YNT: [squid-users] Multiple Domain & Multiple NT Group
This is a discussion on YNT: [squid-users] Multiple Domain & Multiple NT Group within the Squid Users forums, part of the Web Server and Related Forums category; This message is in MIME format. Since your mail reader does not understand this format, some or all of this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-12-2003
|
|||
|
|||
YNT: [squid-users] Multiple Domain & Multiple NT Group
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible. ------_=_NextPart_000_01C36110.E44983E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable OK. I was upgraded squid-2.5.STABLE1 to squid-2.5.STABLE3 and samba 2.2.7a = to samba 3.0 but followed command doesn't work.=20 # What is ads_.. ? if it is related to active directory service there = are an error. because I'am using NT 4.0 Domain System. best regards... [root@fulya etc]# net join -U Administrator%pass [2003/08/12 20:22:55, 1] utils/net_ads.c:ads_startup(176)=20 ads_connect: Connection refused [2003/08/12 20:22:56, 1] utils/net_rpc.c:run_rpc_command(154) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Joined domain TRANSVARO. smb.conf attached=20 Note "winbind uid =3D 10000-20000" line remarked, because this is = generated an error. (service winbind start [FAILED]) -----=D6zg=FCn Ileti----- Kimden: Henrik Nordstrom [mailto:hno@squid-cache.org] Tarih: 12 A=F0ustos 2003 Sal=FD 10:40 Kime: Adnan TOP=C7U; Squid Users Konu: Re: [squid-users] Multiple Domain & Multiple NT Group On Tuesday 12 August 2003 08.39, Adnan TOP=C7U wrote: > Hello All, > Servers OS are Win NT 4.0. > We have two domains (D1 and D2) and there are two groups (LIMITED > and FULL) on both domains. Ok. > I can create two local groups (LocalLimited & LocalFull ) in a > Domain (for example D1) Like: > D1\FULL and D2\FULL are member of D1\LocalFull > D1\LIMITED and D2\LIMITED are member of D1\LocalLimited Local groups are just that.. can not be used outside the domain=20 controllers. > squid-2.5.STABLE1-2 running on RedHat 9.0 > > There are too many authenticatin method on linux but which > autentication metod suitable for this? You need to upgrade to 2.5.STABLE3 and use winbind. The winbind group=20 helper in 2.5.STABLE3 and later supports domain qualified groups=20 (domain1/group domain2/group) allowing it to refer to groups outside=20 of the primary domain. Regards Henrik --=20 Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/busine...quid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.com TRANSVARO Elektron Aletleri San. ve Tic. A.S. Address: Fatih Cad. Dereboyu Sok. No:12 34660 Halkali - Istanbul - Turkey Phone: +90 (212) 473 0100 Fax: +90 (212) 473 0155 URL: http://www.transvaro.com.tr E-Mail: mail@transvaro.com.tr NOT: Bu elektronik posta mesaji gizli olup, ayni zamanda ayricalikli olabilir; sartlar ne olursa olsun, gondericinin onceden onayini = almaksizin, baskalarina iletmemeniz, icerigini kopyalamamaniz veya baskalarina aciklamamaniz gerekmektedir. Bu mesajin muhatabi degilseniz, bu durumu derhal tarafimiza bildirmenizi rica ederiz. Internet =FCzerinden = yapilan iletisim guvenli olmayip, verilerin kasten veya tesadufen bozulmasi ve = virus icermesi olasiligi vardir. Ayrica, elektronik posta, resmi olmayan ve cogunlukla kisaltilmis bir iletisim yontemidir. Dolayisiyla, burada yer = alan bilgi veya tavsiyelere, gonderici ile ayrica gorusmeden guvenmeniz = normal sartlar altinda uygun olmayabilir. NOTE: This e-mail is confidential and may also be privileged; under no circumstances should you forward it, or copy or disclose its contents, = to any other person without the prior consent of the sender. If you are = not an intended recipient of this e-mail, please notify us immediately. = Internet communications are not secure and subject to possible data corruption, either accidentally or on purpose, and may contain viruses. Furthermore e-mail is an informal and often abbreviated method of communication. = For these reasons, it will normally be inappropriate to rely on any = nformation or advice contained herein without also discussing it with the sender. =20 ------_=_NextPart_000_01C36110.E44983E0 Content-Type: application/octet-stream; name="smb.conf.adnan" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="smb.conf.adnan" [global]=0A= =0A= # This is the main Samba configuration file. You should read the=0A= # smb.conf(5) manual page in order to understand the options listed=0A= # here. Samba has a huge number of configurable options (perhaps too=0A= # many!) most of which are not shown in this example=0A= #=0A= # Any line which starts with a ; (semi-colon) or a # (hash) =0A= # is a comment and is ignored. In this example we will use a #=0A= # for commentry and a ; for parts of the config file that you=0A= # may wish to enable=0A= #=0A= # NOTE: Whenever you modify this file you should run the command = "testparm"=0A= # to check that you have not made any basic syntactic errors. =0A= #=0A= #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D = Global Settings = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A= =0A= # workgroup =3D NT-Domain-Name or Workgroup-Name=0A= workgroup =3D TRANSVARO=0A= =0A= # server string is the equivalent of the NT Description field=0A= server string =3D Samba Server=0A= =0A= # This option is important for security. It allows you to restrict=0A= # connections to machines which are on your local network. The=0A= # following example restricts access to two C class networks and=0A= # the "loopback" interface. For more examples of the syntax see=0A= # the smb.conf man page=0A= ; hosts allow =3D 192.168.1. 192.168.2. 127.=0A= =0A= # if you want to automatically load your printer list rather=0A= # than setting them up individually then you'll need this=0A= printcap name =3D /etc/printcap=0A= load printers =3D yes=0A= =0A= # It should not be necessary to spell out the print system type = unless=0A= # yours is non-standard. Currently supported print systems include:=0A= # bsd, sysv, plp, lprng, aix, hpux, qnx=0A= ; printing =3D bsd=0A= =0A= # Uncomment this if you want a guest account, you must add this to = /etc/passwd=0A= # otherwise the user "nobody" is used=0A= ; guest account =3D pcguest=0A= =0A= # this tells Samba to use a separate log file for each machine=0A= # that connects=0A= log file =3D /var/log/samba/log.%m=0A= =0A= # Put a capping on the size of the log files (in Kb).=0A= max log size =3D 50=0A= =0A= # Security mode. Most people will want user level security. See=0A= # security_level.txt for details.=0A= security =3D domain=0A= # Use password server option only with security =3D server=0A= ; password server =3D <NT-Server-Name>=0A= password server =3D NTSERVER=0A= # Password Level allows matching of _n_ characters of the password = for=0A= # all combinations of upper and lower case.=0A= ; password level =3D 8=0A= ; username level =3D 8=0A= =0A= # You may wish to use password encryption. Please read=0A= # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba = documentation.=0A= # Do not enable this option unless you have read those documents=0A= encrypt passwords =3D yes=0A= ; smb passwd file =3D /etc/samba/smbpasswd=0A= =0A= # The following are needed to allow password changing from Windows = to=0A= # update the Linux sytsem password also.=0A= # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' = above.=0A= # NOTE2: You do NOT need these to allow workstations to change only=0A= # the encrypted SMB passwords. They allow the Unix password=0A= # to be kept in sync with the SMB password.=0A= ; unix password sync =3D Yes=0A= ; passwd program =3D /usr/bin/passwd %u=0A= ; passwd chat =3D *New*UNIX*password* %n\n *ReType*new*UNIX*password* = %n\n *passwd:*all*authentication*tokens*updated*success fully*=0A= =0A= # Unix users can map to different SMB User names=0A= ; username map =3D /etc/samba/smbusers=0A= =0A= # Using the following line enables you to customise your = configuration=0A= # on a per machine basis. The %m gets replaced with the netbios name=0A= # of the machine that is connecting=0A= ; include =3D /etc/samba/smb.conf.%m=0A= =0A= # Most people will find that this option gives better performance.