ranger

Please guys, if you are considering doing anything substantial with samba, don't use SWAT.

The reason is that SWAT removes all comments from the config file, and IMHO there are some *very* good examples in there.

And, IMHO, ksambaplugin is much better than SWAT anyway.

If you really need a tool to configure samba remotely (besides ssh, vi and 'man smb.conf'), use webmin (which does not remove comments).

I have made RPMs of ksambaplugin for 9.0, available at http://ranger.dnsalias.com/mandrake/9.0

ksambaplugin is in contribs of 9.1 (which is what people are seeing in the KDE Control Center BTW).

Anyway, for the most part, you should really not need to do too much samab configuration, and you should be able to share directories from either Nautilus or Konqueror if you allowed it in the Mandrake Control Center, or in the Samba tab in Konqueror if you installed ksambaplugin.

All printers should be shared by default.

All you *need* to do is set each user's samba password:

# smbpasswd -a <username>

(their unix account must exist already, and the username should preferably match the username they use in windows)

I have done this twice ...fresh install of Mandrake 9.1 and tested video settings during install as follows:

 

1) chose default (auto-detected) monitor/graphics card and boot to "x-free" login screen.

2) chose lesser (than auto-detected) screen resolution and tested ok.

 

During boot, I can almost see the login manager screen while the screen flickers, but then kicks me into a shell login screen instead.  I can login and manuver the computer using the terminal commands.

 

What's wrong, and how do I fix it?  Is there a more "generic" setting for the video I can use instead of what's auto-detected?

This really looks like bug 3081: http://qa.mandrakesoft.com/show_bug.cgi?id=3081

Easy fix:

# rm -f /etc/X11/XFConfig*

# XFdrake --auto --noexpert

(Choose XFree86-4.3, but don't test the settings)

# service dm restart

If you want to run XFree86-3.3.6 (maybe it supports hardware acceleration on your card), get the libqt3 RPMs from Tex's site.

Maybe you guys remember the Wallmart boxes? I remember there was a review of them somewhere. Basically, they had an OEM install, and on first boot the user would get the last steps of the installation (set root password, add users, etc).

You really should first look at the documentation Mandrake provides.

# urpmi drakx-autoinstall-doc

(In contrib for 9.1)

altho RANGER may be correct in saying you need more than 64 megs my cd 1 install file says

 

Required configuration  

 

Pentium processor or compatible

CDROM drive

At least 32 MB RAM, 64 MB recommended

Well, it does install fine with 32MB ram (I have done it), and it also installs fine with 64MB. But that depends what you want it to do. I guess they should adjust it to say "for desktop use, 96MB or more is suggested" and a note that only one CD will be available on a CD-install with less than about 72MB.

Note that apparently you can have the full installer work fine with any other method with 64MB ram, I think 32MB works with NFS.

Maybe, the gurus could suggest that Mdk modify this install file to give slightly different suggestions?

You can. File a bug under documentation at bugzilla: http://qa.mandrakesoft.com.

Mandrake isn't a community where only the elite are allowed to do things, any user is welcome to post bug reports etc as long as they are willing to take the time to do it well.

it's funny, this is on Mandrake 9.1, during the installation, it won't prompt you

for a hostname.

It does if you run the network setup in expert mode.

Thanks, fuzzylizard.

 

The problem with samba was that somewhere in smb.conf I originally had 192.168.0.1. Now this has become the router's IP address, and the server's IP address has become 192.168.0.2. (Well, that was true before I turned the laptop off and went to work :) ). As an interim solution, I changed that setting to 191.168.0.2, restarted samba, and I was able to share files and print again :D .

Where have you got the IP address??? The only places you need an IP address in samba are for the WINS server (if you use one) and hosts allow/deny etc. Everything else can use names.

As for keeping assigned addresses, the server runs on the laptop, so it's turned on and off every night. I expect that the IP address will change quite frequently.  

 

Is it possible to use name.domain rather then xxx.yyy.zzz.qqq in samba settings? There must be a way to resolve names on the samba networks, even though IPs are dynamically assigned.

Yes, broadcast and WINS. broadcast will be used if you haven't configured the clients for WINS (can be done by dhcp for windows clients, but probably not by these route appliances), and should work without problems.

Have you tried seeing what you get from

$ nmblookup '*'

Note that "secure" and "FTP" don't belong in the same sentence. Run ssh on your "server" box and use kio_fish (in KDE) to access the files. There is some graphical windows client also.

There are issues with the way kdebase is packaged that affect kio_smb (aka smb://) in Mandrake at present. I have just fixed some of those, so it should work much better in 9.2, and I may provide updated RPMS that fix the issue.

Note that you can browse the network by using lisa. First you must configure lisa (KDE Control Center->Networking->Network Browsing). Run the "Guided Lisa setup", and then restart the lisa service. Now in konqueror, you should be able to go to lan://localhost (or click on the services icon, and choose Network Browser), and see machines on your net.

For added fun (in 9.0), also install kio_fish (in contrib IIRC) to be able to access machines running ssh

Hullo

 

When I am I supposed to get prompted for cd 2 or 3?

All attempts to install as clean or upgrade ONLY install cd 1.

The question is actually "When do I *not* get prompted for CDs 2 & 3", and the answer is "When you have less than the amount of RAM required to run the installer from a ram image".

In 9.0, IIRC, that was 64MB, but they pushed it up a bit for 9.1, I think it's just under 70MB (so 72MB is probably the first feasible amount of ram that supports it).

The issue is that if the installer does not fit into a ramdisk, that it then runs directly from the CD, and the CD can then not be changed during installation. All the machines I have installed on so far prompted me for more CDs.

Note, I think the ram limit for the text install is lower, so it may be feasible to install with multiple disks on a machine with less than 70MB of ram by running the text install.

I installed from ISO (on hard-drive) and faced exactly the same problem. Its an installer bug. Mandrake has never cared to fix it.

No, support for more than one ISO image is just not implemented. If you want to mainly do HD installs, instead of downloading the ISO images, download the whole Mandrake distro tree, and use that instead.

Anyway, I don't think this thread was about hd installs.

1)You can make one boot option boot into run-level 4, and using drakxservices you can turn off the offending services, and turn on the ones you need (dm for example). Then, make a new bootloader option, and just add '4' (without the quotes) to the end of the append line for that boot option.

2)You say you don't have PCMCIA cards, so your NIC is on-board? Many of the on-board cards support ifstatus/ifplugd, which detects when the cable is connected, and only tries to start the network if you are connected. ifplugd is integrated into 9.1, so this may work for you.

BTW, I don't think your machine is hanging. If you have set your network up for dhpc, I think it is just waiting for the dhcp timeout. Leave it for about 2 minutes, to see if it continues ...

My 600X works great, as long as I use 16bit colour, everything else is left as default.

Are you guys running 600E's or 600X's?

Also, for people running 9.1 on Thinkpad's:

1)Try tpb in contrib, log out, log in, change your volume and you should see an on-screen display (there are other features for people with a Thinkpad button)

2)Get the thinkpad kernel modules and the tpctl user-space programs as RPMs from my site, http://ranger.dnsalias.com/mandrake/9.1

These will both be in the next Mandrake release, as they just went in to cooker (kernel modules in the kernel package).

IIRC, I did this somewhere aruond Mandrake 7.2. IIRC (I am sure I saved the configs, but can't locate them now), all you had to do was edit /etc/sysconfig/network-scripts/ifcfg-ppp1 and ensure that DEVICE was set to ppp0 (not ppp1!).

(It may have been necessary to modify /etc/ppp/pap-secrets also).

Then, when you 'ifup ppp1', it would dial the 2nd ISP, but bring up ppp0 connected to the 2nd ISP.

I actually used this in combination with mserver, which allowed clients (remote windows/linux etc) to choose which ISP to dial in to.

Since I do quite a bit of rebuilding, I have made what I think is quite a cool .rpmmacros file, mainly for my own use, but also to make it easier for other users to get going.

Features:

-Seperation of RPMS,SRPMS and SPECS per distro. At present, it's mainly Mandrake, PLF and personal

-Seperation of RPMs per distro release, so my RPMS for 9.0 stay seperate from those for 9.1. This means that if I boot into a different install (shared /home), that I can just build and reboot, no worrying about which RPM goes where

-Automatic creation of required directories. This means you don't have to manually create the directories ... but you may have to delete extra ones if you don't use them and have changed the config

-Avoidance of spurious libGLcore.so.1 dep for people using NVIdia drivers

-Sane defaults. Where I can get a value from your system, I can. If you don't like the default, you can change it.

To get it going, you need to:

1)Download this .rpmmacros file and save it as .rpmmacros in your home directory

2)If you use the NVidia binary drivers, download this script, save it in ~/bin (mkdir ~/bin first if necessary) and mark it executable.

Now if you rebuild a Mandrake RPM for 9.1/i586, you should see the RPM will be written to ~/rpm/mdk/RPMS.mdk9.1/i586, whereas a PLF RPM for 9.1/i586 will go in ~/rpm/plf/9.1/i586 (to match the PLF directory structure better). My personal RPMs (the default extension is the first 3 letters of your username, otherwise change %_my_ext in the .rpmmacros file) go in ~/rpm/bgm/RPMS.mdk9.1/i586

WDYT??

Do you think we should lobby to get some of these into the standard mandrake macros?

You need the apache php module, not just php (since php can be used without apache of course).

# urpmi mod_php

(and you will get a choice of php for apache1 or apache2, apparently both work on Mandrake 9.1).

Yes But I meant apart from you; I was not sure you were here. I read so little from you, except when it's Samba-related :)

Well, since I maintain (or help maintain them) I keep an eye open, even though I don't visit here too often (usually once a week or so) ...

Same for me at home, but I just found the courage 8)

I'm in the process of saving all my server data (DBMS, IMAP, Web, mail identities, ...), then I reinstall everything (9.1 instead of currently 8.2) and switch to Courier :)

I haven't gotten around to testing it yet, and we have about 70 accounts, some with many folders and subfolders, with some people very sensitive about their mail ....

Which tool did you use?

For my company, I also decided we'd go with Maildir, but I still have to find some info (eg: how to configure so that mails are all under /mail, not under $HOME)

Hehe, I actually patched uw-imap on our original mail server (7.2) and when we upgraded last time (8.0) and have a patched one ready for 9.1, which stored mail in ~/mail ... but should courier not use ~/Maildir? You can just get procmail to deliver to there?

Also, you could just:

# maildirmake /etc/skel/Maildir

on the server, then all new accounts would get a working mail directory ...

There is some choice for the task but indeed the idealx stuff seems to be the most advanced/stable solution.

I just saw this on freshmeat: http://freshmeat.net/projects/lxe, and would like to package it, but I don't read spanish :-(. It looks pretty good from what I could gather from the html, will try and get it running ...

(About when will 3.0 be out?) BTW, I plan on using Mdk9.1 for my company also.

alpha24 should be out in the next few days, but I haven't really run it seriously yet, although there are packages of alpha23 (alpha22 in 9.1) that will parallel-install with 2.2.x. Betas are expected soon ...

I am not sure if I would suggest 9.1 for serious samba work at present, as there are some issues, such as ACLs not working in the 9.1 kernel. It may be feasible to use 9.1 with the kernel from 9.0 updates until there is a better kernel for 9.1 ....[/url]

Ok im not conversant on win2k terminal server but

 

As far as i know microsoft server requires a license for every connected user thats why samba servers are so popular(you don't have to pay for seats on the server).

 

Normally the purchase of a server product comes with a certain number of user licenses,  if you want to connect more users to the server you need to buy a extra license pack which was on a disk that you run on the server to allow more users to connect to it.

Be very careful with licensing ... it changes often.

1)For NT4, licenses are based on the number of clients connecting to a server (IIRC NT4 essentially only had per-server licensing). This made running samba servers a good licensing option even if your DCs were Windows

2)With win2k, per-seat licensing is cheaper in bigger installations, and is determined by the number of users authenticated by a server, so here you don't win financially if you have a Windows DC (you would have to run a samba DC, which is what many people are starting to do).

3)"Server/Authentication" licensing is much different from "Application Server" licensing, such as SQL Server, Terminal Server etc, and they each require their own licenses, regardless of any other licenses (although they are bunlded in Small Business Edition).

4)NT4 required you to purchase additional Terminal Server Licenses for each client

5)Windows 2000 Pro now includes a Terminal Server License, which IMHO should be an issue for Anti-trust cases ...

I haven't used rdesktop against a TS in Application Server mode, so I can't answer much more, such as whether the "don't request server license" does anything useful.

Maybe it would be better to get Win4Lin server?

Can Windows 2000 and newer authenticate against OpenLDAP?

 

Or is LDAP authentication only possible with Windows versions up to NT?

 

Yves.

Not directly natively. There were some hacks around (GINA replacements for Windows IIRC) that allowed this via NS and possibly LDAP.

AD integration is nowhere near complete, and would use samba anyway. At present, IMHO, samba/LDAP domain controller is best, but I thnk you came to that conclusion already?

I'm working on my company's future local network. I try to push Linux in areas where I feel it is appropriate. Among other things, I plan to use Linux for authentication.

I want all Windows and Unix/Linux machines on the network to have the same source for authentication, so I came to the conclusion that authentication had to be done on LDAP/Samba. I have absolutely no experience with Samba, nor with LDAP (for authentication).

 

Has anyone tried this?

Come on, you know the answer to that one already ;-)

I also plan to use the Courier IMAP server for mail, because it claims to be able to authenticate against LDAP.

Yes, but since uw can auth via pam, you could use pam_ldap (though direct LDAP auth has some advantages). I would user courier since it uses Maildir, and would consider cyrus (which is in contrib for 9.1).

Has anyone tried this too?

No, we're stuck with uw-imap until we get up the courage to migrate from mbox to maildir ;-).

What is there to know to achieve this? I almost forgot: Are the webmin add-ons for managing Samba and LDAP authentication

-1- in the Mandrake distribution?

-2- really usable?

 

Thanks

 

Yves.

Yves, no idea on the webmin modules (do you mean the idealx stuff?) in terms of usefulness - and they aren't in Mandrake, but:

1)We run samba/ldap on Mandrake (9.0), works great (except samba-2.2.x hits the LDAP server a lot, 3.0 will be better).

2)LDAP-enabled RPMs (of 2.2.8a) are available for Mandrake 8.0 - 9.1, but I will be losing my build machines quite soon, so don't rely on anything older than 8.2 ... get setup at http://plf.zarb.org/~nanardon/?minor=1

3)I have contact with someone working on a howto for this, which covers most issues, maybe you want to look through it? I haven't had time to go through it in detail.

4)Mail me if interested at:

bgmilne at cae dot co dot za

Basic idea is:

1)Setup basic LDAP as with the mandrakesecure.net article

2)Import your samba accounts with /usr/share/samba/scripts/import_smbpasswd.pl

(you need to edit it first)

3)urpmi.addmedia a Sambaldap souce at plf.zarb.org

5)

# urpmi samba-server-ldap

6)Make the necessary ldap changes in smb.conf. No easy way to do this AFAIK, maybe with SWAT, but I avoid SWAT ... there are examples for LDAP in the default smb.conf file, take a look at those ....

7)Tell samba the ldapdn password for the ldap account it uses:

# smbpasswd -w <password>

8)Edit /etc/samba/smbldap_conf.pm so that you can use the smbldap-* tools, which replace things like useradd, usermod, groupadd, groupmod, passwd etc and also can be used for creating machine accounts

We aren't totally happy with password changing etc, and have some stuff to figure out still, so we still have pam_smb in use for the moment to ensure users can always get in with one of their passwords under linux ;-)

lynx also uses the standard http_proxy and ftp_proxy environment variables. Mandrake also allows you to set these globally (drakproxy I think).

$ export http+proxy=http://proxy.mydomain.com:3128

$ lynx

anybody know how I can change the port number used by imapd?

 

currently it uses 143 (default) I want to change it so that pop3 uses 110 and imapd uses 11433 (or something like that )

 

any ideas how to do it?

I've looked throught /etc/xinetd.conf and /etc/xinetd.d/imap I've also checked /etc/postfix/main.cf and I can't find any thing about port numbers :(

Postfix of course has nothing to do with it ... also, you might want to tell us which imap server you are using.

You should be able to set

port = 11433

in /etc/xinetd.d/imap and restart xinetd, but I have't actually tried ...

Can Mandrake users logon to the computer by authenticating via Windoze domain usernames/passwords?

 

I have seen instructions for this on the Lycoris distribution, but they didn't work for me.  I like Mandrake better, but have not seen documentation addressing this.  I'm open to a Linux equivalent to centralized user management ...I've read in Mandrake documentation that NIS has serious security flaws.

The real solution to this (unless you want to pay lots of money to Microsoft) is to run LDAP, use it for linux authentication, and setup samba as a domain controller to authenticate the Windows machines, but set samba up to store its passwords in LDAP.

This is a bit complex at present, but well worth it. We have a working backup domain controller also, accomplished using LDAP slaves. In fact, our linux laptops authenticate via a local LDAP slave, so they can authenticate when disconnected from the network.

We are working on a howto for the samba part, to go with the LDAP tutorial on http://mandrakesecure.net (a must-read).

If you are considering doing this before the howto is published, just remember to get your LDAP-enabled samba RPMs for Mandrake (8.0 through 9.1) from the samba FTP mirrors, under Binary_Packages/Mandrake

yes you can with samba.

there is some funky samba configuration, but it is possible...

you have to do things, like make a new samba users for each machine (not each user ... each machine !!!) wierd but it works, and works well

No, actually you only need machine accounts (and user accounts) on domain controllers. See http://ranger.dnsalias.com/mandrake/muo/co...ct/csamba6.html for more details. And windows-controlled domains also also keep machine accounts.

zeroconf was developed to simplify name resolution and IP addressing on small networks that can't justify the effort of implementing DHCP and DNS etc.

It works by each machine answering DNS requests for it's own name, and using private IP address space, with each machine auto-allocating it's address, after checking that no other machine is using it.

Mandrake 9.0 has winbind support, but really only available during install. It can be done with a bit of effort after install:

# cp /etc/samba/smb-winbind.conf /etc/samba/smb.conf

Edit /etc/samba/smb.conf and reset your 'workgroup' to be the first component of your domain name (ie if your domain name is mycoollan.net, make workgroup = 'mycoollan').

# smbpasswd -j mycoollan -U Administrator

(instead of Administrator, you can use any user that has rights to join the machine to the domain, as long as your machine name is correct)

# urpmi samba-winbind

# service winbind start

# wbinfo -u

(should show domain users)

# cp /etc/pam.d/system-auth /etc/pam.d/system-auth.orig

(backup the file)

# cp /etc/pam.d/system-auth-winbind /etc/pam.d/system-auth

(replace it with the winbind one

# mkdir /home/MYCOOLLAN

Now you should be able to log into all pam services with your domain account.

For more info see

http://ranger.dnsalias.com/mandrake/samba/...Networks.tar.gz

http://ranger.dnsalias.com/mandrake/samba/...%20Networks.pdf

http://ranger.dnsalias.com/mandrake/samba/...ks-handouts.pdf

(the tarball has example configs).

I hope it still works in 9.1 ... it wasn't quite working in 9.1rc2.