Hi Gianluca * *How did you define your shares in the smb.conf? Can you send me an example?
thanks Urs * * On 5/10/07, Urs Golla <[EMAIL PROTECTED]> wrote:
If I set client use spnego = no in the smb.conf it says: Requested protocol [LANMAN2.1] [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_negprot(487) Requested protocol [NT LM 0.12] [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2007/05/10 13:00:57, 3] smbd/negprot.c:reply_negprot(580) Selected protocol NT LM 0.12 [2007/05/10 13:00:57, 3] smbd/process.c:process_smb(1110) Transaction 1 of length 250 ...but testparm tells me, it is set to "no". What does that mean? On 5/10/07, Gianluca Culot < [EMAIL PROTECTED]> wrote: > > YES :D > Remove spnego... > I tried to use spnego... never worked > > without... runs smoothly and perfectly > > > > ---------------------------------------------- > *Gianluca Culot** > **DMS Multimedia* > Via delle Arti e dei Mestieri, 6 > 20050 Sulbiate (Mi) - Italy > Tel: +39 039 5968925 > Fax: +39 039 3309813 > <mailto:[EMAIL PROTECTED] <[EMAIL PROTECTED]>> > www.dmsware.com <http://www.dmsware.com/> > > Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in > questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora > il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza > copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il > mittente comunica che il presente messaggio ed ogni suo allegato, al momento > dell'invio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri > tipo di codice software dannoso. Questo messaggio e i suoi allegati > potrebbero essere stati infettati durante la trasmissione. Leggendo il > messaggio e/o aprendo gli allegati, il Destinatario si prende la piena > responsabilità nei confronti di ogni azione protettiva o di rimedio per la > rimozione di virus ed altri difetti. DMS Multimedia non potrà essere > considerata responsabile per qualsivoglia danno o perdita derivata qualunque > modo da questo messaggio o dai suoi allegati. > > The information in this electronic mail message, including any > attachments, is confidential and may be legally privileged. It is intended > solely for the addressee(s). Access to this Internet electronic mail message > by anyone else is unauthorised. If you are not the intended recipient, any > disclosure, copying, distribution or action taken or omitted to be taken in > reliance on it is prohibited and may be unlawful. The sender believes that > this E-mail and any attachments were free of any virus, worm, Trojan horse, > and/or malicious code when sent. This message and its attachments could have > been infected during transmission. By reading the message and opening the > attachments, the recipient accepts full responsibility for taking protective > and remedial action about viruses and other defects.DMS Multimedia is > not liable for any loss or damage arising in any way from this message or > its attachments > > -----Messaggio originale----- > *Da:* Urs Golla [mailto:[EMAIL PROTECTED] > *Inviato:* giovedì 10 maggio 2007 11.47 > *A:* Gianluca Culot > *Cc:* [email protected] > *Oggetto:* Re: R: R: [Samba] security = ads --> invalide user > > Hi Gianluca > > Thanks a lot for your response! > > spnego: > > *From the Official Samba-3 HOWTO (Section 6.6.3, page 80): > * > "Windows 2003 requires SMB signing. Client-side SMB signing has been > > implemented in Samba 3.0. Set client use spnego = yes when > communicating with a Windows 2003 server." > > > AD is 2003 > > I map now groups AND users. --> It still does not work... any idea? > > > > On 5/10/07, Gianluca Culot <[EMAIL PROTECTED]> wrote: > > > > > > > -----Messaggio originale----- > > > Da: [EMAIL PROTECTED] > > > [mailto: [EMAIL PROTECTED] > > > conto di Urs Golla > > > Inviato: giovedì 10 maggio 2007 10.04 > > > A: [email protected] > > > Oggetto: Re: R: [Samba] security = ads --> invalide user > > > > > > > > > Hi > > > > > > Still the same problem... > > > > > > I think the connection to the domain is ok. because if i use a > > > non existent > > > user, the log says: "FAILED with error NT_STATUS_NO_SUCH_USER" > > > > > > If I use a wrong password is gives me also a different error > > message. > > > > > > cheers > > > > > > On 5/10/07, Gianluca Culot <[EMAIL PROTECTED] > wrote: > > > > > > > > > > > > > -----Messaggio originale----- > > > > > Da: [EMAIL PROTECTED] > > > > > [mailto: [EMAIL PROTECTED] > > ]Per > > > > > conto di Urs Golla > > > > > Inviato: giovedì 10 maggio 2007 9.44 > > > > > A: [email protected] > > > > > Oggetto: [Samba] security = ads --> invalide user > > > > > > > > > > > > > > > Hello > > > > > > > > > > I try to run SAMBA with security = ads on AIX 5.3 with SAMBA > > 3.0.23d. > > > > > "net ads join" was successful and the machine is now visible in > > the > > > > Domain > > > > > with the netbios name. > > > > > > > > > > When I try to access the shares on the machine the log.smbd > > > files says: > > > > > > > > > > (...) > > > > > [2007/05/10 08:58:16, 1] > > smbd/sesssetup.c:reply_spnego_kerberos(310) > > > > > Username MYDOMAIN/MYUSERNAME is invalid on this system > > > > > [2007/05/10 08:58:16, 3] smbd/error.c:error_packet(146) > > > > > error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) > > > > > NT_STATUS_LOGON_FAILURE > > > > > (...) > > > > > > > > > > > > > > > ****************************************************** > > > > > smb.conf: > > > > > > > > > > [global] > > > > > winbind separator = / > > > > > netbios name = MYNETBIOSNAME > > > > > winbind enum users = yes > > > > > workgroup = MYDOMAIN > > > > > winbind enum groups = yes > > > > > #password server = * > > > > > password server = MYPASSWORDSERVER > > > > > encrypt passwords = yes > > > > > dns proxy = no > > > > > realm = MYREALM > > > > > security = ADS > > > > > wins proxy = no > > > > > winbind use default domain = Yes > > > > > client use spnego = yes > > > > > #idmap uid = 10000-20000 > > > > > #winbind gid = 10000-20000 > > > > > preferred master = no > > > > > log level = 3 > > > > > wins server = x.x.x.x > > > > > #auth methods = guest sam winbind > > > > > #idmap uid = 10000-20000 > > > > > idmap gid = 10000-20000 > > > > > > > > > > > > > > > [testsamba] > > > > > comment = Samba testfolder > > > > > path = /testsamba > > > > > read only = no > > > > > valid users = MYDOMAIN/USERNAME > > > > > > > > > > ****************************************************** > > > > > > > > > > I also maped the domain groups with "net groupmap" > > > > > > > > > > # ./net groupmap list > > > > > Domain Users (S-1-5-21-3687956107-1621720357-3427760348-513) -> > > > > > domainusers > > > > > Domain Guests (S-1-5-21-3687956107-1621720357-3427760348-997) > > > -> nobody > > > > > Administrators (S-1-5-32-544) -> 5000 > > > > > mygroup (S-1-5-21-3687956107-1621720357-3427760348-14001) -> > > mygroup > > > > > Users (S-1-5-32-545) -> 5001 > > > > > > > > > > --> MYDOMAIN/USERNAME is a member of MYDOMAIN/mygroup > > > > > **************************************************************** > > > > > > > > > > Why does it say "invalide user"? I think I should also be able > > to > > > > > browse the > > > > > shares without a valid user... > > > > > > > > > > any help is much appreciated!!! > > > > > > > > > > Regards > > > > > Urs > > > > > -- > > > > > To unsubscribe from this list go to the following URL and read > > the > > > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > > I would check > > > > winbind separator = / > > > > > > > > to my knowlegde it should be > > > > winbind separator = \ > > > > > > > > or could be commented as its default is \ > > > > > > > > I've setup a samba 3.0.24,1 on freebsd with ads against a > > Windows2003 > > > > Server > > > > and I did not specified Winbind Separator > > > > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > > Why did you mapped only GROUPS > > idmap gid = 10000-20000 > > and NOT users ? > > #idmap uid = 10000-20000 > > > > why have you set > > client use spnego = yes > > > > what AD server are you connecting to ? > > > > Here is my copy of smb.conf > > have a look, and check differences... > > My only problem at the moment is that LS (list file) comand doesn't > > show me > > AD users and group names, but only IDs. not a Problem, but makes > > server > > management extremely dificult to not Pro people. > > > > [global] > > workgroup = MYDOMAIN > > realm = MYDOMAIN.IT > > server string = mail > > security = ADS > > password server = server.MYDOMAIN.it > > passdb backend = tdbsam > > log file = /var/log/samba/log.%m > > add user script = /usr/sbin/pw useradd %u > > delete user script = /usr/sbin/pw userdel %u > > add group script = /usr/sbin/groupadd %g > > delete group script = /usr/sbin/pw groupdel %g > > preferred master = No > > idmap uid = 10000-49999 > > idmap gid = 10000-49999 > > template homedir = /home/%U > > template shell = /bin/csh > > winbind cache time = 3600 > > winbind enum users = Yes > > winbind enum groups = Yes > > winbind use default domain = Yes > > winbind nss info = rfc2307 > > idmap config DMSWARE:range = 10000 - 49999 > > idmap config DMSWARE:base_rid = 1000 > > idmap config DMSWARE:backend = ad > > > > > > > > >
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
