Hi Lieven Thanks for advise !
the getent passwd command shows me all the users of the 2k domain in this format : DOMAIN2K+user:x:10000:10026::/home/NetBiosName/user:/bin/bash
I think that's correct. But do you think I got to use nss pam or something like that ?
I just can't login with a 2000 user on Samba, but guests (unknown users ) can, when I permit them to. So I think users are known but their password are badly processed. Maybe something messing with kerberos ?
Thanks for reading and hope to see you soon !
Bertram
From: Lieven VAN ACKER <[EMAIL PROTECTED]>
To: Yohann Ferreira <[EMAIL PROTECTED]>
Subject: RE: [Samba] password change on the domain password server using clienttools
Date: Thu, 29 Apr 2004 13:40:49 +0200
Hi,
congratulations so far!
did you try to
getent passwd
to check if winbind is actually called when asking for unix users?
If the domain users are not listed, you probably have a problem with your pam config...
Regards,
Lieven
Yohann Ferreira <[EMAIL PROTECTED]> schreef:
>Hi Lieven !
>
>I'm back with questions !
>First of all, I've set my security parameters to ADS in smb.conf
>and have configured the krb5.conf file (using MIT Kerberos 5).
>Then I used a net ads join -S Domain -U admin
>and it Worked !
>I had, of course, configured nsswitch.conf to something like this :
>
>passwd: files winbind
>group: files winbind
>shadow: files
>the wbinfos commands :
>
>wbinfo -u -g -t -m -a DOMAIN+admin%password are working !
>
>The next thing and then final one is to connect to my samba member server
>via another desktop under win2000, with the network panel, to the Samba
>machine, but it doesn't work at all !
>
>what did I forgot ??
>
>Thanks a lot for reading !
>
>Bertram
>
>>From: Lieven VAN ACKER <[EMAIL PROTECTED]>
>>To: Yohann Ferreira <[EMAIL PROTECTED]>
>>Subject: RE: [Samba] password change on the domain password server using
>>clienttools
>>Date: Wed, 28 Apr 2004 15:04:20 +0200
>>
>>Well,
>>
>>I could tell you a couple of things ..just for the moment I'm running a
>bit
>>out of time, ...
>>
>>You could find some starting info in the Samba (3) HOWTO, chapter 7:
>domain
>>membership.
>>
>>If you want to access the AD, e.g. with ldapsearch, following things
>should
>>be noted:
>>
>>* use ldaps (-H ldaps://domainserver)
>>* use simple authentication (-x -W)
>>* bind using [EMAIL PROTECTED] (-D "[EMAIL PROTECTED]")
>>
>>Ask me if you have any further questions,
>>
>>regards,
>>
>>Lieven
>>
>>Yohann Ferreira <[EMAIL PROTECTED]> schreef:
>> >Hi,
>> >
>> >I've read your mail concerning the integration of a samber member server
>
>>in
>> >
>> >a Windows 2000 Domain.
>> >I, for now, am trying to join the 2000 domain, and access the AD in
>order
>> >to
>> >get users and groups...
>> >Could you tell me how you use LDAP to do this ?
>> >And if there something else to with smb.conf or/ and nsswitch.conf ?
>> >
>> >>From: Lieven VAN ACKER <[EMAIL PROTECTED]>
>> >>To: [EMAIL PROTECTED]
>> >>Subject: [Samba] password change on the domain password server using
>> >>clienttools
>> >>Date: Wed, 28 Apr 2004 11:29:45 +0200
>> >>
>> >>Hi,
>> >>
>> >>I've setup samba to be a member of a windows 2000 (mixed mode) domain.
>> >>I'm using ldap client interface to access the AD on the W2K domain
>> >>controller, in order to add users en groups.
>> >>
>> >>Now, the final step to manage this config is to set the password of
>the
>> >>users. As it seems hard to use the ldap interface to set the
>passwords,
>> >>I've thought of using samba client tools, like smbpasswd or pdbedit or
>> >net
>> >>commands.
>> >>
>> >>I manage to use smbpasswd -r ADSERVER -U username to set the password
>> >>interactively, pretending being user "username".
>> >>
>> >>Thing is, there should be a way to change (or set initial) password as
>> >>domain admin.
>> >>
>> >>I tried using
>> >>
>> >>net rap password username "" newpass -U administrator%adminpass
>> >>
>> >>but this doesn't seem to have the intended result (while it doesn't
>give
>> >me
>> >>any indication of success or failure).
>> >>
>> >>So if anybody could give me a clue, how to proceed to be able to
>change
>> >the
>> >>ad password in a scriptable way, I'd be able to finish this
>integration
>> >>exercise...
>> >>
>> >>Regards,
>> >>
>> >>Lieven
>> >>
>> >>
>> >>--
>> >>To unsubscribe from this list go to the following URL and read the
>> >>instructions: http://lists.samba.org/mailman/listinfo/samba
>> >
>> >_________________________________________________________________
>> >Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
>> >
>>
>>
>
>_________________________________________________________________
>Hotmail : un compte GRATUIT qui vous suit partout et tout le temps !
>http://g.msn.fr/FR1000/9493
>
_________________________________________________________________
Recevez par e-mail des �motic�nes pour MSN Messenger http://g.msn.fr/FR1001/2275?url=http://www.msn.fr/ilovemessenger/premium/Default.asp?Ath=f
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
