[Samba] unix password sync not working
Hi I am having problems with synchronisation of samba passwords with unix passwords. I have set the following in my smb.conf: unix password sync = Yes pam password change = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \ passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = yes When trying to change the unix password i have the following: samba # smbpasswd bill New SMB password: Retype new SMB password: The samba password is changed, however, the unix password in /etc/shadow is not altered. Even though I have set the passwd chat debug option to Yes, I do not see any entries in the log file when I run smbpasswd. The log level is set to 10. What am I missing here? Many thanks Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - Usernames with over 20 characters are not working with Vista SP1
Bruno, thanks for the reply. Having read through the section i have found the information on the group name limitations, which are mostly related to Unix like system. From there, windows 200x systems support group names of 254 characters. It doesn't actually say anything about username limitations. I have no problem using long usernames in Samba + Linux client - all works fine and I am able to login. However, the problem is with Samba + Windows Vista SP1 and usernames longer then 20 characters. On the other hand, Samba + Windows Vista (without SP1 installed) works fine. However, this problem does not happen with Microsoft 2003 AD + Vista SP1. Therefore, the combination of Samba + Vista SP1 seems to result in problems with logons using long usernames. I am using Samba 3.2.3 and the same problem happens on Samba 3.0.28 and 3.0.31. Any thoughts on this would be appreciated. Andrei Bruno La Torre wrote the following on 14/10/08 17:28: see : http://www.hep.phy.cam.ac.uk/samba-3.0.9/Samba-Guide/migration.html section: What are the limits or constraints that apply to group names Andrei Mikhailovsky ha scritto: Hi all, I am having difficulties logging into Samba domain with Vista SP1 with usernames that have over 20 characters in their names. Vista SP1 gives me the following error: The local Session Manager service failed the logon. The data area passed to a system call is too small. Anyone know what might be the cause of the problem and how to solve it? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP - Any way to create username alias?
Hello everyone, I was wondering if there is anyway to create username alias for Samba + LDAP setup? I have a rather large number of long usernames (20+ characters) in my Samba + LDAP setup, which seems to be incompatible with Vista SP1. Is there a way to create username aliases so that the user can login with alternative usernames as well as with the long usernames? The reason for this complication is that cyrus imap service requires the usernames to be in form of [EMAIL PROTECTED] in order to distinguish which domain the username belongs to. This makes the usernames rather large for Vista SP1. So I would like all Windows clients to login to domain by using just their usernames without the @domain part. Anyone have any ideas how can this be done with Samba + LDAP? Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC - Usernames with over 20 characters are not working with Vista SP1
Hi all, I am having difficulties logging into Samba domain with Vista SP1 with usernames that have over 20 characters in their names. Vista SP1 gives me the following error: The local Session Manager service failed the logon. The data area passed to a system call is too small. Anyone know what might be the cause of the problem and how to solve it? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD to authenticate users against Samba + LDAP
Hi all, I was wondering if it is possible to make MS Active Directory to authenticate against Samba + LDAP? I have a working Samba + LDAP setup in the data centre and need to have MS Active Directory to authenticate against the userbase which has been already setup on Samba + LDAP. I have seen user guides on how to make samba to authenticate against AD, but not other way around. Is it possible at all? Are there any useful guides? Many thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP PDC Vista SP1 logins stopped working
Hi All, After upgrade to Vista SP1 the logins to Samba + LDAP PDC stopped working. Looking further at the problem I have identified that the problem is with the usernames that we have, which are name@domain.com. For some reason beyond my understanding, it seems that the if the username contains a dot . followed by one or more character, I get the following error in Vista: The local Session Manager service failed the logon. The data area passed to a system call is too small If the username has no dots . or the dot is the last character in the username (for example username. ) the authentication works fine. Initially I have thought that the problem is is entirely the fault of SP1, however, I have tried to replicate the same setup on MS Active directory server 2003 and authentication of the users with exactly the same name works flawlessly. I tried to enable debugging mode in Samba, however was not able to see any error or warning messages, nor do I have anything useful in the Vista event viewer. I am a little lost and have no idea how to fix this issue. Did anyone experience similar problems? Any tips or ideas would be great. My setup is: Linux Gentoo Samba 3.0.32 LDAP 2.3.43 Windows client: Windows Vista SP1 Business Edition with latest updates. Many thanks andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] heimdal/AD documentation
I have no idea what this guide does as I am not a french speaker. Would it anable AD to authenticate users against LDAP directory? Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + Vista SP1 usernames with @ not working
Hi Thanks for your post. After a bit of playing I found out that the problem is not with @ symbol, but with . in the username. If i remove the . from the username all starts to work fine. The server side does not produce any errors, even in debug mode I do not see anything suspicious or different from successfull authentication. I think authentication succeeds from the server side, but Vista SP1 manages to brake things. I will do more research on this and post in the mailing list. Meanwhile, I will create a new post with this problem Andrei Liutauras wrote the following on 26/08/08 08:23: Andrei Mikhailovsky schrieb: Hi I was wondering if anyone came across an issue with Vista with SP1 and usernames that have @ in their usernames (example [EMAIL PROTECTED]). The login to samba network stopped working once i have installed SP1. The message I get is: The local Session Manager service failed to logon The data area passed to a system call is too small From the server side i don't really seen any errors and the same username on pre SP1 workstation works without problems. Googleing for the problem does not show anything useful I also have the same problem, atleast very similar. I did not do a deep investigation, but situation is: I use samba server as PDC. Usernames are givenname.surname. There are winXP and winVista in the network. One user did an windows update to his Vista 64bit edition and rebooted. Now he cannot login. The error is the same: The local Session Manager service failed to logon The data area passed to a system call is too small I can do logins with domain\root user no problem, but not with username with dot. I uninstalled SP1 and now I can login. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + Vista SP1 usernames with @ not working
From what I can see, it is not that Vista SP1 doesn't like the . character, it doesn't like having anything else after the .. Username like andrei. works, but andrei.domain doesn't. Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vista SP1 login failed with . in username
Hi All, I have noticed that Windows Vista SP1 (Vista pre SP1 is fine) fails to login to domain if the username has a . dot symbol in the username. The actual problem is not in the . but in the combination of . followed by other characters. For example, the failed login happens when using andrei.domain, but login is successful when the username is andrei. The server side does not produce any suspicious log entries even in debug mode, However windows Vista SP gives the following error: The local Session Manager service failed to logon The data area passed to a system call is too small Did anyone experience similar issues? Are there any solution to fix the behaviour, apart from changing the username and/or uninstalling SP1? Thanks in advance for any help Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Vista SP1 usernames with @ not working
Hi I was wondering if anyone came across an issue with Vista with SP1 and usernames that have @ in their usernames (example [EMAIL PROTECTED]). The login to samba network stopped working once i have installed SP1. The message I get is: The local Session Manager service failed to logon The data area passed to a system call is too small From the server side i don't really seen any errors and the same username on pre SP1 workstation works without problems. Googleing for the problem does not show anything useful Thanks for any suggestions Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] web interface to samba file sharing
Hello everyone! I was just wondering if there is such tool that will allow samba file sharing to be done via web interface? So instead of making a remote samba connection to a server on the internet, the person just goes to the server's web page, logs in to samba share and is allowed to upload/download files. Any help or suggestions are welcome ) -- Andrei Mikhailovsky Arhont -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Deleting of Desktop Icons
