Still with the problem. I have tested with the version 3.0.0 and right, I can see the shares however cannot connect to the home shares or shares with valid users option in smb.conf. Besides this version cannot substitute correctly the %D %u %U %S variables. I have written them in the comment option of a share and I can see that the values are not correct. %D gives me the samba hostname, %S gives me "IPC_"
Trying with version 3.0.1 cannot see no shares. Trying with version 3.0.1rc2, it's the same like 3.0.0, but it seems that some variables are correct like %u but %U is empty. I don't know is very strange. It worked once with this version after I changed the password for the Administrator of my PDC/KDC and the user I use to test the shares however in the next reboot of the WinXP client machine it already doesn't work again. I think that doing samba 3 be a member of AD is not working properly. Does anyone got it ?? Could make a howto ? Thanks in advance, Fernando. On Fri, 2003-12-19 at 14:00, C.Lee Taylor wrote: > Greetings ... > > Sorry for the long post, but I prefer to keep a copy of what I think > is need for this thread ... > > As requested, here are my smb.conf ... I have left in my comment to > show what I have been changing and see if it makes a differance ... plus > some shares ( not all that I use ) ... > > # Global parameters > [global] > workgroup = TEST-ZA > realm = TEST-ZA.CORP > security = ads > # netbios aliases = nasrec > server string = Samba Server %v %h > interfaces = eth0*,lo > bind interfaces only = Yes > # encrypt passwords = Yes > # update encrypted = Yes > # min passwd length = 4 > # pam password change = Yes > # passwd program = /usr/bin/passwd %u > # passwd chat debug = Yes > # unix password sync = Yes > # username map = /etc/samba/smbusers > # admin users = administrator, TEST-ZA\administrator > log file = /var/log/samba/%m.log > max log size = 150 > time server = Yes > unix extensions = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > logon script = login.bat > logon drive = l: > domain logons = no > # lm announce = yes > preferred master = no > domain master = no > # dns proxy = yes > # wins support = yes > # wins server = * > # wins server = naszadc01.test-za.corp, naszadc02.test-za.corp > wins server = 10.1.1.16, 10.1.1.17 > utmp = Yes > message command = /bin/mail -s 'message from %f on %m' root < > %s; rm %s > comment = Test Nasrec Linux Box > create mask = 0660 > force create mode = 0660 > directory mask = 0770 > force directory mode = 0770 > inherit permissions = Yes > map archive = No > > # name resolve order = host, wins > # password server = * > password server = 10.1.1.16, 10.1.1.17 > > # ldap suffix = dc=test-za,dc=corp > # ldap idmap suffix = ou=idmap > # ldap admin dn = cn=root,dc=test-za,dc=corp > ldap suffix = dc=test,dc=co,dc=za > ldap admin dn = cn=Manager,dc=test,dc=co,dc=za > ldap idmap suffix = ou=idmap > # ldap ssl = start tls > ldap ssl = no > # ldap passwd sync = yes > > # winbind separator = + > # idmap backend = ldap:ldap://localhost > idmap backend = ldap:ldap://zeus.test.co.za > idmap uid = 10000-20000 > idmap gid = 10000-20000 > > # client schannel = no > # server schannel = no > > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > # winbind trusted domains only = yes > > # template shell = /sbin/nologin > # template shell = /bin/bash > # template homedir = /home/%D/%U > template homedir = /home/TEST-ZA/%U > > load printers = yes > printing = cups > printcap = cups > > # log level = 1 > > # guest account = NULL > restrict anonymous = yes > > [printers] > comment = All Printers > path = /var/spool/samba > guest ok = Yes > printable = Yes > browseable = No > public = yes > writable = no > write list = root, Administrator, TEST-ZA\Administrator > printer admin = root, Administrator, TEST-ZA\Administrator > vfs object = extd_audit > > [print$] > comment = Printer Driver Download Area > path = /home/services/smb/printers/drivers > browseable = No > # browseable = yes > guest ok = Yes > # guest ok = no > # read only = yes > read only = no > # write list = @ntadmin, root, Administrator > write list = root, Administrator, TEST-ZA\Administrator > printer admin = root, Administrator, TEST-ZA\Administrator > vfs object = extd_audit > > [netlogon] > comment = Network Logon share > path = /home/services/smb/netlogon > create mask = 0664 > force create mode = 0664 > directory mask = 0775 > force directory mode = 0775 > guest ok = Yes > > #[profiles] > # path = /etc/samba/profiles > # read only = No > # create mask = 0600 > # directory mask = 0700 > # browseable = No > # csc policy = disable > > [homes] > comment = Home Directory for %u and %D\%S > read only = No > # valid users = %D\%S, %S > create mask = 0600 > force create mode = 0600 > directory mask = 0700 > force directory mode = 0700 > profile acls = yes > veto files = /Maildir/ /.recycle/ > browseable = No > vfs object = recycle > vfs_recycle_bin:noversions = *.doc|*.xls|*.ppt > vfs_recycle_bin:exclude_dir = /tmp|/temp|/cache|/profile > vfs_recycle_bin:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.lnk > vfs_recycle_bin:maxsize = 0 > vfs_recycle_bin:touch = yes > vfs_recycle_bin:versions = no > vfs_recycle_bin:keeptree = yes > vfs_recycle_bin:repository = .recycle/%U > > [public] > comment = Public Stuff > path = /home/services/smb/public > read only = No > create mask = 0664 > force create mode = 0664 > directory mask = 0775 > force directory mode = 0775 > guest ok = Yes > oplocks = No > level2 oplocks = No > veto files = /.recycle/ > vfs object = extd_audit recycle > vfs_recycle_bin:noversions = *.doc|*.xls|*.ppt > vfs_recycle_bin:exclude_dir = /tmp|/temp|/cache > vfs_recycle_bin:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.lnk > vfs_recycle_bin:maxsize = 0 > vfs_recycle_bin:touch = yes > vfs_recycle_bin:versions = no > vfs_recycle_bin:keeptree = yes > vfs_recycle_bin:repository = .recycle > > As requested my krb5.conf ... > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime = 24000 > default_realm = TEST-ZA.CORP > # dns_lookup_realm = true > # dns_lookup_kdc = true > # default_tgs_enctypes = des-cbc-md5 des-cbc-crc > # default_tkt_enctypes = des-cbc-md5 des-cbc-crc > # permitted_enctypes = des-cbc-md5 des-cbc-crc > # kdc_req_checksum_type = 2 > # checksum_type = 2 > # ccache_type = 1 > # forwardable = true > # proxiable = true > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com:88 > admin_server = kerberos.example.com:749 > # default_domain = example.com > } > > SCANIA-ZA.CORP = { > kdc = 10.1.1.16 > # kdc = naszadc01.test-za.corp > # kdc = naszadc02.test-za.corp > > # default_domain = test-za.corp > } > > [domain_realm] > .example.com = EXAMPLE.COM > example.com = EXAMPLE.COM > .test-za.corp = TEST-ZA.CORP > test-za.corp = TEST-ZA.CORP > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = true > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > I hope this helps .. > > Mailed > Lee > > P.S. Remember this works with Samba 3.0.0 and not Samba 3.0.1 ... > > >I'd like to have a copy of your smb.conf and krb5.conf files. I have had > >the same problem like you for weeks and still without success. > > > >> Okay, first I throught that maybe this a problem with Samba3, but I > >>know that I have been able to use this, so I tried on both Samba 3.0.0 > >>(FC1 rpms ) and Samba 3.0.1 ( compiled on FC1 by myself rpms ) ... > >> > >> At first I had no joy with either, so I throught that maybe I had > >>done something wrong ( blush! ) ... So, I went back to basics ... I > >>found that if I removed all the funky options in /etc/krb5.conf and used > >>Samba 3.0.0, all seems to work fine ( expect for know bugs in 3.0.0, > >>understandable ) ... I think upgraded to Samba 3.0.1, and I could not > >>access the Samba server again using is hostname ... > >> > >> So now I have two servers for test, both with FC1 and all the > >>updates, one with Samba 3.0.0 ( FC1 rpms ) and the other with Samba > >>3.0.1 ( self maybe rpms ). > >> > >>>| I have a Win2K3 ADS domain, I have two FedoraCore systems, one with > >>>| Samba 3.0.0 and the other with Samba 3.0.1. Both give me the same > >>>problem. > >>>| > >>>| If I try access the Samba shares from Win2K3 using the host > >>>number, I > >>>| get prompted for a username and password, and no matter what I type in, > >>>| I can't get in. > >>>| > >>>| If I use the Samba server IP address, I am able to get into shares > >>>| without been prompted for user details, but Point'nPrint don't work, it > >>>| too requests user details. > >>>| > >>>| I do seem to be getting two errors in my logs ... First in smbd.log > >>>| > >>>| [2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948) > >>>| getpeername failed. Error was Transport endpoint is not connected > >>>| [2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948) > >>>| getpeername failed. Error was Transport endpoint is not connected > >>>| > >>>| And the other in the machine log with the IP address eg ... > >>>| 10.1.1.20.log > >>>| [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > >>>| Failed to verify incoming ticket! > >>>| [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) > >>>| Failed to verify incoming ticket! > >>>| > >>>| But in the machine log with the hostname, I am getting normal > >>>| messages ... > >>>| > >>>| I have tried to make changes in /etc/krb5.conf, but I don't get any > >>>| further ... > >>>| > >>>| I have tried a few status checks with net, all hosts work fine ... > >>>| > >>>| [EMAIL PROTECTED] samba]# net lookup ldap > >>>| 10.1.1.16:389 > >>>| 10.1.1.17:389 > >>>| > >>>| [EMAIL PROTECTED] samba]# net lookup dc > >>>| 10.1.1.16 > >>>| 10.1.1.17 > >>>| > >>>| But net lookup kdc, master domain don't return any thing, so I don't > >>>| know what else to look for ... > >>> > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
