27 sep 2006 kl. 16:26 skrev Elvis Aaron Presley:
I used "net rpc join -S server32 -U Administrador" to add the linux
machine to the domain. The net ad leave is for the kerberos method if
I'm not in a mistake.
Do you mean remove all computer accounts at the domain server?
!!??!?!?!!??!?
Noooooooooo!
Just the Samba account. You can't add it again if its there. (Well,
you can reset AD accounts also.)
Elvis
-----Mensaje original-----
De: Henrik Zagerholm [mailto:[EMAIL PROTECTED]
Enviado el: miércoles, 27 de septiembre de 2006 15:40
Para: Elvis Aaron Presley
CC: 'Lista Samba'
Asunto: Re: [Samba] Domain problem... (other way)
I would remove any computer accounts in AD.
You think should have used net ad leave before uninstall.
Do you use net rpc join or net ads join?
27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley:
Ok, I see there is no solution for this strange situation... Now, I
want
to reinstall samba and winbind.
I'll delete the user and the computer at the domain.
I'll uninstall samba and winbind using apt-get on my debian How can I
deatach the machine from the domain on linux? Is there something more
to do to start again?
Elvis
-----Mensaje original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de
Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006
12:59
Para: 'Lista Samba'
Asunto: RE: [Samba] Domain problem...
Hello, I've tried what you said and restarted samba and winbind...
But
no success... :( After that, I re-joined to the domain, but the same
result... I see when I tried to rejoin to the domain in the PDC w2000
event log a 5722 event. This is the error message:
The session setup from the computer ORACLE failed to authenticate.
The
name of the account referenced in the security database is ORACLE$.
The following error
occurred:
Access is denied.
But the user exist at the domain. ¿?
I see the log at /var/log/samba/log.winbindd with this:
[2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164)
kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve
network address for KDC in requested realm [2006/09/27 11:39:50, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(109)
ads_connect for domain RXN32 failed: Cannot resolve network address
for KDC in requested realm
The log at /var/log/samba/log.wb-RXN32 has:
[2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256)
creds_client_check: credentials check failed.
[2006/09/27 12:07:04, 0]
rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898)
rpccli_netlogon_sam_network_logon: credentials chain check failed
[2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164)
kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve
network address for KDC in requested realm [2006/09/27 12:07:04, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(109)
ads_connect for domain RXN32 failed: Cannot resolve network address
for KDC in requested realm
But I'm not using kerberos. In addition, this errors are present
too in
other older dates, and the server was working fine at that dates.
What can I do? I need to share folder on my debian to domain
users... :S
Elvis
-----Mensaje original-----
De: Henrik Zagerholm [mailto:[EMAIL PROTECTED]
Enviado el: miércoles, 27 de septiembre de 2006 9:30
Para: Elvis Aaron Presley
CC: 'Lista Samba'
Asunto: Re: [Samba] Domain problem...
Hello,
winbind enum users = yes
winbind enum groups = yes
also check that getent passwd shows domain users.
Cheers,
Henrik
27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley:
Nobody knows any information or test for me? :(
Elvis
-----Mensaje original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de
Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006
14:04
Para: Lista Samba
Asunto: [Samba] Domain problem...
Hello all, This is the first time I write to the list. Sorry
about my
english...
My Debian Sarge server was working perfectly with samba and
winbind as
a normal client in a Domain enviroment. I was able to share folders
on my linux machine giving rights to the domain users. Everything
was
working
until one day in that it crashed for some reason I don't know. I
didn't
touch anything of my config files (smb.conf,nsswitch.conf) so I
suppose
it's ok. The problem is that now, I can't do "wbinfo -u"
successfully.
It returns "Error looking domain users", so I can't share
directories
with domain users.
Enviroment info:
PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS
server
Debian: domain client (ip 192.168.1.249,netbios-name oracle) with
DNS
server
Other clients in the network uses DNS1 192.168.1.102 and DNS2
192.168.1.249 ... I don't know if this info is relevant.
"net rpc join -S server32 -U Administrador%pass" returns "Joined
domain RXN32." "wbinfo -m" returns "RXN32" <- is the netbios name of
the domain
"wbinfo -t" returns "checking the trust secret via RPC calls
succeeded"
"wbinfo -u" returns "Error looking up domain users" "wbinfo -g"
returns
"Error looking up domain groups"
Samba version 3.0.22 on debian machine. And in the domain exist the
user "oracle" with password "realpwd".
I've tried "wbinfo --authenticate=oracle%fakepwd" and return:
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user oracle%fakepwd with plaintext password
challenge/response password authentication failed error code was
NT_STATUS_WRONG_PASSWORD (0xc000006a) error messsage was: Wrong
Password Could not authenticate user oracle with challenge/response
But if I try "wbinfo --authenticate=oracle%realpwd" it returns:
plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user oracle%realpwd with plaintext password
challenge/response password authentication succeeded
What????? How is it possible? The user exist in the domain. I've
tried
delete it and create it again and same result. I've tried with other
user... But same result.
How can this stop to work if I didn't change anything? Is possible
that it happenned after apt-get dist-upgrade?
This is the global part of my smb.conf but i supposse it's ok
because
it was working and nothing changed:
[global]
workgroup = RXN32
security = DOMAIN
password server = server32
encrypt passwords = true
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
netbios name = oracle
I googled a lot, but with no luck... :(
Thank for read this "big text", and sorry if this message is at
incorrect list. If there is a more specific list for this kind of
issues, please tell me.
Thanks in advance and Regards.
Elvis
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
