Re: [Samba] Compiling on OS X
That would be very nice. On Nov 10, 2004, at 7:56 AM, Andrew Cunningham wrote: Clearly SAMBA needs plenty of patches to compile on OS X , these are noted at http://www.opensource.apple.com/darwinsource/10.3.6/samba-59/patches/ Perhaps these could be rolled into the SAMBA distribution at one point? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to join ADS domain
At 1:00 PM -0800 2/17/04, Joe Howell wrote: OK, now I'm getting somewhere. After rediscovering the -d flag in net, I ran net ads join -Umyid%mypwd -d 3 and got the following output: Rather than embedding the password, kinit [EMAIL PROTECTED] first. Then just net ads join ...And it'll use your kerb credentials. I wrote an article for O'Reilly about this- it's centered on Mac OS X, but asside from the fact that Mac OS X uses it's own method for identifying users (while linux, etc use winbindd- there are good reasons for this) the Samba stuff should be pretty much the same. http://www.macdevcenter.com/pub/a/mac/2003/12/09/active_directory.html -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join ADS domain
At 4:33 PM +0100 2/17/04, giuseppe panei wrote: Then the m$ documentation that recall ksetup and ktpass http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp is bad ? It is my last resource :-). It's great for unix stuff. Samba makes your unix box act more like a PC in terms of domain membership. Samba does things like a windows box would when joining a domain and accessing domain resources. This is a good thing. I am attempting from many time to join my linux box to a win2k ads domain. I can browse winXp/2k hosts, I get ticket, but the from client hosts i must input the password. I must have a *.keytab file on my computer? Not for Samba. Samba stores its secrets elsewhere. For ftp, ssh, etc... yes. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A bit OT: LDAP and AD interoperability with LDAP as master
At 6:11 PM +0100 2/17/04, Adrian Gschwend wrote: Setting up the Linux and Solaris clients to use LDAP is not really a problem. Connecting AD to LDAP looks much more complicated, after one week of testing and experimenting it gets quite annoying ;) Yeah this is totally OT. SunONE has a sync tool for AD... there are some other meta directory products out there. Last I looked, though, OpenLDAP's back-meta wasn't up to this. There's no point in religous wars about what's open and what's not. The point behind LDAP is that the standard is open- Who cares what's behind it... AD speaks LDAP, and AD makes an OK LDAP server for Unix hosts. If you have to support a lot of windows clients, it's the best choice right now, until someone comes up with a replacement. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX as file server in AD domain
At 9:14 AM -0500 3/10/03, Christian Raymond wrote: I just installed an OSX server that I joined to an existing Active Directory Domain. It works for the Mac side of OSX, but windows clients can't connect. From wath I understand, it is now time to setup samba to authenticate users of the AD domain. How can I tell samba to use AD for authentification? If you can point me to an How-to on this, it would be greatly appreciated. Check out the security = domain attribute in /etc/smb.conf Also note this: At 6:18 PM +1100 3/5/03, Andrew Bartlett wrote: On Wed, 2003-03-05 at 09:40, Siebert, Aaron wrote: Ver smb 2.2.7a Managers, I am having trouble configuring samba as a domain member authenticating to a win2k domain controller. All other aspects seem to be functioning but samba is generating a log event when attempting to connect to the password server as follows. Machine NDEVDC1 rejected the tconX on the IPC$ share. Error as follows: NT_STATUS_ACCESS_DENIED Any help is appreciated. Your DC may have 'RestrictAnonymous = 2' set (an NT/Win2k registry setting, also accessible as a group policy). This would cause all non-win2k domain members significant problems, as you then cannot access the NETLOGON pipe required for domain authenticaion (among other things). Andrew Bartlett Which bit me and with which Google was no help. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Active Diectory
At 9:09 AM -0500 3/4/03, News wrote: How do I keep users and passwds in sync. ie when an nt user changeshis/her passwd on the wintel desktop client? eww. password syncing. I'd look into nss_ldap in order to grab users from AD. You'll need Services for Unix or one of its free equivilents in order to get the right schema in place. -- http://www.4am-media.com Mac OS X Consulting and Training Michael Bartosh [EMAIL PROTECTED] 303.517.0272 Denver, CO The surest way to corrupt a youth is to instruct him to hold in higher regard those who think alike than those who think differently. - -- Nietzsche Think Different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error was : NT_STATUS_OK
On Wednesday, January 29, 2003, at 01:35 PM, Andreas Hasenack wrote: I'm trying to read the security logs in the event viewer now, and I saw once something about a wrong machine name, it was BLA and should be BLA$. Does this ring a bell? I sure recognize it. I've gone through the entire process 5 or 6 times. I'm still getting the same errors you are. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Win2k DC no longer authenticates for Samba shares
Just curious- are you experiencing netlogin errors on the DC as well? I posted something a couple of weeks ago- my logfiles looked a lot like yours. No one had an answer at that point. On Tuesday, January 28, 2003, at 09:57AM, Gaffey, Mike [EMAIL PROTECTED] wrote: -Original Message- From: Kyle Loree [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 2:24 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] Win2k DC no longer authenticates for Samba shares [EMAIL PROTECTED] writes: I have a win2k domain ... 2 of the client machines are Red Hat (7.3 and 8.0). I set everything up to use the DC to authenticate ID/PW. Everything worked perfectly until a week or so ago ... Samba would automatically create a home folder and the whole nine yards. Now I can see the shares on the Samba machines, but I can't access them ... just prompts for the ID/PW over and over. I can mount windows shares from the Linux boxes with no problems. I get access denied in the DC event logs when I try to access the Samba shares. If I run wbinfo on the linux boxes, it shows me the domain users. The only thing I can remember doing to the windows machines is running windowsupdate and applying all the critical patches ... same thing w/ the linux boxes ... just the auto updates from Red Hat. Any ideas? do you have log files? Kyle Loree Rendek Communications [EMAIL PROTECTED] Log file info ... Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) Jan 27 19:24:48 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge failed Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] smbd/password.c:connect_to_domain_password_server(1366) Jan 27 19:24:48 mark smbd[13448]: connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCNAME. Error was : NT_STATUS_OK. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] smbd/password.c:domain_client_validate(1599) Jan 27 19:24:48 mark smbd[13448]: domain_client_validate: Domain password server not available. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157) Jan 27 19:25:51 mark smbd[13448]: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) Jan 27 19:25:51 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge failed Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_trust.c:modify_trust_password(141) Jan 27 19:25:51 mark smbd[13448]: modify_trust_password: unable to setup the PDC credentials to machine PDCNAME. Error was : NT_STATUS_ACCESS_DENIED. Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_trust.c:change_trust_account_password(247) Jan 27 19:25:51 mark smbd[13448]: 2003/01/27 19:25:51 : change_trust_account_password: Failed to change password for domain DOMAINNAME. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2k DC no longer authenticates for Samba shares (th atfixed it)
On Tuesday, January 28, 2003, at 05:35 PM, Gaffey, Mike wrote: The only workaround I've found to date is to delete the machine from the domain on the domain controller, add it back and the join the domain from Samba (smbpasswd -j domain.) The last step may not be strictly necessary, but it confirms that Samba and the DC are on speaking terms again. I've tried this- many many times. smbpasswd always reports success. But- no dice when a client connects. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NetLogin error 5722 / Domain password server not available.
When W2K clients try to access a samba server joined to the domain, we get a NETLOGIN 5722 event: The session setup from the computer SAMBA failed to authenticate. The name of the account referenced in the security database is SAMBA$. The following error occured: Access is denied. The samba side of things is a bit more verbose (note error at bottom of page) I've found numerous references to this error online, but no solutions. One post suggested re-joining the domain, which I've attempted- the join succeeds, but authentication still fails. Join process: a) Add pre-Win2K account with AD Users and computers b) sudo smbpasswd -j EXAMPLE -r W2K -U Administrator%passwd c) in smb.conf: security = domain password server = W2K [2003/01/05 16:49:38, 3] /SourceCache/samba/samba-21/source/lib/util_sock.c:open_socket_out(830) Connecting to 192.168.1.2 at port 445 [2003/01/05 16:49:38, 4] /SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_req_chal(221) cli_net_req_chal: LSA Request Challenge from W2K to SAMBA: 965B45EE4F419A71 [2003/01/05 16:49:38, 4] /SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_session_key(60) cred_session_key [2003/01/05 16:49:38, 4] /SourceCache/samba/samba-21/source/libsmb/credentials.c:cred_create(91) cred_create [2003/01/05 16:49:38, 4] /SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(132) cli_net_auth2: srv:\\WI2K acct:SAMBA$ sc:2 mc: SAMBA chal B58AF439B186C221 neg: 1ff [2003/01/05 16:49:38, 0] /SourceCache/samba/samba-21/source/rpc_client/cli_netlogon.c:cli_net_auth2(157) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2003/01/05 16:49:38, 0] /SourceCache/samba/samba-21/source/rpc_client/cli_login.c:cli_nt_setup_creds(74) cli_nt_setup_creds: auth2 challenge failed [2003/01/05 16:49:38, 0] /SourceCache/samba/samba-21/source/smbd/password.c:connect_to_domain_password_server(1340) connect_to_domain_password_server: unable to setup the PDC credentials to machine W2K. Error was : NT_STATUS_OK. [2003/01/05 16:49:38, 0] /SourceCache/samba/samba-21/source/smbd/password.c:domain_client_validate(1558) domain_client_validate: Domain password server not available. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba