Hello,
We are running samba 3.0.34 and having problem joining windows 2008 domain when
server ldap signing is required.
We configured start-tls, copied over the CA certificate but getting an error
for the request to start ssl/tls
To be exact, here is what we see in wireshark:
Our request to
Hi Jerry,
I used 3.0.25 and 3.0.31
I will look into this again as soon as we move on to 3.2.
Cheers,
Ephi
-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Friday, September 05, 2008 7:07 AM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba
Hello,
Pam based authentication is failing for trusted domain users when the trust was
set to one way.
There is no problem for shares access.
Details:
=
1. I have domain DOM-A and domain DOM-B.
2. I setup trust between DOM-A and DOM- in such a way that DOM-A is trusting
DOM-B BUT
Hello,
I'm using samba 3.0.31 and seems to have an issue with getting user's groups
info.
It works like a Swiss Watch when I start winbindd and do id username for a
given user however, if I add that user to one more group on the domain and
issue id username I don't get the up to date info.
this cache length if needed.
Thanks so much,
Ephi
-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 26, 2008 10:16 AM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba] User's groups issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ephi
netsamlogon_clear_cached_user()
in other places to allow none authentication pam functions such as id to work
well.
Thanks,
Ephi
-Original Message-
From: Ephi Dror
Sent: Tuesday, August 26, 2008 10:27 AM
To: 'Gerald (Jerry) Carter'
Cc: samba@lists.samba.org
Subject: RE: [Samba] User's groups
Hello,
Does samba support the use of S4U?
What do we need to configure in SAMBA or krb5 to support getting a
ticket obtained by S4U. We are using 3.0.25 and krb5-1.4.1
We are getting the following error:
decode_pac_data: Name in PAC [EMAIL PROTECTED]
does not match principal name
Hello,
Does samba support the use of S4U?
What do we need to configure in SAMBA or krb5 to support getting a
ticket obtained by S4U. We are using 3.0.25 and krb5-1.4.1
We are getting the following error:
decode_pac_data: Name in PAC [EMAIL PROTECTED]
does not match principal name
Hello,
Look like demand for multiple file streams support increased lately.
Does samba 3 series intend to support it any time soon?
Look like SAMBA 4 is working on it based on the following form Andrew
Tridgell:
One simple but important example of how the new NTVFS layer helps is the
Hello,
I would like to know when do we need to specify kpasswd protocol =
SET_CHANGE in krb5.com in the [realms] section when talking to windows
AD domain.
I usually don't use it and it works fine BUT I recently needed to use it
since net ads join ... hanged during the last part of join
-
From: Howard Wilkinson [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 24, 2006 2:51 PM
To: Ephi Dror; samba@lists.samba.org
Subject: RE: [Samba] Joined 2 samba servers to ADS but kinit in winbindd
failedfor one of them!
Ephi,
Can you please supply the smb.conf and krb5.conf from both machines
Hi All,
I have strange situation in which two systems running SAMBA (same
version) have successfully joined an ADS.
However one has no problem using wimbindd/ wbinfo to communicate with
the domain and kinit in winbindd works fine.
But the other is failing with a kinit problem as following:
and not
for any directory leading to mount point.
Cheers,
Ephi
-Original Message-
From: Ephi Dror
Sent: Monday, August 21, 2006 12:11 PM
To: samba@lists.samba.org
Cc: 'Jeremy Allison'; '[EMAIL PROTECTED]'
Subject: Re: [Samba] User can't access a share that he has full control
of
Hi Simo,
Thank
Hi all,
I have noticed that if you create a share to path lets say
\\dir1\dir2\dir3
And a user lets say u1 has full control on dir3 BUT no control at all on
dir2 then user u1 cannot access the share.
Is it right?
We have a situation with clients who typically do the following:
Create a
!=0)
change_to_user(conn, conn-vuid);
#endif
END_PROFILE(syscall_stat);
return result;
}
-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED]
Sent: Monday, August 21, 2006 10:23 AM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba
into the problem
with our SAMBA.
So far I can't see it as a problem.
Cheers,
Ephi
-Original Message-
From: simo [mailto:[EMAIL PROTECTED]
Sent: Monday, August 21, 2006 11:41 AM
To: Jeremy Allison
Cc: Ephi Dror; samba@lists.samba.org
Subject: Re: [Samba] User can't access a share that he
Hi all,
I have a situation in which my SAMBA 3.0.14a could not join the a very
large windows 2003 AD domain with tens of domain controllers all over
the world. With an error I have never seen before.
The kinit part went OK but the net ads join part failed.
What we tried is to have our SAMBA
Hi,
Regarding change share command option in smb.conf.
I am not using it by I am wondering how it can ever work if input
parameters don't include existing share name.
I mean if you want to change existing share name to new share name,
don't you need to get the old share name too?
It can
Hi everyone,
I am wondering why do I see S-XXX numbers instead of actual names when
viewing and setting quota from windows.
My server is configured as a stand alone in which I use pdbedit to add
bunch of users.
However, when I look at properties- security, names are coming up
correct (not
Hi All,
Does anyone run SQL and/or exchange on SAMBA server share?
Are there any special considerations to take? would you be kind enough
to share your experience doing it?
Any special smb.conf configuration is required?
is there any performance issue or functional limitations supporting
Hi,
I am running SAMBA 3.0.14a and having the problem described in bug 765.
https://bugzilla.samba.org/show_bug.cgi?id=765
Which is:
If Win2k3 policy: Domain Controller: LDAP server signing requirements
set to Require Signing, net ads join fails
My questions:
1. If I upgrade to the
Hi All,
Microsoft just coming up with R2
(http://searchstorage.techtarget.com/originalContent/0,289142,sid5_gci11
50420,00.html?track=NL-52ad=536546)
I have couple of questions regarding it:
1. Have they modified/added new features to the core CIFS, RPC, etc.
protocols to support some of
Hi all,
I have a strange situation, I hope someone can tell me what's wrong.
I have a samba server 3.014a joined win2003 AD.
When I run wbinfo -n administrator, I am getting an error: Could not
lookup name administrator
BUT
If I first run wbinfo -u I get the list of users successfully
Hi All,
Here is my situation:
I run 3.014a samba server. It joins different ADS domains through out
the day and every day.
Configured it with use keytab = yes but did not execute the command
net ads flush keytab after each new domain join.
While trying to map a share from a client with a
:[EMAIL PROTECTED]
Sent: Tuesday, June 14, 2005 8:03 PM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: RE: [Samba] Kerberos enc type [xx] failed
On Tue, 2005-06-14 at 19:04 -0700, Ephi Dror wrote:
Hi Andrew,
I upgraded krb5 libs to 1.3.3 and now the error became Decrypt
integrity check
Thank you Andrew for sharing with us your expertise and give us those
suggestions.
We really appreciate it.
Cheers,
Ephi
-Original Message-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Sent: Monday, June 13, 2005 10:15 PM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba
'LONDON.STORADINC.COM'
And last, is it to do with kerberos hot fix
http://support.microsoft.com/kb/833708/
Just wondering.
Thanks so much in advance for any hint in this complicated area.
Cheers,
Ephi
-Original Message-
From: Ephi Dror
Sent: Tuesday, June 14, 2005 10:28 AM
To: 'Andrew
Hi All,
I am getting Kerberos enc type problem that I can't explain:
[2005/06/11 11:41:29, 1, pid=29355]
libads/kerberos_verify.c:ads_keytab_verify_ticket(61)
ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file
or directory)
[2005/06/11 11:41:29, 3, pid=29355]
netbiosDomain\name
works.
Cheers,
Ephi
-Original Message-
From: Paul Gienger [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 5:45 AM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba] mapping with username: [EMAIL PROTECTED] failed
When trying to map my SAMBA share
) Carter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 10:37 AM
To: Ephi Dror
Cc: Paul Gienger; samba@lists.samba.org
Subject: Re: [Samba] mapping with username: [EMAIL PROTECTED] failed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ephi Dror wrote:
HOWEVER, samba does not like me
Hi All,
When trying to map my SAMBA share from WinXP, it prompted me for name
and password but it failed when I used [EMAIL PROTECTED]
However, using domain\name worked.
Any idea why my SAMBA server didn't accept this name style [EMAIL PROTECTED]
?
Assume: Realm (AD domain): domain.com
Hi All,
I run Linux with two interfaces. Configured those interfaces with IP
and added both IPs to DNS (which is not Windows DNS on my domain
controller) lets say with names A and name B.
I run SAMBA on that Linux and joined as ADS to a domain controller D
and I used the name A and it
Hi All,
I upgraded my windows 2003 enterprise server to sp1 and having problems with
winbindd/wbinfo.
I am using samba 3.0.6 and joined as ADS
wbinfo -u
wbinfo -g
wbinfo -p
wbinfo -t
work like a Swiss watch
However
wbinfo -n ephi
wbinfo -s .
DO NOT WORK.
Is the latest
To: Tom Skeren
Cc: Andrew Bartlett; samba@lists.samba.org; Ephi Dror
Subject: Re: [Samba] Joining a domain controller with a conflict name
Tom Skeren wrote:
Jonathan Johnson wrote:
Again, this is the responsibility of the network administrator.
That's why a password is required to join
Hi All,
Is it a way to prevent joining a domain with a netbios name that already
used by other domain member?.
For example, if I have SAMBA server SA1 already joined a domain and
then I go to a different SAMBA server and make it join the same domain
with the name SA1 also.
What I found
-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 13, 2005 3:52 PM
To: Ephi Dror
Cc: samba@lists.samba.org
Subject: Re: [Samba] Joining a domain controller with a conflict name
On Wed, 2005-04-13 at 15:40 -0700, Ephi Dror wrote:
Hi All,
Is it a way to prevent joining
Hi All,
If I have domain controller on a different subnet than the samba server
and I would like to join that domain controller in an environment
without WINS, meaning only DNS available.
Unfortunately, it failed.
Is it possible to do it? I am using domain type DOMAIN (not ADS) in
Hi All,
Does anyone has an idea why sometimes when I issue net rpc testjoin
right after I joined the domain using (net ads join) I get an error :
Error in domain join verification (fresh connection)
But after waiting few seconds, testjoin is succeed like a Swiss watch.
Its only happens
Hi All,
I'm running netbench against our samba based filer and having I believe
a controller problem.
When I configure the test to run multiple engines per client (about 5 in
my case) and about 20 clients so all together I have 100 engines, the
controller crashes.
My clients are a mix of
Hi All,
How do I make windows file explorer to not show Printers and Faxes when
clicking on SAMBA server while browsing for Microsoft Windows Network. Also,
once I click on it, the Add Printer icon shows up.
In smb.conf I have:
show add printer wizard = no
load printers = no
Hi All,
I am wondering:
Is it possible for a windows client to use separate tcp/ip connection per
share.
Meaning that if we have SAMBA server that shares let's say three shares,
then each client that connect to those shares (tcon) will end up having
three tcp/ip connections with the server and
Hi All,
To join an ADS based domain we need to join the realm first (kinit ...) and
then
join the domain (net ads join .)
Is it possible to do it without specifying user name and
password (perhaps some other shared secret)?
For instance, if a machine was already added in the domain server
42 matches
Mail list logo
