Code is as follows
  import java.io.BufferedReader;
  import java.io.File;
  import java.io.FileNotFoundException;
  import java.io.FileOutputStream;
  import java.io.IOException;
  import java.io.InputStreamReader;
  import java.io.PrintStream;
  import java.net.Authenticator;
  import java.net.URL;
  import java.util.ArrayList;
  public class URLGetter {
      public static ArrayList<String> loadURLToStrings( URL url )
      throws IOException
         String inputLine;
         ArrayList<String> lines = new ArrayList<String>();
          ** get an input stream for the URL
         BufferedReader in = new BufferedReader(new InputStreamReader(url.openStream()));
         ** Move the data. OK maybe buffered IO might improve performance.
         while ( (inputLine = in.readLine()) != null )
             lines.add(inputLine);
         ** Close the stream
         in.close();
         return lines;
       * @param args URL, outputFile, userid, password
      public static void main(String[] args)
          String url      = null;
          String outFile  = null;
          String user     = null;
          String password = null;
          PrintStream out = null;
          WindowsAuthenticator auth = null;
          try
               * Get the URL
              if (args.length > 0 )
                  url = args[0];
              else
                  System.err.println("Error: URL not specified.");
                  cmdLineInfo();
                  System.exit(1);
               * Get the output file name
              if (args.length > 1 )
                  outFile = args[1];
                  out     = setupPrintStream( outFile);
              else
                  out = System.out;
                  System.err.println("Using stdout.");
               * Get the userid
              if (args.length > 2 )
                  user = args[2];
                  auth = new WindowsAuthenticator();
                  auth.setUser(user);
                  Authenticator.setDefault(auth);
                  System.err.println("userid specified.");
               * Get the password
              if (args.length > 3 )
                  password = args[3];
                  auth.setPassword(password);
                  System.err.println("password specified.");
               * Download the URL
                 ArrayList<String> data = loadURLToStrings(new URL( url ));
                 for ( int i = 0; i < data.size(); i++)
                      out.println( data.get(i));
            catch (Exception e)
                 e.printStackTrace();
       *  Prints the command line parameters to the console
      public static void cmdLineInfo()
          System.err.println("Usage: java [options] URLGetter URL outputFileName [userid] [password]");
          System.err.println("Where command line parameters include:");
          System.err.println("URL          The full qualified URL or address of the information to download.");
          System.err.println("outputFile   The name of the file to save downloaded info.");
          System.err.println("userid       The optional username when the URL requires login.");
          System.err.println("password     The optional password when the URL requires login.");
       * Setup output File
       * @param fileName
       *        file that will be used to create an output file 
      public static PrintStream setupPrintStream( String fileName ) throws FileNotFoundException
          PrintStream out  = null;
          File        file = new File( fileName );
          file.delete();
          FileOutputStream stream  = new FileOutputStream(fileName, true);
          out     = new PrintStream( stream );
          return out;
  }

  It's an old post but the basic problem is that the code shown doesn't implement NTLMv2 authentication at all. It just implements basic password authentication.
  Does anyone know whether Sun's Linux implementation of JDK 1.6 supports NTLMv2 authentication protocol?@OP: you should have read the link you provided! It clearly says that NTLM authentication via java.net.Authenticator only works on Windows platforms, and it works by not calling your installed Authenticator. If yours gets called, it is not working or not available.
  There are other problems:
  public static PrintStream setupPrintStream( String fileName ) throws FileNotFoundException
  PrintStream out  = null;
  File        file = new File( fileName );
  file.delete();
  FileOutputStream stream  = new FileOutputStream(fileName, true);
  out     = new PrintStream( stream );
  return out;
  }All that could be reduced to new PrintStream(new FileOutputStream(fileName), false). You don't even need the method.

• OS X authenticates as Guest to Samba, but uses Kerberos to Windows

  My network: Windows 2003 file server, Windows 2003 Domain Controller, multiple WinXP clients, Ubuntu 7.1 server with Samba 3.0.28a joined to the domain, iMac w/ OS X 10.5.2 joined to the Windows Domain, user accounts are domain accounts.
  My problem: My Mac happily logs on to the Windows domain and will also happily access shares on the 2 Windows servers using Kerberos authentication as the logged in user on the Mac. However, accessing the Samba server shares results in OS X authenticating as Guest and the need to use "connect as..." to re-enter the domain username/password to access the share.
  My question: There are lots of posts regarding OS X always using Guest to authenticate to XP and Samba machines however none of these seem to be using a Windows domain. Can anyone explain why my Mac is quite capable of using Kerberos authentication as the logged in AD account when connecting to a Windows share but steadfastly refuses to use the same AD account to access the Samba share and instead always uses Guest? I'd be tempted to think that this was a Samba issue bar the fact that Windows clients will happily connect to the Samba share using an AD account; this seems to indicate that the issue is with Leopard.

  More data: I have now switched the user profiles on AD so that My Documents is mapped to the Linux Samba server; I also switched the users home directories so that they connect to the Linux Samba server. Logging on to OS X correctly maps the home folder and, more importantly, it authenticates using the AD account.
  However, in the Finder list of servers there are now two entries, one for the Samba server with a full DNS name (for the mapped home folder) and one for the same machine via Bonjour. The full DNS name entry is correctly authenticated with the AD account, but accessing the same machine via the Bonjour entry results in a connection using the Guest account. Finder correctly uses the AD account for other Bonjour entries where the target machine is running Windows, it only gets it wrong for the Samba server, despite the fact that it has already connected using the AD account for the home folder mapping.
  Any insights much appreciated...

• [SOLVED] Samba Issue (Arch+Win8 workgroup)

  Hi everyone.
  It`s been like 3 months that I am trying to add my archlinux VM to my windows network. I have even used arch as my main box but i changed cuz I couldnt share anything.
  I just created a workgroup in my windows 8 box and it gave me a password. Every windows machine, in order to get in this workgroup shall have this password.
  What I have
  In arch (virtualbox, installed on that windows  box) I have downloaded samba and nmap. I am using xfce4.
  My windows can see my arch box(called archlinux)  in network sharing window, the way it does when it is a windows machine. But, when I try to acces it, I get an error message (could not access ARCHLINUX).
  In my arch box, I see my windows machine, when I try to access it Thunar ask me for a user/domain/password information.
  if I write my password in windows 8 box, I can access the folder, but I have to do it to every sub folder.
  What I want
  Just share files from my archbox with every win machines from my local network without knowing the windows login password of everyone in my house.
  I suppose there`s some place where I can inform the workgroup passwd, like I do in windows
  What I have done
  https://wiki.archlinux.org/index.php/Sa … ng_a_share
  https://wiki.archlinux.org/index.php/Sa … ing_a_user
  -Installed gvfs-smb
  And that is my smb.conf
  [global]
  # workgroup = NT-Domain-Name or Workgroup-Name
  workgroup = WORKGROUP
  # server string is the equivalent of the NT Description field
  server string = archlinux
  # Uncomment this if you want a guest account, you must add this to /etc/passwd
  # otherwise the user "nobody" is used
  guest account = pcguest
  # this tells Samba to use a separate log file for each machine
  # that connects
  log file = /var/log/samba/%m.log
  # Put a capping on the size of the log files (in Kb).
  max log size = 50
  # Security mode. Most people will want user level security. See
  # security_level.txt for details.
  security = user
  map to guest = Bad User
  # Browser Control Options:
  # set local master to no if you don't want Samba to become a master
  # browser on your network. Otherwise the normal election rules apply
  local master = no
  # Windows Internet Name Serving Support Section:
  # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
  wins support = yes
  # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
  # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
  # this has been changed in version 1.9.18 to no.
  dns proxy = no
  #============================ Share Definitions ==============================
  [homes]
  comment = Home Directories
  browseable = no
  writable = yes
  [publico]
  path = /home/Teste
  public = yes
  only guest = yes
  writable = yes
  printable = no
  browsable = yes
  share modes = yes
  If you guys need any information please ask me, I really want it to work
  Thanks
  Last edited by Janilson (2013-06-17 14:09:46)

  The username/password will be the one of the user sharing the files but if you do not want to use password based sharing follow this:
  open start, click control panel, then "Network & Sharing Center", then click on  "change advanced sharing settings" here you will the settings for the 3 types of network, the one that is fully expanded is you current windows network type look through these setting & when you get to "Password Protected Sharing" set that to off (note: you may or may not need to reboot)
  Once you get windows setup to share what you want & you can access the files on linux you are halfway there next your focus is on the configured linux samba shares.
  The latest samba has a config file check tool to help us & advise us based on what we put in the config file, keep referring to the arch & samba wiki's as well as the link I provide below.
  I have just run the samba-tool on your config here is the output + revised config:
  ┌─(t0m5k1@b0x)-(1563/pts/1)-(10:38am:10/06/13)-
  └─>(%:~)
  └─>> sudo samba-tool testparm
  Unknown parameter encountered: "share modes"
  Ignoring unknown parameter "share modes"
  Press enter to see a dump of your service definitions
  <enter>
  # Global parameters
  [global]
  workgroup = WORKGROUP
  server string = archlinux
  security = USER
  map to guest = Bad User
  guest account = pcguest
  log file = /var/log/samba/%m.log
  max log size = 50
  local master = No
  dns proxy = No
  wins server = 127.0.0.1
  wins support = Yes
  [homes]
  comment = Home Directories
  read only = No
  browseable = No
  [publico]
  path = /home/Teste
  read only = No
  guest only = Yes
  guest ok = Yes
  save your current config under a different name:
  $ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.orig
  now create a new file with the revised one above restart samba:
  $ sudo systemctl stop smbd && sudo systemctl stop nmbd
  $ sudo systemctl start smbd && sudo systemctl start nmbd
  now try to access the file share on windows, if no joy recheck the paths to the shares at the bottom & the settings used in those sections (as we already know the main samba config works so leave it alone, just focus on the 2 shares).
  after you make a change to the config file use the test tool as I did to ensure all is well with the syntax & then restart smbd & nmbd
  good luck 
  for more tips on samba:
  https://bbs.archlinux.org/viewtopic.php?id=161389

• Solaris 10 LDAP Client to 389 DS(Linux)

  Hey guys,
  I had this working in Solaris 11 but I have to port back to Solaris 10 to run SunOS 4 binaries. Here goes, I can su over to the accounts in the LDAP, it resolves names and groups to files. DNS and NTP are functioning. I cannot log -in via ssh or su <username>. I can log in or su with both methods with local accounts(non-LDAP).
  When I - su Username the system responds prompting for password then returns su: Uknown id: Username
  When I ssh [email protected] it prompts me three times for a password which it never accepts as valid.
  Here is my pam.conf file -
  #ident "@(#)pam.conf 1.31 07/12/07 SMI"
  # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth required pam_unix_cred.so.1
  login auth sufficient pam_unix_auth.so.1
  login auth required pam_dial_auth.so.1
  login   auth required           pam_ldap.so.1
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth required pam_unix_cred.so.1
  rlogin auth required pam_unix_auth.so.1
  # Kerberized rlogin service
  krlogin auth required pam_unix_cred.so.1
  krlogin auth required pam_krb5.so.1
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_cred.so.1
  # Kerberized rsh service
  krsh auth required pam_unix_cred.so.1
  krsh auth required pam_krb5.so.1
  # Kerberized telnet service
  ktelnet auth required pam_unix_cred.so.1
  ktelnet auth required pam_krb5.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_unix_cred.so.1
  ppp auth required pam_unix_auth.so.1
  ppp auth required pam_dial_auth.so.1
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authentication
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth required pam_unix_cred.so.1
  other auth sufficient pam_unix_auth.so.1
  other   auth required           pam_ldap.so.1
  # passwd command (explicit because of a different authentication module)
  passwd auth sufficient pam_passwd_auth.so.1
  passwd  auth required           pam_ldap.so.1
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other   account sufficient      pam_ldap.so.1
  other account requisite pam_roles.so.1
  other account required pam_unix_account.so.1
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1
  other password requisite pam_authtok_get.so.1
  other password requisite pam_authtok_check.so.1
  other password required pam_authtok_store.so.1
  # Support for Kerberos V5 authentication and example configurations can
  # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
  Any ideas? So close but missing something as when I go to log in via ssh it prompts me for password 3 times then tosses me. Yes password and account are OK. If I ssh from a Linux server authenticating to the LDAP it works just fine. Any help is appreciated.
  Thanks,
  Ted

  CN,
  I have not modified the schema yet. I have updated pam.conf and while evaluating /var/adm/messages on the Solaris Client I only get output when I enter a known bad password, if I enter the correct password there is nothing in that log. Log in and su results remain the same. the slapd log does show the attempts and does not appear to show any errors that I can tell. I'll keep working it, here is the pam.conf I switched too after further evaluation -
  # more /etc/pam.conf
  #ident "@(#)pam.conf 1.31 07/12/07 SMI"
  # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1
  login auth required pam_dhkeys.so.1
  login auth required pam_unix_cred.so.1
  login auth required pam_dial_auth.so.1
  login auth binding pam_unix_auth.so.1 server_policy
  login auth required pam_ldap.so.1
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth required pam_unix_cred.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1
  # Kerberized rlogin service
  krlogin auth required pam_unix_cred.so.1
  krlogin auth required pam_krb5.so.1
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_cred.so.1
  rsh auth binding pam_unix_auth.so.1 server_policy
  rsh auth required pam_ldap.so.1
  # Kerberized rsh service
  krsh auth required pam_unix_cred.so.1
  krsh auth required pam_krb5.so.1
  # Kerberized telnet service
  ktelnet auth required pam_unix_cred.so.1
  ktelnet auth required pam_krb5.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authentication
  other auth requisite pam_authtok_get.so.1
  other auth required pam_dhkeys.so.1
  other auth required pam_unix_cred.so.1
  other auth binding pam_unix_auth.so.1 server_policy
  other auth required pam_ldap.so.1
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy
  passwd auth required pam_ldap.so.1
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1
  other account binding pam_unix_account.so.1 server_policy
  other account required pam_ldap.so.1
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1
  other password requisite pam_authtok_get.so.1
  other password requisite pam_authtok_check.so.1 force_check
  other password required pam_authtok_store.so.1 server_policy
  # Support for Kerberos V5 authentication and example configurations can
  # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
  ppp auth required pam_unix_cred.so.1
  ppp auth required pam_unix_auth.so.1
  I did create a .ldif file for a profile. Output seems similar to what I entered in the manual ldapclient command. Reading up more on that now and the schema updates you recommended. I wanted to make sure I sent you the updated pam.conf though as this seems to match those found online in style for pre-Solaris 11. The first copy was what I transferred from a working Solaris 11 server I had running here.
  Thanks,
  Ted

• Windows samba share shows "zero KB" for file size....

  Upgraded, clean install, to leopard and now I see "Zero KB" for file size on my Windows Home Server samba shares. Before the upgrade all that info was displayed but afterwards that info is gone. The only changed on my network was upgrading to Leopard. My linux samba server still works perfectly with 10.5 but the windows samba shares are not. I can browse, mount and copy files to and from the windows samba shares but the file size info isn't displayed. The file size isn't even displayed when I "Get Info" on a file. Previously using 10.4 all was working perfectly and all info was displayed and or was available if I wanted it. Not sure if it is something to do with how Windows Home Server handles samba or if it is how Leopard handles windows samba shares. No settings were changed on my network from when I was running 10.4. The only change on my home network/hardware has been upgrading to Leopard! No other changes were made to any servers or computers that were previously working perfectly with 10.4. Other than this "Zero KB" issue all has gone quite smoothly.

  I removed the . (and moved the directory to match) but I still have the same issue.
  Here's the smbd.log after a rebooting and then restarting samba:
  [2010/05/04 07:25:41.262266, 0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
  [2010/05/04 07:25:41.266578, 0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
  [2010/05/04 07:26:01.041577, 1] smbd/server.c:267(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown
  [2010/05/04 07:26:21.051370, 1] smbd/server.c:240(cleanup_timeout_fn)
  Cleaning up brl and lock database after unclean shutdown
  [2010/05/04 07:26:45.716653, 1] smbd/server.c:267(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown
  [2010/05/04 07:36:46.016675, 0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
  [2010/05/04 07:36:46.017386, 0] smbd/server.c:500(smbd_open_one_socket)
  smbd_open_once_socket: open_socket_in: Address already in use
  And log.nmbd:
  [2010/05/04 07:25:41, 0] nmbd/nmbd.c:857(main)
  nmbd version 3.5.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2010
  [2010/05/04 07:26:48.718046, 0] nmbd/nmbd.c:71(terminate)
  Got SIGTERM: going down...
  [2010/05/04 07:27:26, 0] nmbd/nmbd.c:857(main)
  nmbd version 3.5.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2010
  [2010/05/04 07:27:26.544934, 0] nmbd/nmbd.c:696(open_sockets)
  [2010/05/04 07:36:46, 0] nmbd/nmbd.c:857(main)
  nmbd version 3.5.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2010