RE: [Samba] Samba Logs
Is there any way to confirm through the log file that users are actually copying data off the server to their local machine versus just viewing it? I want to be able to track how we monitor user access to the server -Original Message- From: Harry Jede [mailto:walk2...@arcor.de] Sent: Friday, December 12, 2008 2:59 PM To: Calderon, Willy (NIH/NINDS) [C] Subject: Re: [Samba] Samba Logs Am Freitag, 12. Dezember 2008 20:41 schrieben Sie: I've asked this question before but got no answer. Can anyone confirm what these logs mean? Do they come up when someone is copying files off the server to their local machine? Or is the person simultaneously opening dozen of documents. snippet ... johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) call_nt_transact_ioctl(0x9005c): Currently not implemented. a typical Windows Indexer behaviour. You should reconfigure your clients, so that the indexing service is not allowed at all, or at a minimum, not trying to index network shares :-) -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Logs
I've asked this question before but got no answer. Can anyone confirm what these logs mean? Do they come up when someone is copying files off the server to their local machine? Or is the person simultaneously opening dozen of documents. snippet ... johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) call_nt_transact_ioctl(0x9005c): Currently not implemented. [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc (numopen=10) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc (numopen=10) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc (numopen=11) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc (numopen=11) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc (numopen=12) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc (numopen=12) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc (numopen=13) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc (numopen=13) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bDWI9.jpg read=Yes write=No (numopen=15) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bDWI20.jpg read=Yes write=No (numopen=16) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bGRE9.jpg read=Yes write=No (numopen=17) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bGRE20.jpg read=Yes write=No (numopen=18) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bFL8.jpg read=Yes write=No (numopen=19) [2006/11/25 10:46:36,
[Samba] Interpreting Samba Logs
I am attempting to read the log files for a particular machine that is accessing our server. The smb.conf global property has set up the log level = 2 and each machine has a file which illustrates what they are accessing. The following is a snippet of the log and I wanted to know if anyone could 100% verify whether the user is COPYING the data to a local drive. As you can see, the users has opened/closed a directory and files within a couple of seconds. There are thousands of lines like this and I want to be sure what this means. snippet johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 0] smbd/nttrans.c:call_nt_transact_ioctl(2463) call_nt_transact_ioctl(0x9005c): Currently not implemented. [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc (numopen=10) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc (numopen=10) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/ongoing ischemia in setting of amyloid CK.doc read=Yes write=No (numopen=11) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc (numopen=11) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc (numopen=11) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31.doc read=Yes write=No (numopen=12) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc (numopen=12) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc (numopen=12) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/DR Lol 31 CK.doc read=Yes write=No (numopen=13) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc (numopen=13) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/close.c:close_normal_file(406) johnsonc closed file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc (numopen=13) NT_STATUS_OK [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/~$AA Lol 31 CK.doc read=Yes write=No (numopen=14) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bDWI9.jpg read=Yes write=No (numopen=15) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bDWI20.jpg read=Yes write=No (numopen=16) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bGRE9.jpg read=Yes write=No (numopen=17) [2006/11/25 10:46:36, 2] smbd/open.c:open_file(391) johnsonc opened file johnsonc/My Documents/Articles, SL, Ha/Diaz NP rojo/bGRE20.jpg
RE: [Samba] joining an AD - SOLVED
The problem is that Kerberos can only deal with flatname space to function so you cannot have subdomain.domain.com as the Linux server name in DNS. Changing that solved this for me. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD Whoops, The trailing () should be at the end of the OU path, in your case after the 'AD'. The computername is a separate value that you are feeding it. net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 1:59 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Is there a trailing quote () after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You have to use the createcomputer parameter if you want to specify the OUs. Ex: net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: samba@lists.samba.org Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
The error I got Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials seems to point to the way that Kerberos requires a flat namespace to function. SO I would have to make sure the DNS name the server is DOMAIN.COM instead of SUB.DOMAIN.COM, which is going to be a problem. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Tue 1/29/2008 9:16 AM To: Philipoff, Andrew; Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD I tried that. I created the machine in the correct OU but this when I try to do this I get various errors: # net ads join -U username username's password: Using short domain name -- DOMAIN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Deleted account for 'SERVERNAME' in realm 'DOMAIN' Failed to join domain: Constraint violation When I look back in the OU I find that the server has been removed. * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Philipoff, Andrew [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 11:00 PM To: Guillermo Gutierrez; Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD In our AD environment, I pre-create computer records in our AD OU computers container via a Windows system using the Active Directory Users and Computers console. I then bind Samba domain members using net ads join -U domain_admin_login. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Monday, January 28, 2008 5:59 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You may just have to join it to the domain and then move it manually into the OU through windows. Unless you upgrade to a newer version of samba that supports that feature. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 5:15 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN]Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. createcomputer=Computers/Servers/Unix NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer=Servers/Windows/Computers/AD -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5
RE: [Samba] joining an AD
I tried that. I created the machine in the correct OU but this when I try to do this I get various errors: # net ads join -U username username's password: Using short domain name -- DOMAIN Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Deleted account for 'SERVERNAME' in realm 'DOMAIN' Failed to join domain: Constraint violation When I look back in the OU I find that the server has been removed. * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Philipoff, Andrew [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 11:00 PM To: Guillermo Gutierrez; Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD In our AD environment, I pre-create computer records in our AD OU computers container via a Windows system using the Active Directory Users and Computers console. I then bind Samba domain members using net ads join -U domain_admin_login. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guillermo Gutierrez Sent: Monday, January 28, 2008 5:59 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You may just have to join it to the domain and then move it manually into the OU through windows. Unless you upgrade to a newer version of samba that supports that feature. -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 5:15 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN]Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. createcomputer=Computers/Servers/Unix NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer=Servers/Windows/Computers/AD -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD
[Samba] joining an AD
Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
Is there a trailing quote () after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You have to use the createcomputer parameter if you want to specify the OUs. Ex: net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: samba@lists.samba.org Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD Whoops, The trailing () should be at the end of the OU path, in your case after the 'AD'. The computername is a separate value that you are feeding it. net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 1:59 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Is there a trailing quote () after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You have to use the createcomputer parameter if you want to specify the OUs. Ex: net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: samba@lists.samba.org Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] joining an AD
Thanks for this. The problem appears to be that I can't create the workstation in the OU. I can use my same credentials to log into the AD and create a workstation in that OU through Windows but not through Linux. # net help ads join net ads join [options] Valid options: createupn[=UPN]Set the userPrincipalName attribute during the join. The deault UPN is in the form host/[EMAIL PROTECTED] createcomputer=OU Precreate the computer account in a specific OU. The OU string read from top to bottom without RDNs and delimited by a '/'. E.g. createcomputer=Computers/Servers/Unix NB: A backslash '\' is used as escape at multiple levels and may need to be doubled or even quadrupled. It is not used as a separator So when I try # net ads join createcomputer=Servers/Windows/Computers/AD -U willy%password Failed to pre-create the machine object in OU createcomputers=Servers/Windows/Computers/AD. [2008/01/28 20:15:30, 1] utils/net_ads.c:net_ads_join(1533) error calling net_precreate_machine_acct: No such object Failed to join domain: No such object [2008/01/28 20:15:30, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Calderon, Willy (NIH/NINDS) [C] Sent: Mon 1/28/2008 7:58 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Thanks. I keep getting this error every time I log in now with the options you've given below [2008/01/28 19:49:22, 4] libads/sasl.c:ads_sasl_bind(521) Found SASL mechanism GSS-SPNEGO [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(213) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/01/28 19:49:22, 3] libads/sasl.c:ads_sasl_spnego_bind(222) ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED] [2008/01/28 19:49:22, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610) ads_krb5_mk_req: Advancing clock by 63 seconds to cope with clock skew [2008/01/28 19:49:22, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 29 Jan 2008 05:50:25 EST Bad option: SEVERN Failed to join domain: Invalid parameter [2008/01/28 19:49:22, 2] utils/net.c:main(1032) return code = -1 * * * * Willy Calderon Contractor - LCG Systems Unix Systems Administrator Bldg. 10, NIH/NINDS Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Mon 1/28/2008 4:57 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD Whoops, The trailing () should be at the end of the OU path, in your case after the 'AD'. The computername is a separate value that you are feeding it. net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: Calderon, Willy (NIH/NINDS) [C] [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 1:59 PM To: Guillermo Gutierrez; samba@lists.samba.org Subject: RE: [Samba] joining an AD Is there a trailing quote () after computer name ? * * * * Willy Calderon Contractor - LCG Systems Tel: 301 435 1913 -Original Message- From: Guillermo Gutierrez [mailto:[EMAIL PROTECTED] Sent: Monday, January 28, 2008 4:45 PM To: Calderon, Willy (NIH/NINDS) [C]; samba@lists.samba.org Subject: RE: [Samba] joining an AD You have to use the createcomputer parameter if you want to specify the OUs. Ex: net ads join createcomputer=Servers/Windows/Computers/AD computername -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Calderon, Willy (NIH/NINDS) [C] Sent: Monday, January 28, 2008 1:17 PM To: samba@lists.samba.org Subject: [Samba] joining an AD Hi there - I am trying to join the domain using the net ads join command but keep getting a Bad option: Servers/Windows/Computers/AD Failed to join domain: Invalid parameter when I try to add the computer into the correct OU like so: net ads join Servers/Windows/Computers/AD Is there a correct way to get this to work? I'm on a Red Hat Enterprise 4 system with samba-3.0.25b-1.el4_6.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go
