[Samba] Problem with winbind on Samba PDC after 3.0.20
Hi, I'm using winbind to authenticate squid proxy users via ntlm_auth. Squid, samba and winbind run on the same server. The server is PDC and a member of the domain. After update samba from 3.0.14a up to 3.0.20 ntlm_auth does not work. Also wbinfo got error: # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret winbind log (winbindd -S -F -i -d 4): cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:WORKGROUP$ sc:6 mc: SERVER neg: 400701ff could not open handle to NETLOGON pipe Checking the trust account password returned NT_STATUS_ACCESS_DENIED But if i run winbind with custom config: # diff -u smb.conf wb.conf --- smb.confSun Sep 11 20:03:54 2005 +++ wb.conf Sun Sep 11 20:04:08 2005 @@ -8,7 +8,7 @@ display charset = KOI8-R dos charset = 866 winbind use default domain = yes -domain logons = yes +domain logons = no it work fine for me: # wbinfo -t checking the trust secret via RPC calls succeeded winbind log (winbindd -S -F -i -d 4 -s wb.conf): cm_get_ipc_userpass: No auth-user defined Serverzone is -14400 lsa_io_sec_qos: length c does not match size 8 [0]: request interface version [0]: request location of privileged pipe [0]: check machine account child daemon request 26 [31109]: check machine account cm_get_ipc_userpass: No auth-user defined Using cleartext machine password cli_net_req_chal: LSA Request Challenge from SERVER to \\SERVER cred_session_key cred_create cli_net_auth2: srv:\\SERVER acct:SERVER$ sc:6 mc: SERVER neg: 400701ff cred_create cred_assert secret is good Tell me please: it is a bug or feature? smb.conf: [global] workgroup = WORKGROUP admin users = tiamat guest account = guest log file = /var/log/samba/%m.log security = user encrypt passwords = yes unix charset = KOI8-R display charset = KOI8-R dos charset = 866 winbind use default domain = yes domain logons = yes [homes] browseable = no writeable = yes valid users = %S [netlogon] path = /home/samba/netlogon browseable = no Server join into domain with: # net join -U tiamat Password: Joined domain WORKGROUP. Thanks a lot! -- Alex Deiter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WinRAR archiver cannot create russian filename on samba share (bug 1407)
WinRAR (ver 3.x) cannot create russian filenames on Samba shares - it got error: cannot create .rar Access is denied. But it can successfully create filename, contains only english characters. https://bugzilla.samba.org/show_bug.cgi?id=1407 Anybody has the same problem? Thanks a lot! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] strange error: modify/delete: sambaPwdCanChange: no such value (Success)
i use samba 3.0.2 with ldapsam backend on two servers: 1. PDC with openldap master server 2. BDC with openldap replica server on BDC samba log files contain strange errors: [2004/02/14 00:03:45, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) init_ldap_from_sam: Setting entry for user: hasp$ [2004/02/14 00:03:46, 2] passdb/pdb_ldap.c:ldapsam_update_sam_account(1423) ldapsam_update_sam_account: successfully modified uid = hasp$ in the LDAP database [2004/02/14 00:03:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: hasp$ [2004/02/14 00:03:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: hasp$ [2004/02/14 00:03:47, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) init_ldap_from_sam: Setting entry for user: hasp$ [2004/02/14 00:03:47, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1217) ldapsam_modify_entry: Failed to modify user dn= cn=hasp,ou=Computers,dc=komi,dc=mts,dc=ru with: No such attribute modify/delete: sambaPwdCanChange: no such value [2004/02/14 00:03:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1417) ldapsam_update_sam_account: failed to modify user with uid = hasp$, error: modify/delete: sambaPwdCanChange: no such value ( Success) [2004/02/14 00:05:05, 2] smbd/server.c:exit_server(558) Closing connections master ldap log: Feb 14 00:03:45 master slapd[94313]: conn=3946 fd=21 ACCEPT from IP=1.1.1.1:49789 (IP=0.0.0.0:636) Feb 14 00:03:46 master slapd[94313]: conn=3946 op=0 BIND dn=cn=ldapmanager,dc=komi,dc=mts,dc=ru method=128 Feb 14 00:03:46 master slapd[94313]: conn=3946 op=0 BIND dn=cn=ldapmanager,dc=komi,dc=mts,dc=ru mech=SIMPLE ssf=0 Feb 14 00:03:46 master slapd[94313]: conn=3946 op=0 RESULT tag=97 err=0 text= Feb 14 00:03:46 master slapd[94313]: conn=3946 op=1 MOD dn=cn=hasp,ou=Computers,dc=komi,dc=mts,dc=ru Feb 14 00:03:46 master slapd[94313]: conn=3946 op=1 MOD attr=sambaPwdCanChange sambaPwdCanChange sambaPwdLastSet sambaPwdLastSet Feb 14 00:03:46 master slapd[94313]: conn=3946 op=1 RESULT tag=103 err=0 text= Feb 14 00:03:46 master slapd[94313]: conn=3946 op=2 UNBIND Feb 14 00:03:46 master slapd[94313]: conn=3946 fd=21 closed Feb 14 00:03:47 master slapd[94313]: conn=3947 fd=21 ACCEPT from IP=1.1.1.1:49790 (IP=0.0.0.0:636) Feb 14 00:03:47 master slapd[94313]: conn=3947 op=0 BIND dn=cn=ldapmanager,dc=komi,dc=mts,dc=ru method=128 Feb 14 00:03:47 master slapd[94313]: conn=3947 op=0 BIND dn=cn=ldapmanager,dc=komi,dc=mts,dc=ru mech=SIMPLE ssf=0 Feb 14 00:03:47 master slapd[94313]: conn=3947 op=0 RESULT tag=97 err=0 text= Feb 14 00:03:47 master slapd[94313]: conn=3947 op=1 MOD dn=cn=hasp,ou=Computers,dc=komi,dc=mts,dc=ru Feb 14 00:03:47 master slapd[94313]: conn=3947 op=1 MOD attr=sambaPwdCanChange sambaPwdCanChange sambaPwdLastSet sambaPwdLastSet Feb 14 00:03:47 master slapd[94313]: conn=3947 op=1 RESULT tag=103 err=16 text=modify/delete: sambaPwdCanChange: no such value Feb 14 00:03:47 master slapd[94313]: conn=3947 op=2 UNBIND Feb 14 00:03:47 master slapd[94313]: conn=3947 fd=21 closed # pdbedit -v hasp$ Unix username:hasp$ NT username: hasp$ Account Flags:[W ] Logon time: 0 Logoff time: Fri, 13 Dec 1901 23:45:51 GMT Kickoff time: Fri, 13 Dec 1901 23:45:51 GMT Password last set:Sat, 14 Feb 2004 00:48:47 GMT Password can change: Sat, 14 Feb 2004 00:48:47 GMT Password must change: Fri, 13 Dec 1901 23:45:51 GMT # testparm Load smb config files from /usr/local/etc/samba/smb.conf ... Server role: ROLE_DOMAIN_BDC ... [global] dos charset = 866 unix charset = UTF8 display charset = UTF8 workgroup = KOMI passdb backend = 'ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi ldaps://master' guest account = guest domain logons = Yes os level = 255 preferred master = Yes domain master = No wins server = 1.1.8.1 ldap suffix = dc=komi,dc=mts,dc=ru ldap admin dn = cn=ldapmanager,dc=komi,dc=mts,dc=ru ldap passwd sync = Yes ldap delete dn = Yes Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] add domain user in local group: trust relationship error
I manage DC samba CVS 3.0.1pre1 on FreeBSD 5.1 (i386) and cannot add domain user in local group on win2k pro: I joined into my domain win2k worksation, login to as domain admin, run Control Panel - Users and passwords - add -browse, select any user from domain users, select local group Administrators, and get error: The trust relationship between this workstation and the primary domain failed. # testparm Load smb config files from /usr/local/etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [print$] Processing section [all] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] dos charset = 866 unix charset = KOI8-R display charset = KOI8-R workgroup = KOMI passdb backend = ldapsam, guest guest account = guest log level = 1 passdb:5 log file = /var/log/samba/%m.log max log size = 5 name resolve order = wins host bcast time server = Yes logon path = logon home = domain logons = Yes os level = 133 enhanced browsing = No wins server = x.x.x.x ldap suffix = dc=komi,dc=mts,dc=ru ldap machine suffix = ou=Computers,dc=komi,dc=mts,dc=ru ldap user suffix = ou=People,dc=komi,dc=mts,dc=ru ldap group suffix = ou=Group,dc=komi,dc=mts,dc=ru ldap idmap suffix = dc=komi,dc=mts,dc=ru ldap admin dn = cn=ldapmanager,dc=komi,dc=mts,dc=ru ldap ssl = no admin users = @admins printer admin = @admins use sendfile = Yes samba logs (log level = 1 passdb:5): [2003/10/04 10:47:36, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! [2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: guest [2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=2514))] [2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659) init_group_from_ldap: Entry found for group: 2514 [2003/10/04 10:47:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: pc-x$ [2003/10/04 10:47:59, 5] passdb/secrets.c:secrets_get_trusted_domains(595) secrets_get_trusted_domains: looking for 10 domains, starting at index 0 [2003/10/04 10:47:59, 5] passdb/secrets.c:secrets_get_trusted_domains(675) secrets_get_trusted_domains: got 0 domains [2003/10/04 10:47:59, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(299) secrets_fetch failed! [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: tiamat [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=2513))] [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659) init_group_from_ldap: Entry found for group: 2513 [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(gidNumber=2512))] [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659) init_group_from_ldap: Entry found for group: 2512 [2003/10/04 10:47:59, 0] smbd/service.c:set_admin_user(321) tiamat logged in as admin user (root privileges) [2003/10/04 10:47:59, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1036) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2003/10/04 10:47:59, 4] passdb/passdb.c:local_uid_to_sid(1112) local_uid_to_sid: User root [uid == 0] has no samba account [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(966) ldapsam_setsampwent: 211 entries in the base! [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: evgenii [2003/10/04 10:47:59, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: tiamat ... skip ~200 users ... init_sam_from_ldap: Entry found for user: svn [2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: nb-dav$ [2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: guest [2003/10/04 10:48:00, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: pc-x$ what to do ? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
