Re: [samba] all users prompted for username and passwd
Hi, No success with that. Thanks for the suggestion nonetheless. The log files show the line: Smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! Thanks, Kris Varun Agarwal wrote: Hi, Change the shared folder permissions to 755. Kind Regards, Varun On 5/24/07, *Kris Monstad* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: Hi there, I've recently configured a new server on our network...still having some (newbie) samba issues: Whenever anyone tries to access the new share they get prompted for a username and password (these would smb users and passwords and not the windows AD details, right?). I want the share to be accessed by anyone with the correct group permissions without this prompt... I did 'chmod -R 777' on the folder I am sharing, so currently everyone should have access regardless of group. here is my smb.conf: [global] workgroup = ABSOLUTESTUDIOS server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no veto files = /*.mp3/*.divx/*.wma/*.m4a/ inherit permissions = yes map acl inherit = yes nt acl support = yes panic action = /usr/share/samba/panic-action %d smb ports = 445 template shell = /bin/false winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes password server = absads1.absolutestudios.co.uk <http://absads1.absolutestudios.co.uk> realm = ABSOLUTESTUDIOS.CO.UK <http://ABSOLUTESTUDIOS.CO.UK> host msdfs = yes vfs object = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:versions = Yes recycle:exclude = *.iff *.ng [dump] path = /projects/dump writeable = yes guest ok = yes msdfs root = yes directory mask = 0700 veto files = *.mp3/*.divx/*.wma/*.m4a/ vfs object = recycle:repository="Recycle Bin" recycle:keeptree=True Thought I should mention that I get this problem if I start from scratch. I am using samba-3.0.10-1.4E with Redhat ES4 Any advice would be appreciated, Thanks again, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] all users prompted for username and passwd
Hi there, I've recently configured a new server on our network...still having some (newbie) samba issues: Whenever anyone tries to access the new share they get prompted for a username and password (these would smb users and passwords and not the windows AD details, right?). I want the share to be accessed by anyone with the correct group permissions without this prompt... I did 'chmod -R 777' on the folder I am sharing, so currently everyone should have access regardless of group. here is my smb.conf: [global] workgroup = ABSOLUTESTUDIOS server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no veto files = /*.mp3/*.divx/*.wma/*.m4a/ inherit permissions = yes map acl inherit = yes nt acl support = yes panic action = /usr/share/samba/panic-action %d smb ports = 445 template shell = /bin/false winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes password server = absads1.absolutestudios.co.uk realm = ABSOLUTESTUDIOS.CO.UK host msdfs = yes vfs object = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:versions = Yes recycle:exclude = *.iff *.ng [dump] path = /projects/dump writeable = yes guest ok = yes msdfs root = yes directory mask = 0700 veto files = *.mp3/*.divx/*.wma/*.m4a/ vfs object = recycle:repository="Recycle Bin" recycle:keeptree=True Thought I should mention that I get this problem if I start from scratch. I am using samba-3.0.10-1.4E with Redhat ES4 Any advice would be appreciated, Thanks again, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] User/group enumeration range not being used
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kris Monstad wrote: Hi all, Samba newbie again...I thought I was sorted out yesterday but a few more thing are plaguing me I have in my smb.conf: idmap uid = 1-2 idmap gid = 1-2 and winbind enum users = yes winbind enum groups = yes however, 'getent passwd' shows users within the default enumeration range (ie:16777550 or something like that!).This goes for groups too. I can't shake them off. All users are currently being asked for a username and password which are rejected (which I assume is due to this mix up - im not sure) Sounds like you are on RedHat and the high watermark in winbindd_idmap.tdb is already set above you range defined in smb.conf. I suggest you rename winbindd_idmap.tdb to something else and restart winbindd (if you don't care about the existing SID/uid/gid mappings). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGVYCMIR7qMdg1EfYRAugzAKDbih7qNBRngwkfxN2ZbQ/WyhzECQCfV0zW FSonnVh7t12ssTbzRyS3aqQ= =hanX -END PGP SIGNATURE- Yeah, Im using RedHat. I tried as suggested above and the enumeration is behaving now. Thanks again, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] User/group enumeration range not being used
Hi all, Samba newbie again...I thought I was sorted out yesterday but a few more thing are plaguing me I have in my smb.conf: idmap uid = 1-2 idmap gid = 1-2 and winbind enum users = yes winbind enum groups = yes however, 'getent passwd' shows users within the default enumeration range (ie:16777550 or something like that!).This goes for groups too. I can't shake them off. All users are currently being asked for a username and password which are rejected (which I assume is due to this mix up - im not sure) If anyone can offer advice I'd be extremely grateful! Cheers, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] kerberos_kinit_password -- Preauthentication falied ??
I got this one sorted out: I used a pared back smb.conf and found it was working, albeit not exactly as I would like I went through the lines of the pared back version changing them to the config which I was using below, then restarting samba and checking 'net ads join' . The (seeming) cause of the segmentation fault was the 'password server = *' line. Thanks for the suggestions! -Kris Kris Monstad wrote: Hi, I'm fairly new to samba so apologies if this is an old problem When I try 'net ads join -U administrator' I get the following: [2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for storage4 already exists - modifying old account Using short domain name -- ABSOLUTESTUDIOS [2007/05/22 12:15:15, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@ABSOLUTESTUDIOS.CO.UK failed: Preauthentication failed Segmentation fault wbinfo -p, -u, -g, -t all OK 'kinit [EMAIL PROTECTED]' returns a password prompt the following is my smb.conf: [global] workgroup = ABSOLUTESTUDIOS server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no veto files = /*.mp3/*.divx/*.wma/*.m4a/ inherit permissions = yes map acl inherit = yes nt acl support = yes panic action = /usr/share/samba/panic-action %d smb ports = 445 template shell = /bin/false winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes password server = * realm = ABSOLUTESTUDIOS.CO.UK host msdfs = yes vfs object = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:versions = Yes recycle:exclude = *.iff *.ng [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [dump] path = /projects/dump writeable = yes guest ok = yes msdfs root = yes directory mask = 0700 veto files = *.mp3/*.divx/*.wma/*.m4a/ vfs object = recycle:repository="Recycle Bin" recycle:keeptree=True Im pretty stumped on this...any advice would be greatly appreciated! -Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] kerberos_kinit_password -- Preauthentication falied ??
Im using the version of Samba which came with Redhat enterprise 4 recently, should I update? running 'net ads join -U admin -d 10' gave output which ended with: [2007/05/22 13:36:45, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database [2007/05/22 13:36:45, 0] utils/net_ads.c:ads_startup(186) ads_connect: Client not found in Kerberos database [2007/05/22 13:36:45, 2] utils/net.c:main(859) return code = -1 Thanks, Kris Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kris Monstad wrote: ads_add_machine_acct: Host account for storage4 already exists - modifying old account Seems like you are using a old version of Samba. Using short domain name -- ABSOLUTESTUDIOS get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@ABSOLUTESTUDIOS.CO.UK failed: Preauthentication failed Segmentation fault run "net ads join -U admin -d 10" and see if that gives you a hint where the segv occurs (or run it under gdb). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGUt4eIR7qMdg1EfYRApNAAJ9fa0OSkUVxyhoyIVv6jvAuqLYq6wCgvFdw puSkYDA8bdSJHrEhge45B1A= =rUBF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] kerberos_kinit_password -- Preauthentication falied ??
Hi, I'm fairly new to samba so apologies if this is an old problem When I try 'net ads join -U administrator' I get the following: [2007/05/22 12:15:15, 0] libads/ldap.c:ads_add_machine_acct(1368) ads_add_machine_acct: Host account for storage4 already exists - modifying old account Using short domain name -- ABSOLUTESTUDIOS [2007/05/22 12:15:15, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED]@ABSOLUTESTUDIOS.CO.UK failed: Preauthentication failed Segmentation fault wbinfo -p, -u, -g, -t all OK 'kinit [EMAIL PROTECTED]' returns a password prompt the following is my smb.conf: [global] workgroup = ABSOLUTESTUDIOS server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no veto files = /*.mp3/*.divx/*.wma/*.m4a/ inherit permissions = yes map acl inherit = yes nt acl support = yes panic action = /usr/share/samba/panic-action %d smb ports = 445 template shell = /bin/false winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes password server = * realm = ABSOLUTESTUDIOS.CO.UK host msdfs = yes vfs object = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:versions = Yes recycle:exclude = *.iff *.ng [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [dump] path = /projects/dump writeable = yes guest ok = yes msdfs root = yes directory mask = 0700 veto files = *.mp3/*.divx/*.wma/*.m4a/ vfs object = recycle:repository="Recycle Bin" recycle:keeptree=True Im pretty stumped on this...any advice would be greatly appreciated! -Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba shares OK- but only after 'getent passwd' ?
Hi there, I have just configured Samba on a new server and Im having a bit of trouble with it - after it boots, it dosn't want to share until I've issued the 'getent passwd' command...? Otherwise, it appears to be running fine; 'wbinfo -g' and -u are showing the correct info (that is, the same as 'getent...' ) Anyone have any idea why this could be? Thanks, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Qustion about shares
But the user cannot create a directory in his own home dir. Can somebody give an idea? Try adding:- Writeable = Yes Good luck! kris --Ivan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Manually authenticate single user?
Hi there, Firt off, Im new to the word of samba and windbind (and AD for that matter) so I apologise if my problem has had attention before. Ill try to articulate whats happening as best I can. I beleive my issue is with winbind in particular. If Ive neglected anything that would be helpful in finding a solution please let me know. Ive several linux machines using samba and winbind to share on an Active Directory domain. Recently I was asked to create two distinct new user groups specifically for two upcoming projects. Until these projects become active there are only two guys doing pre-production on them - one guy for each project. So I created the two security groups in active directory and placed the two workers in each's relevant group. Over to the linux machines: "getent group" shows the two new groups and their (lone) members. However I tried to set group permissions on a directory and they only work for one of the groups (group1, user1, say) . [I should note here that directly applying permissions for each user works fine] When I do "wbinfo -r user2" I see the groups user2 is a member of - EXCLUDING the new group I created with him in. "wbinfo -r user1" shows his new group fine. Also, doing "groups user1" works fine. "groups user2", again, excludes the new group I created. When I do "wbinfo -a user2%user2passwd" on a machine it authenticates user2 and seems to update. Now "wbinfo -r" and "groups" show the new groups and the permissions work fine. And it seems that in the case of user2, I have to do this manually after every change I make, whereas user1 works fine. These two accounts in active directory are identical - apart from the two new groups. I cannot see where one user account trips up whereas the other is OK. Can anyone suggest what might be the culprit here? While the "wbinfo -a" route works, Id rather know more! Thanks you for any help, Kris Monstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
