[Samba] problems using challenge-auth with winbind

[Daniel E. Coletti]

Hi,
I'm trying to set up a squid with ntlm authentification, and as I
follow the instructions I read in the squid FAQ I run into this problem.

When I try to do a ``wbinfo -a domain\\user%passwd'' the process
tells me that the authentification did not succeded (both, plaintext
passwords authentification and challenge/response password
authentification). This PDC works with Win95 PCs (and these use
plaintext), so I'm assuming that the NT can do these type of
authentification.
The user I'm using is *not* the administrator and I managed to put the
correct privileges to join the domain.
I did compile samba with the --with-winbind-auth-challenge and
--with-winbind options.

I'm using debian 3.0 (aka woody) and samba 2.2.3a-6.

I did try compiling a samba 2.2.7 but, eventhough I compiled it with the
exact same flags I compiled 2.2.4a-6 and using the very same PDC user,
the smbpasswd won't join the domain (strange, huh?).

Any ideas? Could it be that there are privileges on the PDC that need to
be added to this user?

Thanks a lot.

daniel

-- 
Daniel E. Coletti [EMAIL PROTECTED]
XTech - Soluciones Linux para Empresas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] joining an NT PDC, WinNT user privileges

[Daniel E. Coletti]

Hi,
I've been looking for this information, but I couldn't find it
anywhere.
I have a samba (2.2.3) on debian (woody) and I mean to configure this
server with winbind so it can authenticate domain users. The PDC is at a
NT server.
My question is is very simple ... what are the *exact* privileges I
need to give the user I use to join the domain? Winbind docs says use
'Administrator'. Since this Win PDC tries to be as secure as possible,
using the PDC admin user for this samba server is something I'm not
allowed to do.

thanks,

daniel///
-- 
Daniel E. Coletti
XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
Tel/Fax: ++5411 5236-
Viamonte 845 - Piso 16 - Segundo Cuerpo
Buenos Aires, Argentina

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] joining an NT PDC, WinNT user privileges

[Daniel E. Coletti]

El lun, 18-11-2002 a las 14:05, Chris McKeever escribió:
 I think once you do that command once...you are set forever...

Interesting ... I'll try this and I'll send the results...

thanks.

daniel///

 
 -Original Message-
 From: Daniel E. Coletti [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 18, 2002 10:59 AM
 To: Chris McKeever
 Subject: RE: [Samba] joining an NT PDC, WinNT user privileges
 
 
 El lun, 18-11-2002 a las 13:16, Chris McKeever escribió:
  I just finished doing this myself (and now am trying to set it up at
 work).
  Joining the computer to the domain smbpasswd -j (from the winbind man)
 justs
  creates a computer account for the samba share..from my understanding,
 that
  has nothing to do with the actual samba shares that will be
 implemented..so
  you just need to use the smbpasswd -j command with a user account that has
  enough priviledge to add a computer to the domain.
 
 mhhh ... are you sure that this privilege is enough? Because I put only
 this privilege to the user I use, and the unable to join DOMAIN
 message showed at my screen. If I use another user (which has a lot of
 privileges) I can join the domain with no problems at all, the
 inconvinient is that I *cannot* use this user or a similiar user to do
 this, that's why I need to know the *exact* privileges this user needs.
 The NT security configuration is *pretty* tight, and to make things a
 little harder for me, I have no direct contact with the ``security''
 administrator of this PDC (I need to ask for changes via e-mail, you
 can't imagine how frustating is waiting a whole day in order to try
 another ``smbpasswd -j DOMAIN'').
 
 Does the user you used to join the domain has *only* this privilege?
 (add a computer to domain)
 
 daniel///
 
 
 
  
  The priviledges for files are created in the smb.conf file where you
 dictate
  read/write priviledges based on the NT account information
  
  My hardest part was configuring the pam modules to allow samba access
  without needing to setup local linux and samba accounts...100% off the
  domain user table
  
  
  -Original Message-
  From: Daniel E. Coletti [mailto:[EMAIL PROTECTED]]
  Sent: Monday, November 18, 2002 10:00 AM
  To: [EMAIL PROTECTED]
  Subject: [Samba] joining an NT PDC, WinNT user privileges
  
  
  Hi,
  I've been looking for this information, but I couldn't find it
  anywhere.
  I have a samba (2.2.3) on debian (woody) and I mean to configure
  this
  server with winbind so it can authenticate domain users. The PDC is at a
  NT server.
  My question is is very simple ... what are the *exact* privileges I
  need to give the user I use to join the domain? Winbind docs says use
  'Administrator'. Since this Win PDC tries to be as secure as possible,
  using the PDC admin user for this samba server is something I'm not
  allowed to do.
  
  thanks,
  
  daniel///
  -- 
  Daniel E. Coletti
  XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
  Tel/Fax: ++5411 5236-
  Viamonte 845 - Piso 16 - Segundo Cuerpo
  Buenos Aires, Argentina
  
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
 -- 
 Daniel E. Coletti
 XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
 Tel/Fax: ++5411 5236-
 Viamonte 845 - Piso 16 - Segundo Cuerpo
 Buenos Aires, Argentina
-- 
Daniel E. Coletti
XTech (Soluciones Linux para Empresas) - http://www.xtech.com.ar
Tel/Fax: ++5411 5236-
Viamonte 845 - Piso 16 - Segundo Cuerpo
Buenos Aires, Argentina

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba