Ivan Ordonez wrote:
Hi Jason,
Sorry I can't be of any help but I am thinking about updating our PDC to
3.0.30 but afraid it will have the same problem. I have a few questions
if you don't mind.
1. Can a PDC be remove on the domain and join again? if so, who will
be the login server to authenticate the process of joining the PDC to
the domain? I have two BDC and one PDC.
%> net ads join -U [EMAIL PROTECTED] <-- joins samba server to domain
(could be PDC, BDC or Domain member server types depending on config)
%> net ads leave -U [EMAIL PROTECTED] <-- this will remove the
machine account from active directory
2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30
Nope, the lastest in portage right now is 3.0.28
Thanks to any info you can provide.
-Ivan
Jason Gerfen wrote:
I rolled it back and experienced the same problems so I went ahead and
followed the following steps during the upgrade to 3.0.30
1. Removed machine from domain trust user account
2. Uninstalled samba
3. Re-installed latest 3.0.30 using Gentoo's emerge facility
4. Used Kinit with domain admin account
5. Joined machine to domain
6. Ensured that krb5auth using winbind worked (now working, had to
modify user accounts in active directory. even having to go so far as
to remove user, and recreate then apply the RFC2307 schema attributes)
Everything is authenticating again but I am not able to get the
pam_mkhomedir.so object create my user directories.
relevant file info:
nt acl support = yes
inherit permissions = yes
create mask = 0022
template homedir = /home/samba/%U
comment = %U Home directory
browsable = yes
read only = yes
create mask = 0022
force create mode = 0022
directory mask = 0022
force directory mode = 0022
path = /home/samba/%U
%> ls -lah /home
drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba
Am I missing something with the permissions? I know, they are at 755
for now so I can figure out why its not working. What is the best
practice for this folders permissions? Thanks.
Jason Gerfen wrote:
John Drescher wrote:
Ok I have updated it and am no able to authenticate. It seems that
even
though my smb.conf shows 'client plaintext auth = no' in the logs when
performing a 'wbinfo --krb5auth=username%password' it shows
plaintext kerberos password authentication for [username%password]
failed
(requesting cctype: FILE)
Any ideas? I do appreciate any help I can get on this. Here is some
version
information: Version 3.0.30
--
Sorry that did not help. For now I am out of ideas. Hopefully someone
knows how to fix that soon otherwise I would go back to the last
version that worked.
No worries, I will roll it back to 3.0.28. I am not sure why it would
use plaintext vs. the ntlmv2 that is specified in the config.
John
--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