=0A= # See speed.txt and the manual pages for details=0A= socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192=0A= =0A= # Configure Samba to use multiple interfaces=0A= # If you have multiple network interfaces then you must list them=0A= # here. See the man page for details.=0A= ; interfaces =3D 192.168.12.2/24 192.168.13.2/24 =0A= =0A= # Configure remote browse list synchronisation here=0A= # request announcement to, or browse list sync from:=0A= # a specific host or from / to a whole subnet (see below)=0A= ; remote browse sync =3D 192.168.3.25 192.168.5.255=0A= # Cause this host to announce itself to local subnets here=0A= ; remote announce =3D 192.168.1.255 192.168.2.44=0A= =0A= # Browser Control Options:=0A= # set local master to no if you don't want Samba to become a master=0A= # browser on your network. Otherwise the normal election rules apply=0A= ; local master =3D no=0A= =0A= # OS Level determines the precedence of this server in master = browser=0A= # elections. The default value should be reasonable=0A= ; os level =3D 33=0A= =0A= # Domain Master specifies Samba to be the Domain Master Browser. = This=0A= # allows Samba to collate browse lists between subnets. Don't use = this=0A= # if you already have a Windows NT domain controller doing this job=0A= ; domain master =3D yes =0A= =0A= # Preferred Master causes Samba to force a local browser election on = startup=0A= # and gives it a slightly higher chance of winning the election=0A= ; preferred master =3D yes=0A= =0A= # Use only if you have an NT server on your network that has been=0A= # configured at install time to be a primary domain controller.=0A= ; domain controller =3D <NT-Domain-Controller-SMBName>=0A= =0A= # Enable this if you want Samba to be a domain logon server for =0A= # Windows95 workstations. =0A= ; domain logons =3D yes=0A= =0A= # if you enable domain logons then you may want a per-machine or=0A= # per user logon script=0A= # run a specific logon batch file per workstation (machine)=0A= ; logon script =3D %m.bat=0A= # run a specific logon batch file per username=0A= ; logon script =3D %U.bat=0A= =0A= # Where to store roving profiles (only for Win95 and WinNT)=0A= # %L substitutes for this servers netbios name, %U is = username=0A= # You must uncomment the [Profiles] share below=0A= ; logon path =3D \\%L\Profiles\%U=0A= =0A= # All NetBIOS names must be resolved to IP Addresses=0A= # 'Name Resolve Order' allows the named resolution mechanism to be = specified=0A= # the default order is "host lmhosts wins bcast". "host" means use the = unix=0A= # system gethostbyname() function call that will use either /etc/hosts = OR=0A= # DNS or NIS depending on the settings of /etc/host.config, = /etc/nsswitch.conf=0A= # and the /etc/resolv.conf file. "host" therefore is system = configuration=0A= # dependant. This parameter is most often of use to prevent DNS = lookups=0A= # in order to resolve NetBIOS names to IP Addresses. Use with care!=0A= # The example below excludes use of name resolution for machines that = are NOT=0A= # on the local network segment=0A= # - OR - are not deliberately to be known via lmhosts or via WINS.=0A= ; name resolve order =3D wins lmhosts bcast=0A= =0A= # Windows Internet Name Serving Support Section:=0A= # WINS Support - Tells the NMBD component of Samba to enable it's WINS = Server=0A= wins support =3D yes=0A= =0A= # WINS Server - Tells the NMBD components of Samba to be a WINS = Client=0A= # Note: Samba can be either a WINS Server, or a WINS Client, but NOT = both=0A= wins server =3D 10.1.0.225=0A= ; wins server =3D w.x.y.z=0A= =0A= # WINS Proxy - Tells Samba to answer name resolution queries on=0A= # behalf of a non WINS capable client, for this to work there must = be=0A= # at least one WINS Server on the network. The default is NO.=0A= ; wins proxy =3D yes=0A= =0A= # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS = names=0A= # via DNS nslookups. The built-in default for versions 1.9.17 is = yes,=0A= # this has been changed in version 1.9.18 to no.=0A= dns proxy =3D no =0A= =0A= # Case Preservation can be handy - system default is _no_=0A= # NOTE: These can be set on a per share basis=0A= ; preserve case =3D no=0A= ; short preserve case =3D no=0A= # Default case is normally upper case for all DOS files=0A= ; default case =3D lower=0A= # Be very careful with case sensitivity - it can break things!=0A= ; case sensitive =3D no=0A= =0A= winbind separator =3D \ =0A= # winbind uid =3D 10000-20000=0A= winbind gid =3D 10000-20000=0A= winbind use default domain =3D yes =0A= netbios name =3D FULYA=0A= =0A= #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= 3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D Share Definitions = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=0A= [homes]=0A= comment =3D Home Directories=0A= browseable =3D no=0A= writable =3D yes=0A= =0A= # Un-comment the following and create the netlogon directory for Domain = Logons=0A= ; [netlogon]=0A= ; comment =3D Network Logon Service=0A= ; path =3D /home/netlogon=0A= ; guest ok =3D yes=0A= ; writable =3D no=0A= ; share modes =3D no=0A= =0A= =0A= # Un-comment the following to provide a specific roving profile = share=0A= # the default is to use the user's home directory=0A= ;[Profiles]=0A= ; path =3D /home/profiles=0A= ; browseable =3D no=0A= ; guest ok =3D yes=0A= =0A= =0A= # NOTE: If you have a BSD-style print system there is no need to =0A= # specifically define each individual printer=0A= [printers]=0A= comment =3D All Printers=0A= path =3D /var/spool/samba=0A= browseable =3D no=0A= # Set public =3D yes to allow user 'guest account' to print=0A= guest ok =3D no=0A= writable =3D no=0A= printable =3D yes=0A= =0A= # This one is useful for people to share files=0A= ;[tmp]=0A= ; comment =3D Temporary file space=0A= ; path =3D /tmp=0A= ; read only =3D no=0A= ; public =3D yes=0A= =0A= # A publicly accessible directory, but read only, except for people = in=0A= # the "staff" group=0A= ;[public]=0A= ; comment =3D Public Stuff=0A= ; path =3D /home/samba=0A= ; public =3D yes=0A= ; read only =3D yes=0A= ; write list =3D @staff=0A= =0A= # Other examples. =0A= #=0A= # A private printer, usable only by fred. Spool data will be placed in = fred's=0A= # home directory. Note that fred must have write access to the spool = directory,=0A= # wherever it is.=0A= ;[fredsprn]=0A= ; comment =3D Fred's Printer=0A= ; valid users =3D fred=0A= ; path =3D /homes/fred=0A= ; printer =3D freds_printer=0A= ; public =3D no=0A= ; writable =3D no=0A= ; printable =3D yes=0A= =0A= # A private directory, usable only by fred. Note that fred requires = write=0A= # access to the directory.=0A= ;[fredsdir]=0A= ; comment =3D Fred's Service=0A= ; path =3D /usr/somewhere/private=0A= ; valid users =3D fred=0A= ; public =3D no=0A= ; writable =3D yes=0A= ; printable =3D no=0A= =0A= # a service which has a different directory for each machine that = connects=0A= # this allows you to tailor configurations to incoming machines. You = could=0A= # also use the %u option to tailor it by user name.=0A= # The %m gets replaced with the machine name that is connecting.=0A= ;[pchome]=0A= ; comment =3D PC Directories=0A= ; path =3D /usr/pc/%m=0A= ; public =3D no=0A= ; writable =3D yes=0A= =0A= # A publicly accessible directory, read/write to all users. Note that = all files=0A= # created in the directory by users will be owned by the default user, = so=0A= # any user with access can delete any other user's files. Obviously = this=0A= # directory must be writable by the default user. Another user could of = course=0A= # be specified, in which case all files would be owned by that user = instead.=0A= ;[public]=0A= ; path =3D /usr/somewhere/else/public=0A= ; public =3D yes=0A= ; only guest =3D yes=0A= ; writable =3D yes=0A= ; printable =3D no=0A= =0A= # The following two entries demonstrate how to share a directory so = that two=0A= # users can place files there that will be owned by the specific users. = In this=0A= # setup, the directory should be writable by both users and should have = the=0A= # sticky bit set on it to prevent abuse. Obviously this could be = extended to=0A= # as many users as required.=0A= ;[myshare]=0A= ; comment =3D Mary's and Fred's stuff=0A= ; path =3D /usr/somewhere/shared=0A= ; valid users =3D mary fred=0A= ; public =3D no=0A= ; writable =3D yes=0A= ; printable =3D no=0A= ; create mask =3D 0765=0A= =0A= =0A= ------_=_NextPart_000_01C36110.E44983E0-- 
|
Linear Mode
