[Samba] Accsse Deny
Hello people, I'm newcomer these list and I hope someone can help me. I have an linux machine ( CentOS 5.4 ) that stops the ntlm authentication. I'm using that machie integrated with Windows Active Directory ( Win 2008 R2 ) when I run the command ntlm_auth --username myuser show me follow output Substituting charset 'UTF-8' for LOCALE password: lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_ACCESS_DENIED: Access denied (0xc022) Why it's returning Access Denied for me ? I thing the issue is about unicode as well as it's show on output. but where can I change that ? I'm able to load users with wbinfo -u or getent passwd follow my smb.conf [global] workgroup = MYDOMAIN_GROUP realm = DOMAIN security = ads template shell = /bin/bash winbind offline logon = false winbind cache time = 300 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind offline logon = false winbind separator = / netbios name = MYMACHINE winbind uid = 1-2 winbind gid = 1-2 wins server = IP of the my Domain controler load printers = no printcap name = /etc/printcap log file = /var/log/samba/%U.%m.log debug level = 10 max log size = 1000 encrypt passwords = yes local master = no domain master = false dns proxy = no preferred master = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 any tip is welcome. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Accsse Deny
Hallo, Usuário, Du meintest am 20.01.13: Substituting charset 'UTF-8' for LOCALE password: lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory NT_STATUS_ACCESS_DENIED: Access denied (0xc022) Why it's returning Access Denied for me ? As I've told you in the squid mailing list: the main problem is /usr/lib/samba/en_US.UTF-8.msg: No such file or directory. Your machine can't find that file. Why? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Integration With Google
On Sat, 2013-01-19 at 19:02 -0300, Ciro Iriarte wrote: 2013/1/16 Varoujan Avanessians vavanessi...@accoes.com Hello everone, In my Company we are going through a network redesign and Planning to retire our Novel edirectory, and Novel Servers and replace them with Samba4 (Over 150 Servers). We have setup a Samba4 test environment which seems to be working well so far. We are an organization with multiple locations and over 1200 users, we are also very heavy users of google apps. I have couple of questions that I need help with. 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on, I know google has and application that Integrates Microsoft Active Directory with Google Apps, so I assume it should be possible with Samba4 too. Has anyone tried and used this feature with success? 2- We already have over 1200 accounts on Google. Is there a way to Import these user accounts into samba4? I would really appreciate any help in this matter and welcome any additional suggestions that you may have for a Project of this magnitude. -- *Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered Systems* 6265 San Fernando Rd | Glendale, California | 91201- 2214 (818)-730-5846 Mobile | (818)-244-6571 Main* * Well, having and LDAP directory as your Samba backend could help. GApps has an LDAP sync tool, the only downside is that it needs the password to be hashed with SHA1 or MD5 without salt (less secure). The two issues with this is the Samba 4.0 as an AD DC does not support an external LDAP backend, only the integrated one we provide. So, syncing would be against the internal LDAP server, which is fine. The bigger issue is that the password hash types just don't match, as far as I know. We would need to modify Samba to store (somewhere, perhaps we can use the userPassword attribute) this hashed password . Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
On Fri, 2013-01-18 at 13:48 +0100, Daniel Hedblom wrote: 2013/1/18 Andrew Bartlett abart...@samba.org On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Thanks for answering so fast. Im trying to move to a new hardware at the same time, and the server is not easily upgraded as its an Resara Server with their own packages of Samba4. Not so sure i would be successfull if i upgrade. I would very much prefer if i could move the machine and user accounts somehow without doing nasty stuff to the original server. OK, so what I would suggest is setting up a new server, with the data from Resara. The way I would do it is provision a new Samba4 install, but use the same hostname, SID, domain and realm as your old server. Use the --host-ip parameter to point at your old server's IP. Then copy all the samba files to the matching locations on the new server (the main purpose of the provision is to help you find all those locations). Files to look for include the private dir (all of it), the sysvol folder and your DNS zone. The run the commands suggested in the upgrade code: samba-tool dbcheck --fix samba-tool ntacl sysvolreset source4/scripting/bin/samba_upgradedns Finally give it the same IP (at the end of the process), and then start it up. It should work - if it doesn't, then power down the new machine, go back to your old Resara server while you work out what is wrong. This will configure Samba to use the internal DNS server (the new default) and hopefully will migrate your file-based DNS zone into the AD database. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba