Re: [Samba] AD integration: getent passwd can't see *new* users,but wbinfo -u can
Did you solve it ?? I have a similar problem. wbinfo -u give me a user, however when a look for it with getent passwd it doesn't appear. With other users everything is correct. Thanks, Fernando. El lun, 12-02-2007 a las 01:17 -0500, Noah Dain escribió: I have two different systems (on different networks) showing this behavior. Both are running Ubuntu Dapper/606.1 LTS with samba version 3.0.22 and windows 2003 sp1 servers (not R2). AD integration is done via winbind, with nss using winbind. At some point in time (which is unknown to me), the samba server stopped seeing new users, groups, machines which are added to AD. scenario: I add a new user to AD, say smbtest. I then look for the user with wbinfo -u, and it shows up. However, it does not show up with getent passwd (same for groups, getent group). If I try to map a share to a drive letter, it goes something like this: C:\WINDOWSnet use h: \\SAMBASRV\smbtest /user:DOMAIN\smbtest password System error 1326 has occurred. Logon failure: unknown user name or bad password. (The same results occur for existing shares, so it's not from lack of a home directory) Of particular interest is log.winbindd-idmap. Whenever I try to connect as the user smbtest to their home directory or another share, this is logged here several times: [2007/02/11 20:45:40, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(485) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-21-4050315045-3251428658-993335031-3123 wbinfo -s S-1-5-21-4050315045-3251428658-993335031-3123 returns smbtest as expected. wbinfo -n smbtest returns that sid. Other users/sids work. other stuff I've tried / observed: net ads testjoin looks good. kerberos looks good. There are no local accounts within the idmap uid/gid range. /var/lib/samba/winbindd_idmap.tdb shows no new entries. I've restarted samba and winbindd, and the whole machine went down for a reboot, but I'm still getting the same behavior. -- only config files below -- smb.conf: [global] workgroup = DOMAIN realm = DOMAIN server string = samba server interfaces = eth0 bind interfaces only = Yes security = ADS allow trusted domains = No obey pam restrictions = Yes pam password change = Yes log level = 2 winbind:3 passdb:2 auth:2 log file = /var/log/samba/%m.log socket options = TCP_noDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No dns proxy = No wins server = DC1 idmap backend = rid:BUILTIN=1000-, DOMAIN=1-6 idmap uid = 1000-6 idmap gid = 1000-6 template homedir = /home/%U template shell = /bin/bash winbind separator = / winbind use default domain = Yes winbind nested groups = Yes hosts allow = 192.168.1.0/255.255.255.0, 127. hosts deny = 0.0.0.0/0.0.0.0 [homes] comment = Home Directory path = /home/%U read only = No create mask = 0640 directory mask = 0750 browseable = No /end smb.conf /etc/nsswitch.conf: passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis /end nsswitch.conf -- Noah Dain The beatings will continue, until moral improves - the Management -- Fernando Ruza ([EMAIL PROTECTED]) Dto. Informatica Hospital Univesitario de Guadalajara Tfl: 949 209 215 661 123 845 Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.6.14.3 ext3) --- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto. Gracias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient chown and chmod problem
Hi, I'm trying to change permisions (chmod) or owner (chown) of a file through smbclient conected to a samba server (version: samba-3.0.4-1). I always receive the following error message: Pushing string of 'unlimited' length into non-SMB buffer! hpcinf03:/etc/samba# smbclient //hserint2/HomesUsuarios -U inform Password: Domain=[HGUV] OS=[Unix] Server=[Samba 3.0.4] smb: \ cd bperez smb: \bperez\ chown bperez inf prueba.xls Pushing string of 'unlimited' length into non-SMB buffer! smb: \bperez\ chmod 775 prueba.xls Pushing string of 'unlimited' length into non-SMB buffer! man of smbclient said that these commands depends on the server supporting the CIFS UNIX extensions and will fail if the server does not. By default this command is in smb.conf: unix extensions = yes so I understand it has to work. Do I have to do something to enable CIFS UNIX extensions on my samba server ? Does anyone can give me any clue ?? Thanks in advanced. Grettings, Fernando. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help
A bit Off Topic. You can use bacula: http://www.bacula.org/ Regards, Fernando. On Tue, 2005-04-19 at 11:16 +0300, Amani Makala wrote: hi! i need to configure a linux backup server, let me give u some hints on the real environment, i have one linux machine and two windows machines, now i need to make backup of files found on windows machine,but the backup should be done on the linux machine. please anybody who can help me! thanks. -- Fernando Ruza ([EMAIL PROTECTED]) Dto. Informatica Hospital Univesitario de Guadalajara Tfl: 949 209 215 661 123 845 Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.30 ext3) --- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto. Gracias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] tuning for samba server
Hi, I'm also very interested in this. I have a similar configuration with even more users (right now I have 50, but it will be increased slowly to more than 300). My server is also a HP Netserver with scsi disks and two network cards. The only thing I've done to increase performance is to setup bonding for the network cards in high availability mode (http://www.kernel.org/pub/linux/kernel/people/marcelo/linux-2.4/Documentation/networking/bonding.txt) and it works really well. Any info about tuning samba server will be greatly appreciate. Thanks in advance, Fernando. El lun, 16-08-2004 a las 03:26, Raúl D. Pittí Palma escribió: Hi! anyone knows where to get some info for kernel (maybe via sysctl) and or samba tuning for high performance ? I have read all the samba docs available, so aim looking for others tips besides the tcp tunings usually applied in smb.conf ? i am setting a server on a client site, with many clients (about 100), and i am using a real server hardware (an HP netserver with xeon [EMAIL PROTECTED], 1Gig of RAm and fast scsi hdds (scsi 320 @ 15krpm). the budget can be stressed out for buying a raid enable server :-) . thanks for all your help. RP Raúl Pittí Palma Associate Global Engineering and Technology S.A. móvil. (507) - 616 - 0194 -- Fernando Ruza ([EMAIL PROTECTED]) Dto. Informatica Hospital Univesitario de Guadalajara Tfl: 949 209 215 661 123 845 Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.20 ext3) --- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto. Gracias. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Thank for the reply Tim,
On Tue, 2003-12-23 at 17:53, Tim Jordan wrote:
Please provide your OS platform, ./configure options, design goals
etc...
I'm using RH8.0 with kerberos 1.3.1 (from source tar.gz) and package
pam_krb5-1.60-1 compiled from source.rpm against kerberos 1.3.1 libs.
I've used samba 3.0.0, 3.0.1rc2 and 3.0.1 compiled from source.rpm with
the following options:
--prefix=%{prefix} \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient \
--sysconfdir=/etc/samba \
--with-ldap \
--with-ads \
--with-krb5=/usr/local/krb5 \
--with-winbind \
--with-acl-support
Regards and happy christmas,
Fernando.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Hi, On Wed, 2003-12-24 at 09:12, C.Lee Taylor wrote: Samba 3.0.1 as a domain member of Win2K3 AD, I have had problems, which I have not been able to fix, so I am staying with Samba 3.0.1 as PDC. Samba 3.0.0 as a domain member of Win2K3 AD, works fine, but I need the other fixes that have gone into Samba 3.0.1, so Samba 3.0.0 is still on my testing system until I can find the problem with Samba 3.0.1 or the next upgrade ... I completely agree. I'm setting up a production machine as a file server and for the moment I'm going to set it up as a security=DOMAIN which is totaly valid for me. However, in a test machine I will follow testing AD domain member of Win2K and wait for the following release to see if it works. Thanks, Fernando. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group owner ID not mapped to name.
Hi, I'm using samba as a member of a W2k domain (security=DOMAIN) and winbind to unify logins with users from the W2k. The problem is that when I assign an owner user and group to a file/directory in the samba server the group is not mapped to the name of the group, the user is ok. Instead it appears the group number. [EMAIL PROTECTED] fruza]# ls -l total 8 drwxrwxr-x2 HGUV+fruza 14096 dic 18 15:21 kk The group 1 is HGUV+Usuarios del dominio, in English HGUV+Domain users however the name doesn't appear. Anyone knows why ?? How can I solve it ?? It's not very important however I'd like to see the group name instead the number. wbinfo -u, wbinfo -g, getent passwd, getent group everytying works ok. My smb.conf is: # Global parameters [global] workgroup = HGUV server string = %h server (Samba %v) security = DOMAIN log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + printing = lprng [homes] comment = Homes: (%u) (%U) (%D\%S) path = /home/%D/%U read only = No create mask = 0664 directory mask = 0775 browseable = No [Prueba] comment = Pruebas (usuario: %u o tambien: %D+%U) path = /home/prueba valid users = HGUV+fruza, HGUV+administrador read only = No guest ok = Yes [tmp] comment = Temporary file space path = /tmp force user = inform force group = inform read only = No guest ok = Yes Regards, Fernando. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Still with the problem. I have tested with the version 3.0.0 and right, I can see the shares however cannot connect to the home shares or shares with valid users option in smb.conf. Besides this version cannot substitute correctly the %D %u %U %S variables. I have written them in the comment option of a share and I can see that the values are not correct. %D gives me the samba hostname, %S gives me IPC_ Trying with version 3.0.1 cannot see no shares. Trying with version 3.0.1rc2, it's the same like 3.0.0, but it seems that some variables are correct like %u but %U is empty. I don't know is very strange. It worked once with this version after I changed the password for the Administrator of my PDC/KDC and the user I use to test the shares however in the next reboot of the WinXP client machine it already doesn't work again. I think that doing samba 3 be a member of AD is not working properly. Does anyone got it ?? Could make a howto ? Thanks in advance, Fernando. On Fri, 2003-12-19 at 14:00, C.Lee Taylor wrote: Greetings ... Sorry for the long post, but I prefer to keep a copy of what I think is need for this thread ... As requested, here are my smb.conf ... I have left in my comment to show what I have been changing and see if it makes a differance ... plus some shares ( not all that I use ) ... # Global parameters [global] workgroup = TEST-ZA realm = TEST-ZA.CORP security = ads # netbios aliases = nasrec server string = Samba Server %v %h interfaces = eth0*,lo bind interfaces only = Yes # encrypt passwords = Yes # update encrypted = Yes # min passwd length = 4 # pam password change = Yes # passwd program = /usr/bin/passwd %u # passwd chat debug = Yes # unix password sync = Yes # username map = /etc/samba/smbusers # admin users = administrator, TEST-ZA\administrator log file = /var/log/samba/%m.log max log size = 150 time server = Yes unix extensions = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = login.bat logon drive = l: domain logons = no # lm announce = yes preferred master = no domain master = no # dns proxy = yes # wins support = yes # wins server = * # wins server = naszadc01.test-za.corp, naszadc02.test-za.corp wins server = 10.1.1.16, 10.1.1.17 utmp = Yes message command = /bin/mail -s 'message from %f on %m' root %s; rm %s comment = Test Nasrec Linux Box create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 inherit permissions = Yes map archive = No # name resolve order = host, wins # password server = * password server = 10.1.1.16, 10.1.1.17 # ldap suffix = dc=test-za,dc=corp # ldap idmap suffix = ou=idmap # ldap admin dn = cn=root,dc=test-za,dc=corp ldap suffix = dc=test,dc=co,dc=za ldap admin dn = cn=Manager,dc=test,dc=co,dc=za ldap idmap suffix = ou=idmap # ldap ssl = start tls ldap ssl = no # ldap passwd sync = yes # winbind separator = + # idmap backend = ldap:ldap://localhost idmap backend = ldap:ldap://zeus.test.co.za idmap uid = 1-2 idmap gid = 1-2 # client schannel = no # server schannel = no winbind enum users = yes winbind enum groups = yes winbind use default domain = yes # winbind trusted domains only = yes # template shell = /sbin/nologin # template shell = /bin/bash # template homedir = /home/%D/%U template homedir = /home/TEST-ZA/%U load printers = yes printing = cups printcap = cups # log level = 1 # guest account = NULL restrict anonymous = yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No public = yes writable = no write list = root, Administrator, TEST-ZA\Administrator printer admin = root, Administrator, TEST-ZA\Administrator vfs object = extd_audit [print$] comment = Printer Driver Download Area path = /home/services/smb/printers/drivers browseable = No # browseable = yes guest ok = Yes # guest ok = no # read only = yes read only = no # write list = @ntadmin, root, Administrator write list = root, Administrator, TEST-ZA\Administrator printer admin = root, Administrator, TEST-ZA\Administrator vfs object = extd_audit [netlogon] comment = Network Logon share path = /home/services/smb/netlogon
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
I'd like to have a copy of your smb.conf and krb5.conf files. I have had the same problem like you for weeks and still without success. Thanks C.Lee. Fernando. On Fri, 2003-12-19 at 10:41, C.Lee Taylor wrote: Greetings ... please file a bug for me and we'll work on Still waiting for an account ... sorry, I don't have time to wait around, I have to fix this problem chop chop ... ;-} getting this resolved. This is the 3rd report of the same symptoms. Thanks. Okay, first I throught that maybe this a problem with Samba3, but I know that I have been able to use this, so I tried on both Samba 3.0.0 (FC1 rpms ) and Samba 3.0.1 ( compiled on FC1 by myself rpms ) ... At first I had no joy with either, so I throught that maybe I had done something wrong ( blush! ) ... So, I went back to basics ... I found that if I removed all the funky options in /etc/krb5.conf and used Samba 3.0.0, all seems to work fine ( expect for know bugs in 3.0.0, understandable ) ... I think upgraded to Samba 3.0.1, and I could not access the Samba server again using is hostname ... So now I have two servers for test, both with FC1 and all the updates, one with Samba 3.0.0 ( FC1 rpms ) and the other with Samba 3.0.1 ( self maybe rpms ). If anybody wants a copy of my smb.conf and krb5.conf, let me know. Thanks Mailed Lee |I have a Win2K3 ADS domain, I have two FedoraCore systems, one with | Samba 3.0.0 and the other with Samba 3.0.1. Both give me the same problem. | |If I try access the Samba shares from Win2K3 using the host number, I | get prompted for a username and password, and no matter what I type in, | I can't get in. | |If I use the Samba server IP address, I am able to get into shares | without been prompted for user details, but Point'nPrint don't work, it | too requests user details. | |I do seem to be getting two errors in my logs ... First in smbd.log | | [2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948) | getpeername failed. Error was Transport endpoint is not connected | [2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948) | getpeername failed. Error was Transport endpoint is not connected | |And the other in the machine log with the IP address eg ... |10.1.1.20.log | [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | Failed to verify incoming ticket! | [2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | Failed to verify incoming ticket! | |But in the machine log with the hostname, I am getting normal | messages ... | |I have tried to make changes in /etc/krb5.conf, but I don't get any | further ... | |I have tried a few status checks with net, all hosts work fine ... | | [EMAIL PROTECTED] samba]# net lookup ldap | 10.1.1.16:389 | 10.1.1.17:389 | | [EMAIL PROTECTED] samba]# net lookup dc | 10.1.1.16 | 10.1.1.17 | |But net lookup kdc, master domain don't return any thing, so I don't | know what else to look for ... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Same problem, same error log messages. I'm using samba 3.0.1rc2 with
kerberos 1.3.1. Everything following is working:
wbinfo -u, wbinfo -g, getent passwd, getent group
wbinfo -I ip_address, wbinfo -N netbios_name
smbclient //Server/share -k
net lookup dc
net lookup kdc - No output, and echo $? gives me: 255
Connecting from Win2k/XP clients to a samba share (share with valid user
option in smb.conf) using netbios name it doesn't work, using IP address
it works.
When I use IP address it uses NTLM authentication, that's why it works,
however when I use netbios name it uses kerberos and that's what it
doesn't work. I think it's something wrong in the configuration of
kerberos. My krb5.conf file is:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HGUV.LOCAL
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
clockskew = 600
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
HGUV.LOCAL = {
kdc = 10.36.192.24:88
admin_server = 10.36.192.24:749
default_domain = hguv.local
}
[domain_realm]
.hguv.local = HGUV.LOCAL
hguv.local = HGUV.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[login]
krb4_convert = false
krb4_get_tickets = false
Thanks for any reply.
Regards,
Fernando.
On Fri, 2003-12-19 at 05:50, Peter wrote:
It appears there are a number of us with this exact same problem. I
posted this same question a few days ago and have seen 2 or 3 others
mention the same symptoms since then but have yet to see any specific
sollution.
I assumed this would be an issue with WINS but I've tested WINS lookups
from both Windows clients, Linux clients and Samba server and all seem
to function properly.
The fact that my net lookup all work fine is the only difference between
our problems.
[log.smbd]
[2003/12/17 18:40:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[lob.winbindd]
[2003/12/17 18:39:58, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
Would appreciate some direct answers to this problem regarding WINS host
vs. IP address share mapping from Windows clients.
Thanks,
Peter
From: C.Lee Taylor [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Date: Thu, 18 Dec 2003 16:59:28 +0200
Greetings ...
It seems I have really got myself confused ...
I have a Win2K3 ADS domain, I have two FedoraCore systems, one with
Samba 3.0.0 and the other with Samba 3.0.1. Both give me the same problem.
If I try access the Samba shares from Win2K3 using the host number,
I get prompted for a username and password, and no matter what I type
in, I can't get in.
If I use the Samba server IP address, I am able to get into shares
without been prompted for user details, but Point'nPrint don't work, it
too requests user details.
I do seem to be getting two errors in my logs ... First in smbd.log
[2003/12/18 13:50:19, 0] lib/util_sock.c:get_peer_addr(948)
getpeername failed. Error was Transport endpoint is not connected
[2003/12/18 16:18:07, 0] lib/util_sock.c:get_peer_addr(948)
getpeername failed. Error was Transport endpoint is not connected
And the other in the machine log with the IP address eg ...
10.1.1.20.log
[2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
[2003/12/18 14:51:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(172)
Failed to verify incoming ticket!
But in the machine log with the hostname, I am getting normal
messages ...
I have tried to make changes in /etc/krb5.conf, but I don't get any
further ...
I have tried a few status checks with net, all hosts work fine ...
[EMAIL PROTECTED] samba]# net lookup ldap
10.1.1.16:389
10.1.1.17:389
[EMAIL PROTECTED] samba]# net lookup dc
10.1.1.16
10.1.1.17
But net lookup kdc, master domain don't return any thing, so I don't
know what else to look for ...
Thanks
Mailed
Lee
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets...SOLVED
. | | Who knows encryption on the list that can adviseanyone? | | Tim | | On Fri, 2003-12-12 at 05:18, Fernando Ruza wrote: | |/Same problem. I have been with it for weeks. I can connect using IP |address from the Win2k clients however with the netbios name I get the |error. | |Someone has told me today that this was solved in the new release |samba-3.0.1rc2-1 , however I've already tested it and I still have the |same problem. | |Please any more clues. | |Thanks, | |Fernando. | | |On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: | I'm getting same error about encryption ... | | I have taken Tom's lead and have provided the output below. Is there a | certain version of krb5 that we should be running? | | | [EMAIL PROTECTED] tim]# smbd3 --version | Version 3.0.1pre3 | | [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-final 1.3 20030708 | | I'm running Mandrake 9.2 | | Thank You Samba Team! | Tim | | On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | OK. I've done some more research, and here's what I get. | | smbd --version | Version 3.0.0 | | strings libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 | | Everything seems to work, but trying to access the Samba server results in: | | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) | ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt | integrity check failed | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) | ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) | [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | ~ Failed to verify incoming ticket! | [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) | ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) | NT_STATUS_LOGON_FAILURE | | This is the same error you get if you're running the wrong KRB5 libs, | but I've the right ones. The windows 2000 machine is 5.00.2195 | | Windows 2000 clients connect to the ADS server fine, and will connect to | the Samba server if you enter Username/Password. The 2000 server cannot | connect to the Samba machine at all, even with the right username/pass. | | Is there a magic registry setting I'm missing? I've changed the | Administrator password at least once. | | - -Tom | -BEGIN PGP SIGNATURE- | Version: GnuPG v1.2.2-nr2 (Windows 2000) | Comment: Using GnuPG with Mozilla - //_http://enigmail.mozdev.org_ | | iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO | F9F+8BTOPIyoybZBYIlCouU= | =94FA | -END PGP SIGNATURE- |/ | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2fXg2dxAfYNwANIRAlFEAJ9uSUkNH5u/O2PBb8eY8PExrsq2rACdE6r/ xbPZjNjGNK2FYhHQZnqmgYs= =2f/q -END PGP SIGNATURE- -- Fernando Ruza ([EMAIL PROTECTED]) Tfl: 949 209 215 661 123 845 Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.20 ext3) --- Por favor, NO utilice formatos de archivo propietarios para el intercambio de documentos, como DOC y XLS, sino HTML, RTF, TXT, CSV o cualquier otro que no obligue a utilizar un programa de un fabricante concreto. Gracias. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets...SOLVED
= LABOR.AK | } | |[domain_realm] | .LABOR.AK = LABOR.AK | |[kdc] | profile = /etc/kerberos/krb5kdc/kdc.conf | |[pam] | debug = false | ticket_lifetime = 36000 | renew_lifetime = 36000 | forwardable = true | krb4_convert = false | | [login] | krb4_convert = false | krb4_get_tickets = fals | | It did change the encryption ticket I'm getting when /kinit/ as my username. | |Valid starting ExpiresService principal |12/11/03 16:00:49 12/12/03 02:01:00 krbtgt/[EMAIL PROTECTED] |renew until 12/12/03 16:00:49, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5 | | |Kerberos 4 ticket cache: /tmp/tkt0 | | Notice I'm getting DES cbc mode with RSA-MD5. | | This did not solve the underlying problem of being able to view the samba shares from a w2k or xp client. | | How would I be able to tell if I'm using MIT or Hemidal kerberos? | | I did get this working on a Gentoo system, so I know it works. | | Who knows encryption on the list that can adviseanyone? | | Tim | | On Fri, 2003-12-12 at 05:18, Fernando Ruza wrote: | |/Same problem. I have been with it for weeks. I can connect using IP |address from the Win2k clients however with the netbios name I get the |error. | |Someone has told me today that this was solved in the new release |samba-3.0.1rc2-1 , however I've already tested it and I still have the |same problem. | |Please any more clues. | |Thanks, | |Fernando. | | |On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: | I'm getting same error about encryption ... | | I have taken Tom's lead and have provided the output below. Is there a | certain version of krb5 that we should be running? | | | [EMAIL PROTECTED] tim]# smbd3 --version | Version 3.0.1pre3 | | [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-final 1.3 20030708 | | I'm running Mandrake 9.2 | | Thank You Samba Team! | Tim | | On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | OK. I've done some more research, and here's what I get. | | smbd --version | Version 3.0.0 | | strings libkrb5.so.3.2 | grep BRAND | KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 | | Everything seems to work, but trying to access the Samba server results in: | | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) | ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt | integrity check failed | [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) | ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) | [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) | ~ Failed to verify incoming ticket! | [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) | ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) | NT_STATUS_LOGON_FAILURE | | This is the same error you get if you're running the wrong KRB5 libs, | but I've the right ones. The windows 2000 machine is 5.00.2195 | | Windows 2000 clients connect to the ADS server fine, and will connect to | the Samba server if you enter Username/Password. The 2000 server cannot | connect to the Samba machine at all, even with the right username/pass. | | Is there a magic registry setting I'm missing? I've changed the | Administrator password at least once. | | - -Tom | -BEGIN PGP SIGNATURE- | Version: GnuPG v1.2.2-nr2 (Windows 2000) | Comment: Using GnuPG with Mozilla - //_http://enigmail.mozdev.org_ | | iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO | F9F+8BTOPIyoybZBYIlCouU= | =94FA | -END PGP SIGNATURE- |/ | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2fXg2dxAfYNwANIRAlFEAJ9uSUkNH5u/O2PBb8eY8PExrsq2rACdE6r/ xbPZjNjGNK2FYhHQZnqmgYs= =2f/q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and krb5 tickets...SOLVED
Well, I think I have already solved my problem.
I've changed the Administrator password (as it says in the samba howto
page 84, 7.4.6. Notes) and now it works great :-D
However, I have a doubt. After mapping from win2k client using:
net use * \\MySambaServer\share
The share is mapped properly but in my samba server I don't have a
ticket for this win2k client:
[EMAIL PROTECTED] samba]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
12/15/03 10:57:13 12/15/03 20:57:14 krbtgt/[EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
12/15/03 10:57:49 12/15/03 20:57:14 [EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
12/15/03 10:57:49 12/15/03 20:57:14 kadmin/[EMAIL PROTECTED]
renew until 12/16/03 10:57:13, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Should I have got one ticket for each Win2k or XP client connected ?? Is
this correct ??
Thanks in advanced,
Fernando.
On Mon, 2003-12-15 at 10:57, Fernando Ruza wrote:
Hi,
I did what you advise. I still have the same problem. Can see the shares
from Win2k and XP but cannot browse the share that need authentication
(valid users). I can map them with IP address but not with netbios name.
I don't get any ticket from win2k and XP clients.
All of the following works right: net ads leave, net ads join, wbinfo
-u, wbinfo -g, getent passwd, getent group, smbclient
//win2k_server/share -k
Could you see something wrong in my conf files?? Any more things to try
??
My krb5.conf file is the following:
=== krb5.conf ==
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HGUV.LOCAL
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
# permitted_enctypes = des-cbc-md5 des-cbc-crc
kdc_req_checksum_type = 2
clockskew = 600
dns_lookup_realm = false
dns_lookup_kdc = true
forwardable = true
proxiable = true
checksum_type = 2
ccache_type = 1
[realms]
HGUV.LOCAL = {
kdc = 10.36.192.24:88
admin_server = 10.36.192.24:749
default_domain = hguv.local
}
[domain_realm]
.hguv.local = HGUV.LOCAL
hguv.local = HGUV.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[login]
krb4_convert = false
krb4_get_tickets = false
The tickets I get are:
[EMAIL PROTECTED] etc]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
12/15/03 09:34:53 12/15/03 19:34:54 krbtgt/[EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
12/15/03 09:35:09 12/15/03 19:34:54 [EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5
12/15/03 09:35:09 12/15/03 19:34:54 kadmin/[EMAIL PROTECTED]
renew until 12/16/03 09:34:53, Etype (skey, tkt): DES cbc mode with
CRC-32, DES cbc mode with CRC-32
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
=
I don't get a ticket for Win2k and XP clients.
More interested info:
libs used by winbindd and smbd
[EMAIL PROTECTED] sbin]# ldd winbindd
libcrypt.so.1 = /lib/libcrypt.so.1 (0x4002c000)
libresolv.so.2 = /lib/libresolv.so.2 (0x4005a000)
libnsl.so.1 = /lib/libnsl.so.1 (0x4006c000)
libdl.so.2 = /lib/libdl.so.2 (0x40081000)
libpopt.so.0 = /usr/lib/libpopt.so.0 (0x40084000)
libcrypto.so.2 = /lib/libcrypto.so.2 (0x4008c000)
libgssapi_krb5.so.2 = /usr/local/lib/libgssapi_krb5.so.2 (0x4016)
libkrb5.so.3 = /usr/local/lib/libkrb5.so.3 (0x40172000)
libk5crypto.so.3 = /usr/local/lib/libk5crypto.so.3 (0x401d)
libcom_err.so.3 = /usr/local/lib/libcom_err.so.3 (0x401f)
libldap.so.2 = /usr/lib/libldap.so.2 (0x401f2000)
liblber.so.2 = /usr/lib/liblber.so.2 (0x4021c000)
libc.so.6 = /lib/i686/libc.so.6 (0x4200)
libsasl.so.7 = /usr/lib/libsasl.so.7 (0x40228000)
libssl.so.2 = /lib/libssl.so.2 (0x40233000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000)
libgdbm.so.2
Re: [Samba] Windows 2000 and krb5 tickets.
Same problem. I have been with it for weeks. I can connect using IP address from the Win2k clients however with the netbios name I get the error. Someone has told me today that this was solved in the new release samba-3.0.1rc2-1 , however I've already tested it and I still have the same problem. Please any more clues. Thanks, Fernando. On Fri, 2003-12-12 at 00:26, Tim Jordan wrote: I'm getting same error about encryption ... I have taken Tom's lead and have provided the output below. Is there a certain version of krb5 that we should be running? [EMAIL PROTECTED] tim]# smbd3 --version Version 3.0.1pre3 [EMAIL PROTECTED] tim]# strings /usr/lib/libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-final 1.3 20030708 I'm running Mandrake 9.2 Thank You Samba Team! Tim On Thu, 2003-12-11 at 13:59, Tom Dickson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OK. I've done some more research, and here's what I get. smbd --version Version 3.0.0 strings libkrb5.so.3.2 | grep BRAND KRB5_BRAND: krb5-1-3-1-final 1.3.1 20030730 Everything seems to work, but trying to access the Samba server results in: [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(308) ~ ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/12/11 14:54:19, 3] libads/kerberos_verify.c:ads_verify_ticket(316) ~ ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/12/11 14:54:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) ~ Failed to verify incoming ticket! [2003/12/11 14:54:19, 3] smbd/error.c:error_packet(109) ~ error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE This is the same error you get if you're running the wrong KRB5 libs, but I've the right ones. The windows 2000 machine is 5.00.2195 Windows 2000 clients connect to the ADS server fine, and will connect to the Samba server if you enter Username/Password. The 2000 server cannot connect to the Samba machine at all, even with the right username/pass. Is there a magic registry setting I'm missing? I've changed the Administrator password at least once. - -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/2PbO2dxAfYNwANIRAmuuAKCI9NMssxwHqQlyF7njkP+sZBt3PQCfWApO F9F+8BTOPIyoybZBYIlCouU= =94FA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] No credentials cache found
Hi everybody,
Me and a lot of people around in the list we are having the following
problem for sometime without solution.
I'd like to join Win2000 AD with Samba. I have samba-3.0.1pre3-1
compiled with the last kerberos support (1.3.1). The steps I do are:
1. Leave the AD (if it was registered before)
net ads leave
2. I open a kerberos session with the Administrator user
kinit [EMAIL PROTECTED]
Password:
3. I newly join the AD using the kerberos session opened
net ads join
It succeds and after this I have three kerberos tickets however in
the winbindd.log I see the following error message, which I don't like
and I think that's the source of the problem:
[2003/11/24 11:00:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
4. Everything seems to work: wbinfo -u , wbinfo -g , getent passwd ,
getent groups and wbinfo -t
5. Also it works the access to any share in the network from my Linux
box without having to authenticate:
smbclient //Server-Name/share -k
6. However, trying to access from other windows workstation (Win2k or
WinXP) to the shares on my Linux box it asks me for a user and password
and I get the following error message in the log:
[2003/11/25 08:47:05, 1] smbd/sesssetup.c:reply_spnego_kerberos(210)
Username (null) is invalid on this system
But if I mount the share with IP address it works, however using the
netbios name of my Linux box it doesn't. Very strange, isn't it ?
Any help will be greatly appreciate.
Thanks in advance,
Fernando.
=== smb.conf file ===
# Global parameters
[global]
workgroup = HGUV
realm = HGUV.LOCAL
server string = %h server (Samba %v)
security = ADS
password server = 10.36.192.24
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
printing = lprng
[homes]
comment = Home Directories
path = /home/%U
valid users = %D+%U
read only = No
create mask = 0664
directory mask = 0775
browseable = No
=
=== krb5.conf ===
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = HGUV.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
HGUV.LOCAL = {
kdc = 10.36.192.24:88
admin_server = 10.36.192.24:749
}
[domain_realm]
.hguv.local = HGUV.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
=
--
Yo uso software libre, ¿Y tu?
¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html
Fernando Ruza
e-mail: [EMAIL PROTECTED]
web: http://guada24.guadawireless.net
Tlf: 661123845
Yahoo! Messenger id: fruza
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.4.20 ext3)
In an internet without fences ... who needs 'gates'
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 client connection error
= ads server ip
}
[domain_realm]
..?.com = .?.COM
.?.com = .?.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}
Thanks
Tommy Fallsen
--
Yo uso software libre, ¿Y tu?
¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html
Fernando Ruza
e-mail: [EMAIL PROTECTED]
web: http://guada24.guadawireless.net
Tlf: 661123845
Yahoo! Messenger id: fruza
Linux user: #273644 (http://counter.li.org)
Debian Sid (Kernel 2.4.20 ext3)
In an internet without fences ... who needs 'gates'
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP/2k can't connect to Linux ADS member
Hi all, Regarding the problem I described in the mail attached bellow, I've found that when I'm trying to access a share in my linux box from Win2k or WinXP using the IP address of my linux box it works great, however using the netbios name it doesn't work: === C:\net use * \\HSERINT1\fruza The password or name of the user it's not valid for \\HSERINT1\fruza. Write the password for \\HSERINT1\fruza: Sytem error 5. Access denyed. C:\net use * \\10.36.192.17\fruza The unit F: is connected to \\10.36.192.17\fruza. The command has completed succesfully. C:\ === In the samba log file I have the following error when I try to connect using the netbios name: [2003/11/18 14:01:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Winbind, getent, wbinfo, joining ads, kinit, klist everything works. My smb.conf file is: # Global parameters [global] workgroup = HGUV realm = HGUV.LOCAL server string = %h server (Samba %v) security = ADS password server = 10.36.192.24 log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + printing = lprng [homes] comment = Home Directories path = /home/%U valid users = %D+%U read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp force user = inform force group = inform read only = No guest ok = Yes [Intranet] comment = DocumentRoot del servidor web de la intranet del HGUV path = /var/www force user = inform force group = inform read only = No create mask = 0777 directory mask = 0777 guest ok = Yes Thanks in advance for any reply. Regards, Fernando. El lun, 27 de 10 de 2003 a las 12:53, Fernando Ruza escribió: Hi, I have a linux box configured with samba-3.0.1pre1-1 joined to my Win2k ADS domain. I can succesfully use kinit and smbclient -k without entering a user/pass to connect to things on my network. Winbind, getent, wbinfo, ... everything works great however, from WinXP and Win2k client hosts I cannot connect to my linux shares. From Win95/98 clients works great. Always that I connect from WinXP and Win2k hosts to the Linux shares it asks me for username/password authentication and none works. The error I get from WinXP, Win2k hosts is ALWAYS: [2003/09/29 11:09:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username host.I'm.connecting.from$ is invalid on this system No other errors. I've tried setting client use spnego = no with no luck. This is very strange. I don't know what to do and where to see know. Any suggestions will be very apprecicate? Thanks in advance, Fernando. -- Yo uso software libre, ¿Y tu? ¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html Fernando Ruza e-mail: [EMAIL PROTECTED] web: http://guada24.guadawireless.net Tlf: 661123845 Yahoo! Messenger id: fruza Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.20 ext3) In an internet without fences ... who needs 'gates' -- Yo uso software libre, ¿Y tu? ¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html Fernando Ruza e-mail: [EMAIL PROTECTED] web: http://guada24.guadawireless.net Tlf: 661123845 Yahoo! Messenger id: fruza Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.20 ext3) In an internet without fences ... who needs 'gates' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP/2k can't connect to Linux ADS member
Hi, I have a linux box configured with samba-3.0.1pre1-1 joined to my Win2k ADS domain. I can succesfully use kinit and smbclient -k without entering a user/pass to connect to things on my network. Winbind, getent, wbinfo, ... everything works great however, from WinXP and Win2k client hosts I cannot connect to my linux shares. From Win95/98 clients works great. Always that I connect from WinXP and Win2k hosts to the Linux shares it asks me for username/password authentication and none works. The error I get from WinXP, Win2k hosts is ALWAYS: [2003/09/29 11:09:57, 1] smbd/sesssetup.c:reply_spnego_kerberos(218) Username host.I'm.connecting.from$ is invalid on this system No other errors. I've tried setting client use spnego = no with no luck. This is very strange. I don't know what to do and where to see know. Any suggestions will be very apprecicate? Thanks in advance, Fernando. -- Yo uso software libre, ¿Y tu? ¿Qué es el software libre? consulta: http://www.gnu.org/philosophy/free-sw.es.html Fernando Ruza e-mail: [EMAIL PROTECTED] web: http://guada24.guadawireless.net Tlf: 661123845 Yahoo! Messenger id: fruza Linux user: #273644 (http://counter.li.org) Debian Sid (Kernel 2.4.20 ext3) In an internet without fences ... who needs 'gates' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to Refresh jobs in samba queues ??
Hi all, I have working properly a print server with samba-2.2.6 and using the printing system lprng. I have just the following problem, when I open the window queue to see the jobs in it from Win2K and WinNT workstation the queues are not refreshing, I have to push F5 key continously to refresh the queue jobs information. Is there a way in samba or windows (I don't know where is the origin of the problem) so that it refreshs automaticly every n seconds ?? Thanks in advance to any reply, My smb.conf parameters regarding the priting system: = [global] printcap name = /etc/printcap load printers = yes show add printer wizard = yes printer admin = @admin printing = lprng [printers] comment = Impresoras path = /var/spool/samba browseable = yes printable = yes public = yes writable = yes create mode = 0700 guest ok = yes print command = /usr/bin/lpr -P %p %s rm %s lpq command = /usr/bin/lpq -P %p lprm command = /usr/bin/lprm -P %p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j [print$] path = /usr/local/samba/printers guest ok = yes browseable = yes public = yes read only = yes write list = @admin = Regards, = Fernando Ruza Rodríguez [EMAIL PROTECTED] ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Refresh jobs in samba queues
Hi all, I have working properly a print server with samba-2.2.6 and using the printing system lprng. I have just the following problem, when I open the window queue to see the jobs in it from Win2K and WinNT workstation the queues are not refreshing, I have to push F5 key continously to refresh the queue jobs information. Is there a way in samba or windows (I don't know where is the origin of the problem) so that it refreshs automaticly every n seconds ?? Thanks in advance to any reply, My smb.conf parameters regarding the priting system: = [global] printcap name = /etc/printcap load printers = yes show add printer wizard = yes printer admin = @admin printing = lprng [printers] comment = Impresoras path = /var/spool/samba browseable = yes printable = yes public = yes writable = yes create mode = 0700 guest ok = yes print command = /usr/bin/lpr -P %p %s rm %s lpq command = /usr/bin/lpq -P %p lprm command = /usr/bin/lprm -P %p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j [print$] path = /usr/local/samba/printers guest ok = yes browseable = yes public = yes read only = yes write list = @admin = Regards, = Fernando Ruza Rodríguez [EMAIL PROTECTED] ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print Queue Management through windows Clients
Write the following in the global section if you use lpd: printing = lprng And all the lp* command parameters in smb.conf start to work properly. Look at the commands I have, they works perfect for me: ## To print print command = /usr/bin/lpr -P %p %s rm %s ## To query the queue lpq command = /usr/bin/lpq -P %p ## To remove jobs in the queue lprm command = /usr/bin/lprm -P %p %j ## To pause a print job lppause command = /usr/sbin/lpc hold %p %j ## To resume a print job paused lpresume command = /usr/sbin/lpc release %p %j Also it's important that you check the file /etc/lpd.perms. My file has the following: ## You can make sure that connections come from a privileged port. ## Default is to allow them from any port so that non-setuid programs # can do printing. # Totally RFC1179 #REJECT SERVICE=X NOT PORT=1-1023 #REJECT SERVICE=X NOT PORT=1-1023 # Privileged #REJECT SERVICE=X NOT PORT=721-731 # # allow root on server to control jobs ACCEPT SERVICE=C SERVER REMOTEUSER=root # allow anybody to get server, status, and printcap ACCEPT SERVICE=C LPC=lpd,status,printcap # reject all others ##REJECT SERVICE=C # # allow same user on originating host to remove a job ACCEPT SERVICE=M SAMEHOST SAMEUSER # allow root on server to remove a job ACCEPT SERVICE=M SERVER REMOTEUSER=root REJECT SERVICE=M # all other operations allowed DEFAULT ACCEPT I hope all of this help you. Cheers, Fernando. --- Nick [EMAIL PROTECTED] escribió: I did not have the printer admin = @users (users is the group all my users are in) line in my smb.conf. I can now see the jobs that are queued but non of my commands work here except the print and maybe the lpq command. Also anyone know how to say pause and resume to lpd? Here is my configuration: [global] print admin = @users # shares [HP_LaserJet_4000] comment = Main Printer path = /var/spool/lpd/HP_LaserJet_4000 guest ok = yes public = yes printer = HP_LaserJet_4000 ;printing = bsd printable = yes browsable = yes print command = /usr/bin/lpr -P%p %s rm %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j [HP_LaserJet_6P] comment = Front Desk Printer path = /var/spool/lpd/HP_LaserJet_6P guest ok = yes public = yes printer = HP_LaserJet_6P ;printing = bsd printable = yes browsable = yes print command = /usr/bin/lpr -P%p %s rm %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j Any advice would be greatly appreciated :) Nick wrote: Hi, Is it possible to manage print queue's via windows clients. I get Access denied, unable to connect. I use the lp daemon to print via JetDirect. I am beginning to think it is not possible. If someone out there is doing this could you please share your configurations with us so it can be added to the samba How-to documentation. Respectfully, Nick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba = Fernando Ruza Rodríguez [EMAIL PROTECTED] ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Printing Issue - Windows cannot see the print queue
I have samba working fine. It even prints ok. The problem is that Windows cannot see the print jobs in the spooler on the Linux box. I can see them for a while but then I can see them in the spooler on the Linux box and not in the Windows queue. I am using RedHat 7.1 with Samba 2.2.6. I am also using the default lpd spooler and settings are in /etc/printcap printing=bsd is set in my smb.conf file. Please help! Thanks. = Fernando Ruza Rodríguez [EMAIL PROTECTED] ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Lan Manager Printer Port and Samba 2.2.x
Hi everybody, I have a problem with our samba server which is working as a PDC and Print manager. The server has several printers which share to everybody. This server is using samba v.2.2.5-1 When I install a network printer in the clients (Win2000 and NTs), normally windows set up automaticly a Lan Manager Printer Port asociated with the printer. Well, as we have seen using the samba version 2.2.x that Lan Manager Printer Port is not created (with samba version 2.0.x is created automaticly) however, we can print correctly. The only difference is that the jobs don't appear when I open the printer queue in Windows. If we do the same in another server which shares the printers with samba version 2.0.x, the Lan Manager Printer Port is created automaticly, we can print properly and also we can see the jobs in the printer queue in Windows which is what we want in the server with samba 2.2.5 I've read that samba 2.2.x uses MS-RPC and samba 2.0.x uses Lan Manager. Anyway, what we need is to be able to see the jobs in the printer queue in Windows using samba 2.2.x Any solution, any clue ?? Thanks, Fernando. = Fernando Ruza Rodríguez [EMAIL PROTECTED] ___ Yahoo! Messenger Nueva versión: Webcam, voz, y mucho más ¡Gratis! Descárgalo ya desde http://messenger.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