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have the same issue as well, on XP and 2k. sometimes it actually deletes icons and folders, but most often they are recreated after a login. It might be an issue with roaming profiles from the samba side, I never managed to find an answer. - -- Andrei Mikhailovsky Arhont Ltd - Information Security Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com Matthias Spork wrote: | Hello, | | I delete some Icons/Documents on my Desktop. After a new login, they | will be on my Desktop again. | | Is this a Windows- or a Samba-Problem? | | Environment: Samba 3.02a, Win NT (SP6), 2K (Varius Service Packs) | | matze -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAdRZ15bSBOf9npPQRAiZbAKCcdxqXTtBgpbAyORKqLeVeNBmKPACfd+5S IFldLIjkX5MHLRQ9K7rhYPg= =GKo1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Redhat AS 3
To check if your samba package is compiled with ldap do the following: # which smbd |xargs ldd |grep ldap If it is, then you should have similar output: libldap.so.2 = /usr/lib/libldap.so.2 (0x4003) Regards, Andrei Mikhailovsky Arhont Ltd - Information Security Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com jamie wrote: Does anyone know if on Redhat AS 3, The Samba 3 Rpms have ldapsam_compat compiled in? I am trying to get it working and so far not having any luck. - Jamie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP
You should get these modules from your distribution. What distro do you have? If you distro doesn't include these modules (which is highly unlikely), then you can download them from www.cpan.org --- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com alton bailey wrote: I am currently setting up my ldap server and smbldap-tools during the installation I got a dependency required perl:net:ldap and perl:net::ldap.ldif Convert::ANSI. I would like to have a copy of thes file can you piont me to them please alton - Original Message - From: Andrei Mikhailovsky [EMAIL PROTECTED] To: Raymond [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: 03/21/2004 1:28 PM Subject: Re: [Samba] Samba and LDAP You should try smbldap tools at http://samba.idealx.org/. They have nice scripts to migrate samba to authenticate against ldap. -- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com Raymond wrote: | After perusing the Samba 3.x docs and purchasing Terpstra's and Vernooij's | excellent Samba-3 Howto, I am still unclear on LDAP authentication. Not a | Windows admin so please bear with me. | | 1) Regarding the Samba schema, is there a tool to extract the Windows client | information (sid, etc.) for populating an LDIF? | | Raymond | | | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You should try smbldap tools at http://samba.idealx.org/. They have nice scripts to migrate samba to authenticate against ldap. - -- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)117 9690141 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com Raymond wrote: | After perusing the Samba 3.x docs and purchasing Terpstra's and Vernooij's | excellent Samba-3 Howto, I am still unclear on LDAP authentication. Not a | Windows admin so please bear with me. | | 1) Regarding the Samba schema, is there a tool to extract the Windows client | information (sid, etc.) for populating an LDIF? | | Raymond | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAXd6/5bSBOf9npPQRAlKnAJ4nyNE52B6bclt9pNFh9Ir5wxqRVACfQmtw z6l2L6Cenmoa5sfTE0MzrQ8= =Jgly -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, Did you specify what kind of spooling system you have? For cups you need to put something like this in your smb.conf # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. ~ printing = cups ~ printcap name = cups here is a snip of my config with working printer shares: - --- [printers] ~ comment = All Printers ~ browseable = yes ~ path = /tmp ~ printable = yes ~ public = no ~ writable = no ~ guest ok = yes ~ create mode = 0700 - --- - -- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)1454 201200 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com Michael S. Dunsavage wrote: | I have samba running on RH 9 as a PDC. | | | I want to print from teh windows box to the Linux machine... | | | excerpt from smb.conf: | | [printers] | comment = All Printers | path = /var/spool/cups/ | browseable = yes | public = yes | printable = yes | writeable = yes | | | excerpt from printcap: | | # This file was automatically generated by cupsd(8) from the | # /etc/cups/printers.conf file. All changes to this file | # will be lost. | printer: | lp0: | | | So, when I print it does put something in /var/spool/cups | | but how do I get it to print? | | When I print locally to the pritner it puts a file in /var/spool/cups so I | assume that's the proper directory? | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAWCsk5bSBOf9npPQRAk9pAJ97xDtPuCAhME9FWVcMsWm7HMylBgCeIuhe DVMFlETUNGJCFcoEeV0RtVA= =Xg7b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hardware question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am sure that Athlon MP 2800+ or a Xeon 3.2 with a gig of ram will do the job nicely without any delays. To be on a safe side, make them dual and you'll have no problems. Intranet side shouldn't take a lot of cpu/memory, so you shouldn't worry about it. Unless you have lods of mysql requests, this setup would be enough. Andrei Ivo Dancet wrote: | I recently asked this question, but I didn't get an answer on this part | of my question: | | What hardware would be able to do this with ease: | | I must install a samba server as PDC for my school. The server would | authenticate users using openldap (on the same server). And if possible, | I would also run an intranet on it (apache, php, mysql). | There would be about a hundred (maybe 150 later on) client pc's (win xp | and some windows 98) for about 600 students and teachers. | They have to have home dirs and there will also be some other shares, | including one for printing on the server. | Off course I do want to backup stuff too. | | Thanks for any answer in advance. | Ivo Dancet | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAK98q5bSBOf9npPQRAjVHAJ9dVtM0bz/l86+4qks777hAudxqWgCfRip/ F+eVwVWQV6hxOrUxgFaMKUs= =kRZ2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba] Samba3 Printer drivers installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kurt Pfeifle wrote: | Andrei Mikhailovsky wrote: | | Thanks a lot for the help. | | | Please always reply to list. Often I don't get private mails while I | am on travel. But sometimes I can scan the list (via its web interface) | while on the road. | | When I was initially installing the drivers, I was following a how-to | that didn't specify that you need exact order for the driver files. | | | It does. It does so in very much detail. I spent my complete annual | holiday last summer to find everything out and write it down as a | documentation. So don't tell me it doesn't specify the exact order, | because I know it went into my draft at more than 1 place. | Sorry for not making it clear earlier on, I have followed a 3rd party how-to that i've found by google-ing. After i have followed your how-to (for which I am very thankful) I've managed to install printer drivers. I've followed the following procedure: 1. to get windows drivers files i've used: rpcclient -U'user%pass' -c \ 'getdriver Samsung 4500 3' TURBO_XP 2. Then i've downloaded drivers from windows machine: smbclient //TURBO_XP/print\$ -U'user%pass' \ ~ -c 'cd W32X86/2; mget *' 3. Upload files to samba print$: smbclient //SAMBA-CUPS/print\$ -U'user%pass' -c \ ~ 'cd W32X86; mput *' 4. Added printer driver: rpcclient -Uuser%pass -c 'adddriver Windows NT x86 \ ~ Samsung: file1:file2,etc..' where the file order is as following: Driver File Name:Data File Name:Config File Name:Help File Name:Language Monitor Name:Default Data Type: The driver files where added successfully: Printer Driver Samsung successfully installed 5. Checking samba server for driver succeded: rpcclient -U'user%pass' -c 'enumdrivers' SAMBA-server [Windows NT x86] Printer Driver Info 1: ~Driver Name: [Samsung] 6.Setting driver to printer: rpcclient -U'user%pass' -c 'setdriver Samsung Samsung' SAMBA-server As far as i can see from the how-to the server side setup is finished. Now, from the client side, i should double click on the printer and windows should fetch the driver and install it. When I do this, windows 2000/XP responds that unable to find driver, do you want to make a local search for driver. However, if i check the properties for the printer, i can see that the driver is there and that it is available for the right architecture. But if I use the windows Add printer wizard to install the same driver to samba print$ share, the printer driver gets installed perfectly; i.e. rpcclient -U'user%pass' -c 'enumdrivers' SAMBA-server [Windows NT x86] Printer Driver Info 1: ~Driver Name: [Samsung] as well as the drivers are placed in exactly the same location as they where using samba setup procedure that i've mentioned above. I don't actually know what might be the difference between the driver installation between windows Add printer wizard and samba rpcclient. Do you have any idea what I am doing wrong? As I prefer not to use windows at all possible costs, i would really like to sort out the printer installation by using command line on linux rather then fluff-clicking on windows. Thanks for all the help! - -- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)1454 201200 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAGwJN5bSBOf9npPQRAvh8AJ4joCafdHQkRN6bHqKGeVr+HHNd6gCbB9J7 k90ycWdpLfh59fF+KgrZtGM= =+Ii3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] BDC and Roaming Profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I was wondering if it is possible to enable roaming profiles on the BDC. I have consulted the samba.org documentation on roaming profiles and couldn't find the solution for my setup: server1: samba pdc integrated with master ldap + replica to server2 users home shares and profiles are stored here in /home/samba/ and shared using [homes]. server2 samba bdc integrated with slave ldap If samba on server1 goes down, authentication is done by server2 bdc with slave ldap. But if this happens, then users will not be able to use home folders and their profles. If I copy /home/samba from server 1 to server2 and enable [homes] this might solve the problem. However, the home and profiles paths fields in the LDAP database should point to PDC's homes if pdc samba is running, otherwise they should point to bdc's homes. How do i specify that in the ldap database? I've tried useing various macros that are relevant to smb.conf, but it doesn't work. My [home] and [profiles] section in smb.conf are as follows: [global] ~ logon path = \\%N\profiles\%U ~ logon home = \\%N\%U [homes] ~ comment = Home Directories ~ browseable = no ~ guest ok = no ~ public = no ~ path = /home/samba/home/%S [profiles] ~path = /home/samba/profiles/%U ~read only = no ~writeable = yes ~create mask = 0650 ~directory mask = 0750 ~browseable = no Has anyone implemented a setup similar to mine? Any suggestions on how this can be done? Thanks a lot for your help ) - -- Andrei Mikhailovsky Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)1454 201200 PGP: Key ID - 0xFF67A4F4 PGP: Server - keyserver.pgp.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAGVra5bSBOf9npPQRAh/4AKCSuvHePGtB+/nkSjK4GtZTzdTh8wCfS8+m 1shzfZmJbzdCHwx6k+BltBs= =2xn8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 Printer drivers installation
Hello, I am having problems installing printer drivers for Samsung ML-4500 printer, so windows workstation can just fetch them from print$ share. When I run rpcclient with -d 4 i get the following error: whale:/home/samba/home# rpcclient -d 4 -Uroot% -c 'adddriver Windows NT x86 SSGK2:ssgk2.cnt:ssgk2.dat:ssgk2.dll:ssgk2.hlp:ssgk2.ini:ssgk2.sdd:ssgk2su.dll:ssgk2ui.dll:ssgk2um.dll' WHALE added interface ip=192.168.77.7 bcast=192.168.77.255 nmask=255.255.255.0 added interface ip=172.16.104.1 bcast=172.16.104.255 nmask=255.255.255.0 Connecting to host=WHALE Connecting to 192.168.77.7 at port 445 Serverzone is 0 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH lsa_io_sec_qos: length c does not match size 8 result was WERR_INVALID_PARAM Does anyone know what the problem is and how to fix it? The snip of my smb.conf: ... # CUPS printing. See also the cupsaddsmb(8) manpage in the # cupsys-client package. printing = cups printcap name = cups ... [printers] comment = All Printers browseable = yes path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no Thanks for all the help ) -- Andrei Mikhailovsky -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)
ldap machine suffix = ou=People instead of ldap machine suffix= ou=Computers This will probably work. A better solution that allows storing computer accounts in ou=Computers requires changing the ldap.conf file. This is not a Samba file, but an OpenLdap file (I assume you are using OpenLDAP). In the ldap.conf file of the LDAP server use: scope sub nss_base_passwd dc=arhont,dc=com nss_base_shadow dc=arhont,dc=com instead of the more traditional scope one nss_base_passwd ou=People,dc=arhont,dc=com nss_base_shadow ou=People,dc=arhont,dc=com The reason for the unknown username or bad password message is that Samba tries to find the machine as a user listed by NSS (as when you use getent passwd). When you have nss configured with scope one and nss_base_passwd ou=People,dc=arhont,dc=com the only users samba sees are the accounts in ou=People (without looking any subtrees). When you use scope sub and nss_base_passwd dc=arhont,dc=com samba can see all users in all subtrees of dc=arhont,dc=com. Regarding changes in the registry, they are not necessary in Samba 3.0.x. Some documentation I read talks about this, but only applies to Samba 2.2.x. I could join W2K machines to the domain without making any registry modifications. But looking at samba logs, I don't see any errors. This is the output of the slapd when I atempt to logon to domain: Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 ACCEPT from IP=192.168.77.7:38423 (IP=0.0.0.0:389) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND dn=cn=root,dc=arhont,dc=com method=128 Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND dn=cn=root,dc=arhont,dc=com mech=simple ssf=0 Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 RESULT tag=97 err=0 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH base=dc=arhont,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=ARHONT)) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH base=dc=arhont,dc=com scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 closed --- and this is the example of my smb.conf #LDAP Support for samba 3+ passdb backend = ldapsam:ldap://whale.core.arhont.com ldap admin dn = cn=root,dc=arhont,dc=com idmap backend = ldap:ldap://whale.core.arhont.com ldap suffix = dc=arhont,dc=com ldap machine suffix = ou=computers ldap user suffix= ou=users #ldap ssl = off #ldap user suffix = ou=users,dc=arhont,dc=com ##Default LDAP FILTER #ldap filter= ((uid=%u)(objectClass=SambaSamAccount)) ldap filter = (uid=%u) ldap delete dn = no #ldap password sync = yes In addition, you have mentioned that the win2k registry has to be changed. I've looked at the registry key on my workstation, and it was already 0, from the default install. Is it normal, as i've read in few places that it has to be changed. but my one was already 0 from the initial installation. Do you have any suggestions, what might be going wrong? I am already at my third day trying to integrate samba/ldap. What a nighmare! Thanks in advance for any help ) -- Andrei Mikhailovsky Financial Director Arhont Ltd Web: http://www.arhont.com Tel: +44 (0)870 4431337 Fax: +44 (0)1454 201200 PGP: Key ID - 0xFF67A4F4 PGP: Server - gpg.arhont.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)
Hello, I've looked at your post at samba mailing list. Same as you are, I am having a nightmare making a windows 2000 pro to logon to my domain. But unlike you, smbldap-tools worked fine-ish for me. They have populated the database with initial users,groups and created computer entry. The setup works fine for shares/workgroup. But I can't make it connect to my pdc. By the way, I am running Debian unstable with samba 3.0.1 and ldap 2.1.23. By following your experience, i've managed to resolve some of the issues while i was trying to logon to my domain. Initially, looking at the ldap logs, windows was trying to search for entries that where not found in the ldap. Like pid 501, which is ment to be a guest account, and few other things. But after correcting these issues, ldap finds all the entries, but still gives me Logon Failure: unknown username or bad password. But looking at samba logs, I don't see any errors. This is the output of the slapd when I atempt to logon to domain: Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 ACCEPT from IP=192.168.77.7:38423 (IP=0.0.0.0:389) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND dn=cn=root,dc=arhont,dc=com method=128 Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 BIND dn=cn=root,dc=arhont,dc=com mech=simple ssf=0 Jan 15 14:07:23 whale slapd[24434]: conn=5 op=0 RESULT tag=97 err=0 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH base=dc=arhont,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=ARHONT)) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass Jan 15 14:07:23 whale slapd[24434]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH base=dc=arhont,dc=com scope=2 filter=((uid=root)(objectClass=sambaSamAccount)) Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial Jan 15 14:07:23 whale slapd[24434]: conn=5 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 15 14:07:23 whale slapd[24434]: conn=5 fd=19 closed --- and this is the example of my smb.conf #LDAP Support for samba 3+ passdb backend = ldapsam:ldap://whale.core.arhont.com ldap admin dn = cn=root,dc=arhont,dc=com idmap backend = ldap:ldap://whale.core.arhont.com ldap suffix = dc=arhont,dc=com ldap machine suffix = ou=computers ldap user suffix= ou=users #ldap ssl = off #ldap user suffix = ou=users,dc=arhont,dc=com ##Default LDAP FILTER #ldap filter= ((uid=%u)(objectClass=SambaSamAccount)) ldap filter = (uid=%u) ldap delete dn = no #ldap password sync = yes In addition, you have mentioned that the win2k registry has to be changed. I've looked at the registry key on my workstation, and it was already 0, from the default install. Is it normal, as i've read in few places that it has to be changed. but my one was already 0 from the initial installation. Do you have any suggestions, what might be going wrong? I am already at my third day trying to integrate samba/ldap. What a nighmare! Thanks in advance for any help ) -- Andrei Mikhailovsky -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA + LDAP: can login to domain
Hello, I've tried to integrate samba 3.0.1 and LDAP 2.1.23 using the guide provided from http://www.hilinski.net/samba/. While the ldap+samba user authentication seems to work fine, I can't join the Domain from a Windows 2000 Client. The Domain is found and Name/Password Credentials are asked. I enter root and password and I get an error: Login Failure: Unknow username or bad password Even thought I've added the workstation account by using smbldap-useradd.pl workstation name I get an ldif entry as follows: dn: uid=MOZG$,ou=computers,dc=company,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: MOZG$ sn: MOZG$ uid: MOZG$ uidNumber: 1104 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer Even though the smbldap-useradd.pl script didnt' give any erros, I have a feeling that the workstation account should contain more entries. Am I missing something? I've also tried to use other method of creating workstaion account (as described in the Samba official docs. root# /usr/sbin/useradd -g machines -d /dev/null -c machine nickname \ -s /bin/false machine_name$ and root# smbpasswd -a -m machine_name This way I get more entries in the workstation entry, but I am still unable to connect with Domain Controller. The ldif i get using the second method: dn: uid=MOZG$,ou=computers,dc=company,dc=com uid: MOZG$ sambaSID: S-1-5-21-3830420305-2497394645-3910713721-3208 sambaPrimaryGroupSID: S-1-5-21-3830420305-2497394645-3910713721-515 displayName: MOZG sambaPwdCanChange: 1074118064 sambaPwdMustChange: 2147483647 sambaLMPassword: EE2BBDC5C55719A7AAD3B435B51404EE sambaNTPassword: 40514E8515A8690E3D94E8679434BEF6 sambaPwdLastSet: 1074118064 sambaAcctFlags: [W ] objectClass: sambaSamAccount objectClass: account Can you tell me what am I doing wrong? Thanks for any help ) -- Andrei Mikhailovsky -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba