[Samba] winbind offline logon
Hello, I'd like to have more information about the winbind offline logon. Could I for example use pam_winbind on a linux system (domain member) for ssh, this works fine (the PDC is samba also). What I understood is that if I stop my PDC, I should still be able to connect with ssh as it uses pam_winbind. But that doesn't work :( thx fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windbind or ldap ?
Hello, I'd like to know if in a full samba environment is it better to use winbind or ldap to resolve id's ? users will connect from windows clients, linux clients with samba or also with ssh and nfs maybe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can someone help? Strange behaviour of establishing trust
Fajar, you should put the result of the following command : testparm -sva | grep winbin On Tue, 2007-07-31 at 16:00 +0700, Fajar Priyanto wrote: Sorry for top posting. Thank you to Daniel and Frederick who have helped me. Despite the error, client can browse the shares OK. Just a luck? Well, I'll try to set it until there's no error. Btw, this is my testparm result: [EMAIL PROTECTED] doc]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [music] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Cheers, On Tuesday 31 July 2007 15:51:14 you wrote: Hello, winbind enume users should be at no check this with testparm On Tue, 2007-07-31 at 14:59 +0700, Fajar Priyanto wrote: Hello all, I'm using Samba on Centos5: [EMAIL PROTECTED] ~]# rpm -qa | grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.23c-2 samba-common-3.0.23c-2 samba-3.0.23c-2 I'm trying to establish a interdom trust with a w2k domain (POLY): [EMAIL PROTECTED] ~]# net rpc trustdom establish POLY Password: Could not connect to server POLY123 [2007/07/31 14:46:51, 0] utils/net_rpc.c:rpc_trustdom_establish(5665) NetServerEnum2 error: Couldn't find primary domain controller for domain POLY Trust to domain POLY established [EMAIL PROTECTED] ~]# net rpc trustdom list Password: Trusted domains list: POLYS-1-5-21-725345543-413027322-2146892821 none Trusting domains list: POLYS-1-5-21-725345543-413027322-2146892821 Despite the error, I can create a share in w2k domain POLY and when I'm trying to retrive the User and Group from PLUTO (my samba domain), only Groups appear (no User), but I can select users manually by typing their username. Is it ok? What is causing the NetServerEnum2 error: Couldn't find primary domain controller for domain POLY error? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient and netbios disabled question
Hello, I've a (maybe stupid?) question, can I use smbclient with domain auth. without netbios ? more explanations : I've 2 machines : PDC (acting as PDC and WINS server) MATISSE (as ROLE_DOMAIN_MEMBER) MATISSE joined the domain without problem with those parameters on MATISSE: [global] workgroup = LINUXVIRT security = DOMAIN passdb backend = tdbsam smb ports = 445 disable netbios = no name resolve order = lmhosts host wins bcast wins server = 192.168.140.22 when I perfrom a smbclient it seems to work : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt -U root%install Domain=[LINUXVIRT] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Sharename Type Comment - --- public Disk Public Stuff IPC$IPC IPC Service (Samba Server Version 3.0.25b-2.fc7) PSC_1400_series Printer HP PSC 1400 Foomatic/hpijs rootDisk Home Directories Error connecting to 127.0.0.1 (Connection refused) Connection to matisse failed NetBIOS over TCP disabled -- no workgroup available now when I modify the disable netbios parameter to yes : disable netbios = yes the smbclient command fails : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt -U root%install session setup failed: NT_STATUS_NO_LOGON_SERVERS maybe this is completely normal, but then does it mean that I couldn't use domain auth if I don't use netbios ? doing the smblcient anonymously it also seems to work : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt Password: Anonymous login successful Domain=[LINUXVIRT] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Sharename Type Comment - --- public Disk Public Stuff IPC$IPC IPC Service (Samba Server Version 3.0.25b-2.fc7) PSC_1400_series Printer HP PSC 1400 Foomatic/hpijs Error connecting to 127.0.0.1 (Connection refused) Connection to matisse failed NetBIOS over TCP disabled -- no workgroup available I also tested it forcing the use of lmhosts : [EMAIL PROTECTED] ~]# smbclient -L matisse -R lmhosts -W linuxvirt -U root% xensmbd1 -d 3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=157.193.44.188 bcast=157.193.44.255 nmask=255.255.255.0 added interface ip=192.168.140.1 bcast=192.168.140.255 nmask=255.255.255.0 added interface ip=192.168.122.1 bcast=192.168.122.255 nmask=255.255.255.0 Client started (version 3.0.25b-2.fc7). Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 SPNEGO login failed: No logon servers session setup failed: NT_STATUS_NO_LOGON_SERVERS Could somebody inform me on this point ? Thx in advance Fred. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient and netbios disabled question
some update. I have now 3 nodes : MATISSE (with no netbios, nmbd not running) PDC (the PDC) LINCLIENT (domain member like matisse but having netbios enabled) on LINCLIENT a smbclient -L matisse -W linuxvirt with authentication fails also with : NT_STATUS_NO_LOGON_SERVERS On Fri, 2007-07-27 at 08:48 +0200, Frederic Descamps wrote: Hello, I've a (maybe stupid?) question, can I use smbclient with domain auth. without netbios ? more explanations : I've 2 machines : PDC (acting as PDC and WINS server) MATISSE (as ROLE_DOMAIN_MEMBER) MATISSE joined the domain without problem with those parameters on MATISSE: [global] workgroup = LINUXVIRT security = DOMAIN passdb backend = tdbsam smb ports = 445 disable netbios = no name resolve order = lmhosts host wins bcast wins server = 192.168.140.22 when I perfrom a smbclient it seems to work : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt -U root%install Domain=[LINUXVIRT] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Sharename Type Comment - --- public Disk Public Stuff IPC$IPC IPC Service (Samba Server Version 3.0.25b-2.fc7) PSC_1400_series Printer HP PSC 1400 Foomatic/hpijs rootDisk Home Directories Error connecting to 127.0.0.1 (Connection refused) Connection to matisse failed NetBIOS over TCP disabled -- no workgroup available now when I modify the disable netbios parameter to yes : disable netbios = yes the smbclient command fails : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt -U root%install session setup failed: NT_STATUS_NO_LOGON_SERVERS maybe this is completely normal, but then does it mean that I couldn't use domain auth if I don't use netbios ? doing the smblcient anonymously it also seems to work : [EMAIL PROTECTED] ~]# smbclient -L matisse -W linuxvirt Password: Anonymous login successful Domain=[LINUXVIRT] OS=[Unix] Server=[Samba 3.0.25b-2.fc7] Sharename Type Comment - --- public Disk Public Stuff IPC$IPC IPC Service (Samba Server Version 3.0.25b-2.fc7) PSC_1400_series Printer HP PSC 1400 Foomatic/hpijs Error connecting to 127.0.0.1 (Connection refused) Connection to matisse failed NetBIOS over TCP disabled -- no workgroup available I also tested it forcing the use of lmhosts : [EMAIL PROTECTED] ~]# smbclient -L matisse -R lmhosts -W linuxvirt -U root% xensmbd1 -d 3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=157.193.44.188 bcast=157.193.44.255 nmask=255.255.255.0 added interface ip=192.168.140.1 bcast=192.168.140.255 nmask=255.255.255.0 added interface ip=192.168.122.1 bcast=192.168.122.255 nmask=255.255.255.0 Client started (version 3.0.25b-2.fc7). Connecting to 127.0.0.1 at port 445 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 SPNEGO login failed: No logon servers session setup failed: NT_STATUS_NO_LOGON_SERVERS Could somebody inform me on this point ? Thx in advance Fred. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with ldap configuration please
Adam, could you post your smb.conf it could be relevant to see what's wrong. On Fri, 2007-07-27 at 04:21 -0700, Adam DiCaprio wrote: This is on RHE4, I am getting an invalid DN error. Is there a good resource site for this type of configuration issue? There is a lot of info that comes up through google but I am having no luck finding anything relevant (or that seems relevant to me). Thank you in advance and sorry about the newbie question. smbd version 3.0.25b started. Copyright Andrew Tridgell and the Samba Team 1992-2007 Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [profdata] adding IPC service reloading printcap cache reload status: ok reloading printcap cache reload status: ok added interface ip=192.168.11.5 bcast=192.168.11.255 nmask=255.255.255.0 loaded services Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=HFC))] smbldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server smbldap_search_domain_info: Got no domain info entries for domain add_new_domain_info: Adding new domain add_new_domain_info: failed to add domain dn= sambaDomainName=HFC,dc=hfc,dc=com with: Invalid DN syntax invalid DN smbldap_search_domain_info: Adding domain info for HFC failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 push_conn_ctx(0) : conn_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_privileges: No privileges assigned to SID [S-1-22-1-0] get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: user sid is S-1-22-1-0 se_access_check: also S-1-5-32-544 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) -
[Samba] weird winbind problem
Hi, I saw in the archive of the list a post of Paolo Negri from 22 Mar 2006 with the topic weird winbind problem. I have the same problem, I'd like to know if he could fix this ? thx fred. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] groups mapping problem
Hi the list, I have a samba 2.2.8a running with ldap authentication. but when I'm browsing the domain account I can see all the users but only 2 groups : Domain Admins and Domain users... How can I add all my other groups on the domain too ? [EMAIL PROTECTED] root]# rpcclient //SAMBA-FS -U administrator -c enumdomgroups Password: cmd = enumdomgroups group:[Domain Admins] rid:[0x200] group:[Domain Users] rid:[0x201] [EMAIL PROTECTED] root]# rpcclient //SPAMBA-FS -U administrator -c enumalsgroups dom ain Password: cmd = enumalsgroups domain group:[sys] rid:[0x3ef] group:[tty] rid:[0x3f3] group:[disk] rid:[0x3f5] group:[mem] rid:[0x3f9] group:[kmem] rid:[0x3fb] group:[wheel] rid:[0x3fd] group:[man] rid:[0x407] group:[dip] rid:[0x439] group:[lock] rid:[0x455] group:[users] rid:[0x4b1] group:[utmp] rid:[0x415] group:[floppy] rid:[0x40f] group:[slocate] rid:[0x413] group:[ARCserve] rid:[0x1775] group:[uagent] rid:[0x1771] group:[Domain Admins] rid:[0x579] group:[Domain Users] rid:[0x57b] group:[Domain Computers] rid:[0x83b] group:[Printers] rid:[0x226cb] group:[Operators] rid:[0x226c9] group:[BCH_Users] rid:[0xc73d] Thanks in advance, Best regards, Fred. - (o- //\Linux Rules V_/_ No HTML in emails - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba