Re: [Samba] Samba + Winbind + Windows 2003 AD

[Henrik Dige Semark]

as req. I will resend part of first message:
My Samba config: http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with
# wbinfo -u
[...]
XX
hds
XXX
[...]

# wbinfo -g
[...]
bg XX
bg hds
bg XXX
[...]

Now the problem, getent only returns the local users and not the users 
from the AD
The funny thing is that if a user is local on the UNIX and in the AD, I 
can login with the password from both local and AD, so I know that it 
can lookup people and passwords


# getent passwd hs ; echo $?
2

When I debug on getent it returns 2, witch means that it can't find the 
user.


I know there can be a problem with this if the resolv-names is not working

# ping addc.UNDERVISNING.LOCAL
PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data.
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 
time=0.211 ms
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 
time=0.207 ms


# ping mail.UNDERVISNING.LOCAL
PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data.
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 
time=0.099 ms
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 
time=0.094 ms



My krb5-conf:


Med Venlig Hilsen / Best Regards
Henrik Dige Semark

Den 19-07-2010 01:49, Necos Secon skrev:

I accidentally deleted the first set of messages in my email for this thread, 
but does your DNS resolve properly? What does your resolv.conf look like? Also, 
what do these files look like:

krb5.conf
smb.conf

There's an option in smb.conf, winbind enum users, which needs to be set in 
order for getent to function properly. There is a corresponding option for 
groups as well. Look at them and let us know.

   

Date: Mon, 19 Jul 2010 01:12:41 +0200
From:h...@semark.dk
To:esiot...@gmail.com
CC:samba@lists.samba.org
Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD

Hi Micheal

Sorry for not sending that information in the first place, but I though
that it was so basic that it wasn't necessary.

My nsswitch.conf:
# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc Name Service Switch' for information about this file.

passwd: compat winbind
group:  compat winbind
shadow: compat winbind

hosts:  files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:   files

services:   db files
ethers: db files
protocols:  db files
rpc:db files

netgroup:   nis

I will mean that it is the way to do this (and it works just fine on the
UNIX servers that run there own Domain Controller)

Med Venlig Hilsen / Best Regards
Henrik Dige Semark

Den 18-07-2010 17:03, Michael Wood skrev:
 

On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk   wrote:

   

Hey out there.

I have to join my UNIX server with an existing Win2k3 AD network.

My system info:
Debian Lenny
Samba   - 3.4.8
Winbind - 3.4.8

Windows Server 2003 with 2000-style-AD

My problem is that, I have en UNIX server that have to run auth up against
our existing windows 2003 AD.

I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'

My Samba config:http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with
# wbinfo -u

 

[...]

   

# wbinfo -g

 

[...]

   

Now the problem, getent only returns the local users and not the users from
the AD
The funny thing is that if a user is local on the UNIX and in the AD, I can
login with the password from both local and AD, so I know that it can lookup
people and passwords

# getent passwd hs ; echo $?
2

When I debug on getent it returns 2, witch means that it can't find the
user.

 

Do you have winbind specified in your nsswitch.conf file as mentioned here:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732


   


_
The New Busy is not the old busy. Search, chat and e-mail from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_3
   
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + Winbind + Windows 2003 AD

[Henrik Dige Semark]

Hi Tobias

To be honest I don't really know that mutch about the Windows AD, I'm 
not an Windows guy, when I talked with the Windows AD Administrator  he 
told my that it was an RFC2307 schema and not an old SFU, but I have 
just now logged on to the AD server and it doesn't seams like any 
schemas is loaded at all.


My winbind debugging:
http://pastebin.com/WjDRvp8q

Winbind debugging while getent passwd USER:
http://pastebin.com/0B24yePY

I don't know way there is a lot of UVROOT.LOCAL, my server is only 
joined to UNDERVISNING.LOCAL, but the windows AD server do know UVROOT also.


--
Med Venlig Hilsen / Best Regards
Henrik Dige Semark


Den 18-07-2010 08:58, Mucke, Tobias, FCI4 skrev:

Hi Henrik,

I am also fighting with Winbind for a few days now experiencing some weird 
behaviour.

Regarding your explanation I assume you have SFU running in your AD Domain. Do 
you really have a RFC2307 complaint schema in AD or do you still stick to SFU 
schema?

For debugging the winbind it was helpful to me to start it in a shell as a 
foreground process with debugging on, e. g.

/usr/sbin/winbindd -SFi -d3

Now you should be able to see the different Winbind behaviour regarding the 
login and getent.

Good luck.



Tobias Mucke

LFK-Lenkflugkörpersysteme GmbH
Serverpool, FCI4
Landshuter Straße 26, 85716 Unterschleißheim, GERMANY
Phone: +49 89 3179 8438
Fax: +49 89 3179 8927
Mobile: +49 170 635 3830
E-Mail: tobias.mu...@mbda-systems.de

http://www.mbda.net

Chairman of the Supervisory Board: Antoine Bouvier
Managing Director: Werner Kaltenegger
Registered Office: Schrobenhausen
Commercial Register: Amtsgericht Ingolstadt, HRB 4365

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Henrik Dige Semark
Sent: Sunday, July 18, 2010 1:35 AM
To: samba@lists.samba.org
Subject: [Samba] Samba + Winbind + Windows 2003 AD

Hey out there.

I have to join my UNIX server with an existing Win2k3 AD network.

My system info:
Debian Lenny
Samba   - 3.4.8
Winbind - 3.4.8

Windows Server 2003 with 2000-style-AD

My problem is that, I have en UNIX server that have to run auth up against our 
existing windows 2003 AD.

I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'

My Samba config: http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX 
[...]

# wbinfo -g
[...]
bg XX
bg hds
bg XXX
[...]

Now the problem, getent only returns the local users and not the users from the 
AD The funny thing is that if a user is local on the UNIX and in the AD, I can 
login with the password from both local and AD, so I know that it can lookup 
people and passwords

# getent passwd hs ; echo $?
2

When I debug on getent it returns 2, witch means that it can't find the user.

I know there can be a problem with this if the resolv-names is not working

# ping addc.UNDERVISNING.LOCAL
PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data.
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128
time=0.211 ms
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128
time=0.207 ms

# ping mail.UNDERVISNING.LOCAL
PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data.
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms

Is there anyone that can see where I have done something rung in my 
samba-config.?

--
Med Venlig Hilsen / Best Regards
Henrik Dige Semark
   

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba + Winbind + Windows 2003 AD

[Henrik Dige Semark]

Hi Micheal

Sorry for not sending that information in the first place, but I though 
that it was so basic that it wasn't necessary.


My nsswitch.conf:
# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc Name Service Switch' for information about this file.

passwd: compat winbind
group:  compat winbind
shadow: compat winbind

hosts:  files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:   files

services:   db files
ethers: db files
protocols:  db files
rpc:db files

netgroup:   nis

I will mean that it is the way to do this (and it works just fine on the 
UNIX servers that run there own Domain Controller)


Med Venlig Hilsen / Best Regards
Henrik Dige Semark

Den 18-07-2010 17:03, Michael Wood skrev:

On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk  wrote:
   

Hey out there.

I have to join my UNIX server with an existing Win2k3 AD network.

My system info:
Debian Lenny
Samba   - 3.4.8
Winbind - 3.4.8

Windows Server 2003 with 2000-style-AD

My problem is that, I have en UNIX server that have to run auth up against
our existing windows 2003 AD.

I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'

My Samba config: http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with
# wbinfo -u
 

[...]
   

# wbinfo -g
 

[...]
   

Now the problem, getent only returns the local users and not the users from
the AD
The funny thing is that if a user is local on the UNIX and in the AD, I can
login with the password from both local and AD, so I know that it can lookup
people and passwords

# getent passwd hs ; echo $?
2

When I debug on getent it returns 2, witch means that it can't find the
user.
 

Do you have winbind specified in your nsswitch.conf file as mentioned here:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id2654732

   
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba + Winbind + Windows 2003 AD

[Henrik Dige Semark]

Hey out there.

I have to join my UNIX server with an existing Win2k3 AD network.

My system info:
Debian Lenny
Samba   - 3.4.8
Winbind - 3.4.8

Windows Server 2003 with 2000-style-AD

My problem is that, I have en UNIX server that have to run auth up 
against our existing windows 2003 AD.


I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'

My Samba config: http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with
# wbinfo -u
[...]
XX
hds
XXX
[...]

# wbinfo -g
[...]
bg XX
bg hds
bg XXX
[...]

Now the problem, getent only returns the local users and not the users 
from the AD
The funny thing is that if a user is local on the UNIX and in the AD, I 
can login with the password from both local and AD, so I know that it 
can lookup people and passwords


# getent passwd hs ; echo $?
2

When I debug on getent it returns 2, witch means that it can't find the 
user.


I know there can be a problem with this if the resolv-names is not working

# ping addc.UNDERVISNING.LOCAL
PING addc.birke-gym.dk (10.3.17.1) 56(84) bytes of data.
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 
time=0.211 ms
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 
time=0.207 ms


# ping mail.UNDERVISNING.LOCAL
PING mail.birke-gym.dk (127.0.1.1) 56(84) bytes of data.
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from mail.birke-gym.dk (127.0.1.1): icmp_seq=2 ttl=64 time=0.094 ms

Is there anyone that can see where I have done something rung in my 
samba-config.?


--
Med Venlig Hilsen / Best Regards
Henrik Dige Semark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Debian Lenny: Samba PDC + LDAP

[Henrik Dige Semark]

Hey out there.
I have to get my PDC to work now, and I'm so close to desperation that I
have taken my self in looking at a windows server.
My problem is that I have to get roaming profile for some Windows XP Pro
clients to work, and I have a Debian based server solution.

The problem is that I can't see where I do something rung...

When I run smbldap-useradd -w testing$ it gets imported to LDAP, when
I try to connect my client, Samba connects to LDAP, when I do an
LDAP-search I get the info that I wants, when I test to see if my Admin
user is possible to find from UNIX it returns the right thing, what have
I missed.?

# getent passwd Admin
Admin:x:0:0:Netbios Domain Administrator:/home/Admin:/bin/false

LDAP-search string:
http://pastebin.com/m6d9f595a

Log when I try to join a client:
http://pastebin.com/m697c7f35
Samba-conf:
http://pastebin.com/m188ee119

slapd.conf:
http://pastebin.com/m6f13648a

schema.conf:
http://pastebin.com/m71cca406

ldap.conf:
http://pastebin.com/m52b39761

nsswitch.conf:
http://pastebin.com/m7d2dc9b0

System info:
Clean installed Debian Lenny (5.0.3)
Clean installed Samba 3.2.5 + Winbind 3.2.5
Clean installed OpenLDAP 2.4.11 (slapd)
Debian default smbldap-tools (smbldap-populate is working and have
populated LDAP without problems)
if there is something I have forgotten please just ask for it, I'm still
close to be desperate.!

-- 
Med Venlig Hilsen / Best regards
Henrik Dige Semark

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Debian Lenny: Samba PDC + LDAP

[Henrik Dige Semark]

I have just checked my PAM.d settings.
http://pastebin.com/m6844b37b
and I can't see what might be rung here.

I will test if I can logon to the console when I get my hands on the 
server, do I have to reboot when pam.d settings have changed, is this 
case I will wait to I'm next to the server.
Its not possible to logon to a samba-share with the Admin user, error in 
LDAP, NT_STATUS_NO_SUCH_USER


---
Med Venlig Hilsen / Best regards
Henrik Dige Semark



David Harrison skrev:
The error log you posted seems to suggest an error with your PAM/LDAP 
configuration.


The error messages you are seeing are exactly the same as these people:
http://lists.samba.org/archive/samba/2004-November/095960.html
http://lists.samba.org/archive/samba/2006-December/127799.html


Take a second look at how this is all configured.
If it is working you should be able to login to the local server 
console using your LDAP-based credentials.

Likewise run some tests just connecting to a Samba share as Admin.

If both these things are working then your domain logons should be 
happier.



David



On Mon, Feb 15, 2010 at 9:29 PM, Henrik Dige Semark h...@semark.dk 
mailto:h...@semark.dk wrote:


Hey out there.
I have to get my PDC to work now, and I'm so close to desperation
that I
have taken my self in looking at a windows server.
My problem is that I have to get roaming profile for some Windows
XP Pro
clients to work, and I have a Debian based server solution.

The problem is that I can't see where I do something rung...

When I run smbldap-useradd -w testing$ it gets imported to LDAP,
when
I try to connect my client, Samba connects to LDAP, when I do an
LDAP-search I get the info that I wants, when I test to see if my
Admin
user is possible to find from UNIX it returns the right thing,
what have
I missed.?

# getent passwd Admin
Admin:x:0:0:Netbios Domain Administrator:/home/Admin:/bin/false

LDAP-search string:
http://pastebin.com/m6d9f595a

Log when I try to join a client:
http://pastebin.com/m697c7f35
Samba-conf http://pastebin.com/m697c7f35%0ASamba-conf:
http://pastebin.com/m188ee119

slapd.conf:
http://pastebin.com/m6f13648a

schema.conf:
http://pastebin.com/m71cca406

ldap.conf:
http://pastebin.com/m52b39761

nsswitch.conf:
http://pastebin.com/m7d2dc9b0

System info:
Clean installed Debian Lenny (5.0.3)
Clean installed Samba 3.2.5 + Winbind 3.2.5
Clean installed OpenLDAP 2.4.11 (slapd)
Debian default smbldap-tools (smbldap-populate is working and have
populated LDAP without problems)
if there is something I have forgotten please just ask for it, I'm
still
close to be desperate.!

--
Med Venlig Hilsen / Best regards
Henrik Dige Semark

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




smime.p7s
Description: S/MIME Cryptographic Signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

[Henrik Dige Semark]

]:  sambaPasswordHistory
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogonHours
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  modifyTimestamp
Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uidNumber
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = hdb_search
Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
bdb_dn2entry(dc=semark-testing,dc=dk)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: search_candidates: 
base=dc=semark-testing,dc=dk (0x0001) scope=2
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = 
hdb_dn2idl(dc=semark-testing,dc=dk)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_equality_candidates 
(objectClass)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [b49d1940]
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_equality_candidates: id=0, 
first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_equality_candidates (uid)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = key_read
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_idl_fetch_key: [15f2129b]
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_index_read: failed (-30990)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: = bdb_equality_candidates: id=0, 
first=0, last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 
first=1 last=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: hdb_search: no candidates
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: conn=15 op=3 p=3
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched= 
text=
Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response: msgid=4 
tag=101 err=0
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got connid=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22): checking for 
input on id=15
Jan 27 20:21:53 hds-debian-virt slapd[1868]: ber_get_next on fd 22 failed 
errno=0 (Success)
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing: readying 
conn=15 sd=22 for close
Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close: conn=15 sd=22

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark


On 26-01-2010 22:42, Dale Schroeder wrote:
 Henrik,

 I saw that another user wanted you to make sure that the PDC was added
 to the domain, and he is correct.
 If it is still not working after adding the PDC to the domain,
 consider changing the add machine script to this:

 add machine script = /usr/sbin/smbldap-useradd -i -w '%u'

 I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
 is what fixed the issue.

 Dale


 On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:
 I have a serous problem.

 I have for some time now tried to get an SAMBA based Domain Controller
 working.
 I have tried with OpenLDAP and tdbsam as backend, but I get the same
 error every time.

 I wood prefer to use LDAP as my backend.
 I have read tons of how-to SAMBA + LDAP, but non of the seams to work
 for my, is there someone that maybe can see what I have done rung in
 my config.?

 I have attached my samba conf and LDAP conf.

 Samba is connected to OpenLDAP, and LDAP is running fine.
 But when I try to join my Windows XP Pro SP3 I takes about one Min and
 it tells my that Username and/or Password maybe rung, ore not existing.

 There is no doubt that Samba and Ldap is talking together (samba have
 updated the SID and RID's), cause when I try to join the domain LDAP
 is activated, but the return value is somehow disappearing on the way
 back to my client

 I have some wireshark dump that I can provide if its necessary.
 I can provide LOGS, DUMPS, and everything needed if its necessary.

 System info:
 Clean installed Debian Lenny (5.0.3)
 Clean installed Samba 3.2.5 + Winbind 3.2.5
 Clean installed OpenLDAP 2.4.11 (slapd)
 Debian default smbldap-tools (smbldap-populate is working and have
 populated LDAP without problems)
 if there is something I have forgotten please just ask for it, I'm
 close to be desperate.!

 ---
 Med Venlig Hilsen / Best regards
 Henrik Dige Semark


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

[Henrik Dige Semark]

]: = bdb_index_read: failed (-30990)
Jan 27 21:32:11 hds-debian-virt slapd[1868]: = bdb_equality_candidates: id=0, 
first=0, last=0
Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates: id=0 
first=17 last=0
Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates
Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5 op=1146 
p=3
Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0 matched= 
text=
Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response: msgid=1147 
tag=101 err=0

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark


On 27-01-2010 21:06, Gaiseric Vandal wrote:
 Try using  net ...   -U Administrator instead, since root is not
 by default a member of the domain admin group.  This presumes you have
 created the Administrator account in samba, created the domain
 admins group and setup the approp group mapping for key groups
 (domain admins, domain users etc.)




 On 01/27/10 14:23, Henrik Dige Semark wrote:
 Dos the PDC have to join the domain also?

 When I try to join my PDC to its domain with net join I get the
 following error.

 Enter root's password:
 Could not connect to server PDC
 The username or password was not correct.
 Connection failed: NT_STATUS_LOGON_FAILURE


 The netbios name for my PDC is pdc.semarktest.dk I guess that way it
 tells my that is can't connect to server PDC
 I have checked that pdc is in the name server (nameserver is on
 127.0.0.1)

 # host pdc
 pdc.semarktest.dk has address 192.168.1.182

 Is there something I'm missing?

 Log dump from net join command:

 # tail -200 /var/log/syslog | grep slapd
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
 connid=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
 checking for input on id=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk

 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk,sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk

 Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH
 sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk
 2 0
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter:
 ((objectClass=sambaTrustedDomainPassword)(sambaDomainName=semarktest))
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: =  hdb_search
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:
 bdb_dn2entry(sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk)

 Jan 27 20:21:53 hds-debian-virt slapd[1868]: = 
 hdb_dn2id(sambaDomainName=semarktest,sambaDomainName=semarktest,dc=semark-testing,dc=dk)

 Jan 27 20:21:53 hds-debian-virt slapd[1868]:= hdb_dn2id: get failed:
 DB_NOTFOUND: No matching key/data pair found (-30990)
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result:
 conn=15 op=2 p=3
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_result: err=10
 matched=sambaDomainName=semarktest,dc=semark-testing,dc=dk text=
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: send_ldap_response:
 msgid=3 tag=101 err=32
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22)
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
 connid=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
 checking for input on id=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=3 do_search
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:dc=semark-testing,dc=dk
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:dc=semark-testing,dc=dk,dc=semark-testing,dc=dk
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: SRCH
 dc=semark-testing,dc=dk 2 0
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: 0 15 0
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: filter:
 ((uid=root)(objectClass=sambaSamAccount))
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: attrs:
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uid
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  uidNumber
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  gidNumber
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  homeDirectory
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdLastSet
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdCanChange
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaPwdMustChange
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogonTime
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaLogoffTime
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sambaKickoffTime
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  cn
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:  sn
 Jan 27 20:21:53 hds-debian-virt slapd[1868

Re: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

[Henrik Dige Semark]

I have remembered to run smbpassd -W, and I still get the same error
when I try with -S pdc on net join command.

I can see that LDAP is activated, and that samba is doing something, but
it seams like the answer is disappear on the way back.

Samba have initialised my LDAP with its SID and RID's, when it can do
this way is it not possible to lookup users?

Is it necessary to join my PDC to its own domain btw.? cause the new
server here is going to be PDC and replace my old Win2k DC (its not a
member it a separate test-domain)

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark



On 27-01-2010 21:56, Dale Schroeder wrote:
 Did you remember to run smbpasswd -W?

 Sometimes you have to add the -S switch for the join to work.
 net rpc join -S pdc -U root

 Dale


 On 01/27/2010 2:33 PM, Henrik Dige Semark wrote:
 I have just tried with net join -U Admin and I get the same error as
 before.

 # net join -U Admin
 Enter admin's password:
 Could not connect to server PDC
 The username or password was not correct.
 Connection failed: NT_STATUS_LOGON_FAILURE

 Ldap search for Admin:

 # ldapsearch -x -h 127.0.0.1 -p 389

 # Admin, Users, semark-testing.dk
 dn: uid=Admin,ou=Users,dc=semark-testing,dc=dk
 cn: Admin
 sn: Admin
 objectClass: top
 objectClass: person
 objectClass: organizationalPerson
 objectClass: inetOrgPerson
 objectClass: sambaSamAccount
 objectClass: posixAccount
 objectClass: shadowAccount
 gidNumber: 0
 uid: Admin
 uidNumber: 0
 homeDirectory: /home/Admin
 sambaLogonTime: 0
 sambaLogoffTime: 2147483647
 sambaKickoffTime: 2147483647
 sambaPwdCanChange: 0
 sambaHomePath: \\192.168.1.182\Admin
 sambaHomeDrive: H:
 sambaProfilePath: \\192.168.1.182\profiles\Admin
 sambaPrimaryGroupSID: S-1-5-21-860714184-2299130787-2886737959-512
 sambaSID: S-1-5-21-860714184-2299130787-2886737959-500
 loginShell: /bin/false
 gecos: Netbios Domain Administrator
 sambaLMPassword: my-pass
 sambaAcctFlags: [U]
 sambaNTPassword: my-pass
 sambaPwdLastSet: 1264374249
 sambaPwdMustChange: 1268262249
 shadowMax: 45

 Log dump from net join command:

 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22)
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_get(22): got
 connid=22
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: connection_read(22):
 checking for input on id=22
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: conn=22 op=3 do_search
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:dc=semark-testing,dc=dk
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 
 dnPrettyNormal:dc=semark-testing,dc=dk,dc=semark-testing,dc=dk
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: SRCH
 dc=semark-testing,dc=dk 2 0
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: 0 15 0
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: filter:
 ((uid=admin)(objectClass=sambaSamAccount))
 Jan 27 21:31:11 hds-debian-virt slapd[1868]: attrs:
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  uid
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  uidNumber
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  gidNumber
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  homeDirectory
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaPwdLastSet
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaPwdCanChange
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaPwdMustChange
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaLogonTime
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaLogoffTime
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaKickoffTime
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  cn
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sn
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  displayName
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaHomeDrive
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaHomePath
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaLogonScript
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaProfilePath
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  description
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaUserWorkstations
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaSID
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaPrimaryGroupSID
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaLMPassword
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaNTPassword
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaDomainName
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  objectClass
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaAcctFlags
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaMungedDial
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaBadPasswordCount
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaBadPasswordTime
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaPasswordHistory
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  modifyTimestamp
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  sambaLogonHours
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  modifyTimestamp
 Jan 27 21:31:11 hds-debian-virt slapd[1868]:  uidNumber
 Jan 27 21:31:11 hds

Re: [Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

[Henrik Dige Semark]

 Hilsen / Best regards
Henrik Dige Semark


On 27-01-2010 22:22, Gaiseric Vandal wrote:
 Sorry, should be Administrator


 Verify the user exists in samba with  pdbedit -Lv Administrator

 and that group mapping is setup.

 # net groupmap list | grep Domain Admins
 Domain Admins (S-1-5-21-x-512) - Domain Admins
 #

 The unix group name (on the right side of the mapping) may  not
 exactly match the windows name.
 You might have

 # net groupmap list | grep Domain Admins
 Domain Admins (S-1-5-21-x-512) - Samba_Domain_Admins
 #


 Also verify that the Administrator is the correct groups

 #groups Administrator
 Domain Admins   Domain Users 



 I also had mappings for
 Domain Users
 Domain Computers
 Domain Guests
 Domain Controllers



 On 01/27/10 15:33, Henrik Dige Semark wrote:
 I have just tried with net join -U Admin and I get the same error as
 before.

 # net join -U Admin
 Enter admin's password:
 Could not connect to server PDC
 The username or password was not correct.
 Connection failed: NT_STATUS_LOGON_FAILURE
 [ ... ]
 quality_candidates: id=0, first=0, last=0
 Jan 27 21:32:11 hds-debian-virt slapd[1868]: bdb_search_candidates:
 id=0 first=17 last=0
 Jan 27 21:32:11 hds-debian-virt slapd[1868]: hdb_search: no candidates
 Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: conn=5
 op=1146 p=3
 Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_result: err=0
 matched= text=
 Jan 27 21:32:11 hds-debian-virt slapd[1868]: send_ldap_response:
 msgid=1147 tag=101 err=0

 ---
 Med Venlig Hilsen / Best regards
 Henrik Dige Semark


 On 27-01-2010 21:06, Gaiseric Vandal wrote:
   
 Try using  net ...   -U Administrator instead, since root is not
 by default a member of the domain admin group.  This presumes you have
 created the Administrator account in samba, created the domain
 admins group and setup the approp group mapping for key groups
 (domain admins, domain users etc.)




 On 01/27/10 14:23, Henrik Dige Semark wrote:
 
 Dos the PDC have to join the domain also?

 When I try to join my PDC to its domain with net join I get the
 following error.

 Enter root's password:
 Could not connect to server PDC
 The username or password was not correct.
 Connection failed: NT_STATUS_LOGON_FAILURE


 The netbios name for my PDC is pdc.semarktest.dk I guess that way it
 tells my that is can't connect to server PDC
 I have checked that pdc is in the name server (nameserver is on
 127.0.0.1)

 # host pdc
 pdc.semarktest.dk has address 192.168.1.182

 Is there something I'm missing?

 Log dump from net join command:

 # tail -200 /var/log/syslog | grep slapd
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_get(22): got
 connid=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_read(22):
 checking for input on id=15
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: conn=15 op=2 do_search
 Jan 27 20:21:53 hds-debian-virt slapd[1868]:
 dnPrettyNormal:sambaDomainName=SEMARKTEST,sambaDomainName=semarktest,dc=semark-testing,dc=dk

 [ ... ]
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_closing:
 readying conn=15 sd=22 for close
 Jan 27 20:21:53 hds-debian-virt slapd[1868]: connection_close:
 conn=15 sd=22

 ---
 Med Venlig Hilsen / Best regards
 Henrik Dige Semark


 On 26-01-2010 22:42, Dale Schroeder wrote:

   
 Henrik,

 I saw that another user wanted you to make sure that the PDC was
 added
 to the domain, and he is correct.
 If it is still not working after adding the PDC to the domain,
 consider changing the add machine script to this:

   add machine script = /usr/sbin/smbldap-useradd -i -w '%u'

 I ran into this problem with Samba 3.4.3 on Debian Squeeze, and that
 is what fixed the issue.

 Dale


 On 01/25/2010 3:23 PM, Henrik Dige Semark wrote:

 
 I have a serous problem.

 I have for some time now tried to get an SAMBA based Domain
 Controller
 working.
 I have tried with OpenLDAP and tdbsam as backend, but I get the same
 error every time.

 I wood prefer to use LDAP as my backend.
 I have read tons of how-to SAMBA + LDAP, but non of the seams to
 work
 for my, is there someone that maybe can see what I have done rung in
 my config.?

 I have attached my samba conf and LDAP conf.

 Samba is connected to OpenLDAP, and LDAP is running fine.
 But when I try to join my Windows XP Pro SP3 I takes about one
 Min and
 it tells my that Username and/or Password maybe rung, ore not
 existing.

 There is no doubt that Samba and Ldap is talking together (samba
 have
 updated the SID and RID's), cause when I try to join the domain LDAP
 is activated, but the return value is somehow disappearing on the
 way
 back to my client

 I have some wireshark dump that I can provide if its necessary.
 I can provide LOGS, DUMPS, and everything needed if its necessary.

 System info:
 Clean installed Debian Lenny (5.0.3)
 Clean installed Samba 3.2.5 + Winbind 3.2.5
 Clean installed OpenLDAP 2.4.11 (slapd)
 Debian default smbldap-tools (smbldap

[Samba] Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11

[Henrik Dige Semark]

I have a serous problem.

I have for some time now tried to get an SAMBA based Domain Controller
working.
I have tried with OpenLDAP and tdbsam as backend, but I get the same
error every time.

I wood prefer to use LDAP as my backend.
I have read tons of how-to SAMBA + LDAP, but non of the seams to work
for my, is there someone that maybe can see what I have done rung in
my config.?

I have attached my samba conf and LDAP conf.

Samba is connected to OpenLDAP, and LDAP is running fine.
But when I try to join my Windows XP Pro SP3 I takes about one Min and
it tells my that Username and/or Password maybe rung, ore not existing.

There is no doubt that Samba and Ldap is talking together (samba have
updated the SID and RID's), cause when I try to join the domain LDAP
is activated, but the return value is somehow disappearing on the way
back to my client

I have some wireshark dump that I can provide if its necessary.
I can provide LOGS, DUMPS, and everything needed if its necessary.

System info:
Clean installed Debian Lenny (5.0.3)
Clean installed Samba 3.2.5 + Winbind 3.2.5
Clean installed OpenLDAP 2.4.11 (slapd)
Debian default smbldap-tools (smbldap-populate is working and have
populated LDAP without problems)
if there is something I have forgotten please just ask for it, I'm
close to be desperate.!

---
Med Venlig Hilsen / Best regards
Henrik Dige Semark

# Defining domain name, hostname

[global]
dns proxy = no
netbios name = pdc
wins support = Yes
workgroup = semarktest
include = /etc/samba/dhcp.conf
server string = Debian Lenny (5.0.3) PDC
name resolve order = host lmhosts bcast wins

# Netwok-settings

hosts deny = ALL
hosts allow = 192.168.1.0/24 127.

# Specifying passwd backend database

#username map = /etc/samba/smbusers
#smb passwd file = /etc/samba/smbpasswd
#passdb backend = tdbsam:/etc/samba/userdatabase.tdb
passdb backend = ldapsam:ldap://127.0.0.1

# LDAPSMB-CONFIG - SMBLDAP-TOOLS

# LDAPSMB-CONFIG
#   add user script = /usr/sbin/ldapsmb -a -u %u
#   add machine script = /usr/sbin/ldapsmb -a -w %u
#   add group script = /usr/sbin/ldapsmb -a -g %g
#   add user to group script = /usr/sbin/ldapsmb -j -u %u -g %g
#   delete user script = /usr/sbin/ldapsmb -d -u %u
#   delete group script = /usr/sbin/ldapsmb -d -g %g
#   delete user from group script = /usr/sbin/ldapsmb -r -u %u -g %g
#   set primary group script = /usr/sbin/ldapsmb -m -u %u -g %g

# SMBLDAP-TOOLS
add user script = /usr/sbin/smbldap-useradd -a -m %u -M %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user script = /usr/sbin/smbldap-userdel %u
delete group script = /usr/sbin/smbldap-groupdel %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u

# TDBSAM
#   add user script = /usr/sbin/useradd -m %u 
#   delete user script = /usr/sbin/userdel -r %u 
#   add group script = /usr/sbin/groupadd %g  
#   delete group script = /usr/sbin/groupdel %g  
#   add user to group script = /usr/sbin/usermod -G %g %u 
#   add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null  -g 
machines %u 


# Various other directives ( man smb.conf )
###
logon drive = H:
logon home = \\%L\%U
#logon path = \\%L\profile\%U
logon script = scripts/logon.bat
os level = 65
time server = Yes
domain master = Yes
domain logons = Yes
preferred master = Yes
enable privileges = yes
show add printer wizard = yes
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

# Windbind
##
winbind separator = %
winbind cache time = 10
winbind enum users = Yes
winbind uid = 1000-21000
winbind gid = 1000-21000
winbind enum groups = Yes
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = Yes

# OpenLDAP stuff is defined here
###
ldap ssl = no
ldap delete dn = Yes
ldap passwd sync = Yes
ldap user suffix = ou=Users
ldap idmap suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=semark-testing,dc=dk
ldap admin dn = cn=admin,dc=semark-testing,dc=dk
idmap uid = 1000-21000
idmap

Re: [Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]

[Henrik Dige Semark]

Henrik Dige Semark skrev:

 Adam Tauno WIlliams skrev:
 

[2009/08/14 18:22:24,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
 pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:24,  1] auth/auth_util.c:make_server_info_sam(562)
 User DomAdmin in passdb, but getpwnam() fails!



I don't know why it is looking for a DomAdmin account. Perhaps your
directory is not fully initialized?  Loaded with the required users,
etc...
  
DomAdmin, is a Domain-administrator accaunt I have created instead of 
admin ore root
I have ran smbldap-populate -u 1 -g 1 -a admin -g guest and 
it populates LDAP with all the default users and groupes windows need 
to be able to join.

-u uidNumber  first uidNumber to allocate (default: 1000)
-g gidNumber  first uidNumber to allocate (default: 1000)
-a user   administrator login name (default: root)
-b user   guest login name (default: nobody)
 
Error: modifications require authentication at 
/usr/share/perl5/smbldap_tools.pm line 1083.
[2009/08/14 18:22:48,  0] 
passdb/pdb_interface.c:pdb_default_create_user(336)
 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd 
-t 0 -w -i hds$' gave 127



I don't use smblap-tools but this looks like they don't have sufficient
config to authenticate to the DSA.
  
Don't know what the problem is with smbldap-useradd, but when I run 
the command alone it creates a windows machine user:

# smbldap-useradd -w -i testcomputer
New password : 1234
Retype new password : 1234
*failed to add entry: structural object class modification from 
'account' to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd 
line 311, STDIN line 2. *


I have the schemas that provite account and inetOrgPerson

# smbldap-useradd -?
(c) Jerome Tournier - (jtourn...@gmail.com)- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
 -ais a Windows User (otherwise, Posix stuff only)
 -bis a AIX User
 -cgecos
 -dhome
 -ggid
 -iis a trust account (Windows Workstation)
 -kskeleton dir (with -m)
 -mcreates home directory and copies /etc/skel
 -ndo not create a group
 -oadd the user in the organizational unit (relative to the user 
suffix. Ex: 'ou=admin,ou=all')

 -uuid
 -sshell
 -ttime. Wait 'time' seconds before exiting (when adding Windows 
Workstation)

 -wis a Windows Workstation (otherwise, Posix stuff only)
 -Acan change password ? 0 if no, 1 if yes
 -Bmust change password ? 0 if no, 1 if yes
 -CsambaHomePath (SMB home share, like '\\PDC-SRV\homes')
 -DsambaHomeDrive (letter associated with home share, like 'H:')
 -EsambaLogonScript (DOS script to execute on login)
 -FsambaProfilePath (profile directory, like 
'\\PDC-SRV\profiles\foo')

 -Gsupplementary comma-separated groups
 -HsambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
 -Mlocal mailAddress (comma seperated)
 -Ngiven name
 -Pends by invoking smbldap-passwd
 -Ssurname (Family name)
 -TmailToAddress (forward address) (comma seperated)
 -?show this help message

Mike Eggleston skrev:

   I'm not at work and am unable to compare your configuration with
   my production configuration. I have a similar environment, though,
   and found for windows boxes I needed to create the account in LDAP
   first (I use smbldap-adduser ...), then I must also add my samba
   server as a WINS server to the windows box, then I can join the
   windows box to my samba pdc domain.

   Mike

I have now tryed to set my server as wins-server - still samme problem



More info:
There is something I don't understand when I try to join the domain 
there is no traffic to LDAP at all, but when i do

# wbinfo -u
guest
domadmin

# wbinfo -g
domain admins
domain users
domain guests
domain computers
BUILTIN%users

# wbinfo --ping
Ping to winbindd succeeded

It looks up in LDAP just fine, so the link is apparently working fine

--
Med Venlig Hilsen / Best regards
Henrik Dige Semark 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Is Samba useful in an all-Linux environment?

[Henrik Dige Semark]

Steve Litt skrev:

On Monday 17 August 2009 15:55:34 John Drescher wrote:
  

On Mon, Aug 17, 2009 at 3:52 PM, Eero Volotineneero.voloti...@iki.fi wrote:


Steve Litt kirjoitti:
  

Hi all,

This isn't meant to be a troll. It's a legitimate question asked because
I haven't done much with Samba for 9 years.

Is there anything Samba can contribute to an all-Linux environment with
no Windows or Mac computers?


Well, atleast it is more secure than nfsv3 ?
  

That along with better performance and also better handling of
disconnections are a couple of reasons to use samba/cifs over nfs3.



How about performance and security of Samba vs. NFS4 on an all Linux network?
  
Samba is definitely more secure then NFS but performance wise it is 
definitely my expiration that NFS is much fasten with small files, but 
about the same on big files.



Thanks

SteveT

Steve Litt
Recession Relief Package
http://www.recession-relief.US
Twitter: http://www.twitter.com/stevelitt


  



--
Med Venlig Hilsen / Best regards
Henrik Dige Semark 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba PDC + OpenLDAP (Debian Lenny)

[Henrik Dige Semark]

-DOMAIN,dc=domain,dc=dk text=value does not 
conform to assertion syntax

Aug 14 18:33:01 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:01 hds-linux slapd[4180]: SRCH dc=domain,dc=dk 2 0
Aug 14 18:33:01 hds-linux slapd[4180]: 0 15 0
Aug 14 18:33:01 hds-linux slapd[4180]: filter: 
((uid=domadmin)(objectClass=sambaSamAccount))

Aug 14 18:33:01 hds-linux slapd[4180]: attrs:
Aug 14 18:33:01 hds-linux slapd[4180]:  uid
Aug 14 18:33:01 hds-linux slapd[4180]:  uidNumber
Aug 14 18:33:01 hds-linux slapd[4180]:  gidNumber
[ ... ]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [36d2b1e2]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [9767cf87]
Aug 14 18:33:02 hds-linux slapd[4180]: bdb_idl_fetch_key: [4194d841]
Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0 
matched= text=

Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14)
Aug 14 18:33:02 hds-linux slapd[4180]: send_ldap_result: err=0 
matched= text=

Aug 14 18:33:12 hds-linux slapd[4180]: connection_get(14)
[ ... ]
Aug 14 18:33:25 hds-linux slapd[4180]: conn=44 op=2 modifications:
Aug 14 18:33:25 hds-linux slapd[4180]: ^Ireplace: uidNumber
Aug 14 18:33:25 hds-linux slapd[4180]: ^I^Ione value, length 5
Aug 14 18:33:25 hds-linux slapd[4180]: send_ldap_result: err=8 
matched= text=modifications require authentication

Aug 14 18:33:25 hds-linux slapd[4180]: connection_get(29)
Aug 14 18:33:35 hds-linux slapd[4180]: connection_get(14)

# net groupmap list
--
Domain Admins (S-1-5-21-3045805106-2558287267-4023452987-512) - 512
Domain Users (S-1-5-21-3045805106-2558287267-4023452987-513) - 513
Domain Guests (S-1-5-21-3045805106-2558287267-4023452987-514) - 514
Domain Computers (S-1-5-21-3045805106-2558287267-4023452987-515) - 515
Administrators (S-1-5-32-544) - 544
Account Operators (S-1-5-32-548) - 548
Print Operators (S-1-5-32-550) - 550
Backup Operators (S-1-5-32-551) - 551
Replicators (S-1-5-32-552) - 552
Users (S-1-5-32-545) - 1

System info:
--
Debian Lenny 5.0.2
Kernel - 2.6.26-2-xen-686

Samba Version 3.2.5
Winbind Version 3.2.5
OpenLDAP Version 2.4.11

if there is more info you need plz just ask :)

--
Med Venlig Hilsen / Best regards
Henrik Dige Semark 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]

[Henrik Dige Semark]

Sorry to Adam Tauno WIlliams for sending direct.

--
Med Venlig Hilsen / Best regards
Henrik Dige Semark 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Fwd: Re: Samba PDC + OpenLDAP (Debian Lenny)]

[Henrik Dige Semark]

 Adam Tauno WIlliams skrev:
I'm trying to move my existing MS-AD over to SAMBA, the place I'm 



So you have an AD domain?  Samba 3.x does not provide an AD domain, it
provides an NT domains, so your requirement of everything keeps running
in the same or almost the same way cannot be met.  Unless you want to
try Samba 4.
  
We are not using the AD-functionalitys so what I ment was that my 
windows-clients is able to join the domain, and user-validate.
  
When I try to join a Windows Vista Ultimate ore Windows XP Pro to the 
domain it takes 30 sec and then it says The machine account dos not 
exist but as I understand that is what
add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i %u has to 
do right ?



It is supposed to, yes.

  

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192



Get rid of all the socket options stuff.  Are you using an old HOWTO
or some crap Wiki entry from somewhere?  Setting this directive is an
OLD habit and very obsolete.  Use only the Samba HOWTO and By-Example as
provided on Samba docs.  Assume everything else on the Internet is
obsolete and out-of-date, because it most likely is.
  
It was en the example file for smbldatp-tools Domain config. I have 
removed it now, but still now differance
  

[2009/08/14 18:22:24,  0] passdb/pdb_get_set.c:pdb_get_group_sid(210)
 pdb_get_group_sid: Failed to find Unix account for DomAdmin
[2009/08/14 18:22:24,  1] auth/auth_util.c:make_server_info_sam(562)
 User DomAdmin in passdb, but getpwnam() fails!



I don't know why it is looking for a DomAdmin account. Perhaps your
directory is not fully initialized?  Loaded with the required users,
etc...
  
DomAdmin, is a Domain-administrator accaunt I have created instead of 
admin ore root
I have ran smbldap-populate -u 1 -g 1 -a admin -g guest and it 
populates LDAP with all the default users and groupes windows need to be 
able to join.

-u uidNumber  first uidNumber to allocate (default: 1000)
-g gidNumber  first uidNumber to allocate (default: 1000)
-a user   administrator login name (default: root)
-b user   guest login name (default: nobody)
  
Error: modifications require authentication at 
/usr/share/perl5/smbldap_tools.pm line 1083.
[2009/08/14 18:22:48,  0] 
passdb/pdb_interface.c:pdb_default_create_user(336)
 _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -t 0 
-w -i hds$' gave 127



I don't use smblap-tools but this looks like they don't have sufficient
config to authenticate to the DSA.
  
Don't know what the problem is with smbldap-useradd, but when I run the 
command alone it creates a windows machine user:

# smbldap-useradd -w -i testcomputer
New password : 1234
Retype new password : 1234
failed to add entry: structural object class modification from 'account' 
to 'inetOrgPerson' not allowed at /usr/sbin/smbldap-useradd line 311, 
STDIN line 2.


I have the schemas that provite account and inetOrgPerson

# smbldap-useradd -?
(c) Jerome Tournier - (jtourn...@gmail.com)- Licensed under the GPL
Usage: /usr/sbin/smbldap-useradd [-awmugdsckABCDEFGHMNPST?] username
 -ais a Windows User (otherwise, Posix stuff only)
 -bis a AIX User
 -cgecos
 -dhome
 -ggid
 -iis a trust account (Windows Workstation)
 -kskeleton dir (with -m)
 -mcreates home directory and copies /etc/skel
 -ndo not create a group
 -oadd the user in the organizational unit (relative to the user 
suffix. Ex: 'ou=admin,ou=all')

 -uuid
 -sshell
 -ttime. Wait 'time' seconds before exiting (when adding Windows 
Workstation)

 -wis a Windows Workstation (otherwise, Posix stuff only)
 -Acan change password ? 0 if no, 1 if yes
 -Bmust change password ? 0 if no, 1 if yes
 -CsambaHomePath (SMB home share, like '\\PDC-SRV\homes')
 -DsambaHomeDrive (letter associated with home share, like 'H:')
 -EsambaLogonScript (DOS script to execute on login)
 -FsambaProfilePath (profile directory, like '\\PDC-SRV\profiles\foo')
 -Gsupplementary comma-separated groups
 -HsambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')
 -Mlocal mailAddress (comma seperated)
 -Ngiven name
 -Pends by invoking smbldap-passwd
 -Ssurname (Family name)
 -TmailToAddress (forward address) (comma seperated)
 -?show this help message

Mike Eggleston skrev:

   I'm not at work and am unable to compare your configuration with
   my production configuration. I have a similar environment, though,
   and found for windows boxes I needed to create the account in LDAP
   first (I use smbldap-adduser ...), then I must also add my samba
   server as a WINS server to the windows box, then I can join the
   windows box to my samba pdc domain.

   Mike
 


I have now tryed to set my server as wins-server - still samme problem

--
Med Venlig Hilsen / Best regards
Henrik Dige Semark 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https

[Samba] RE: return codes ?

[Henrik Dige Semark]

: struct libnet_JoinCtx
  account_name : NULL
  netbios_domain_name  : 'UNDERVISNING'
  dns_domain_name  : 'UNDERVISNING.LOCAL'
  dn   : 
'CN=mail,CN=Computers,DC=UNDERVISNING,DC=LOCAL'
  domain_sid   : *
  domain_sid   : 
S-1-5-21-3246059169-2696874919-626726505
  modified_config  : 0x00 (0)
  error_string : NULL
  domain_is_ad : 0x01 (1)
  result   : WERR_OK
[2009/01/14 20:28:10, 10] intl/lang_tdb.c:lang_tdb_init(147)
  lang_tdb_init: loading /usr/local/samba/var/locks/lang_da_DK.UTF-8.tdb
[2009/01/14 20:28:10, 10] libads/kerberos.c:kerberos_kinit_password_ext(217)
  kerberos_kinit_password: as ma...@undervisning.local using [MEMORY:net_ads] 
as ccache and config [(null)]
[2009/01/14 20:28:10, 10] lib/util.c:name_to_fqdn(2953)
  name_to_fqdn: lookup for MAIL - MAIL.birke-gym.dk.
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth4 ip=fe80::218:f3ff:fe52:e93%eth4 
bcast=fe80:::::%eth4 netmask=:::::
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth1 ip=fe80::280:c8ff:feca:9081%eth1 
bcast=fe80:::::%eth1 netmask=:::::
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth2 ip=fe80::280:c8ff:feca:9082%eth2 
bcast=fe80:::::%eth2 netmask=:::::
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth3 ip=fe80::280:c8ff:feca:9083%eth3 
bcast=fe80:::::%eth3 netmask=:::::
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface tap0 ip=fe80::9c8d:42ff:fe8d:d632%tap0 
bcast=fe80:::::%tap0 netmask=:::::
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth1:INTRANET ip=194.182.87.2 bcast=194.182.87.127 
netmask=255.255.255.128
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth1 ip=194.182.87.97 bcast=194.182.87.127 
netmask=255.255.255.128
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth1:MAIL ip=194.182.87.98 bcast=194.182.87.127 
netmask=255.255.255.128
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth1:VIDEO ip=194.182.87.121 bcast=194.182.87.127 
netmask=255.255.255.128
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth4:GADM ip=10.3.2.1 bcast=10.3.3.255 netmask=255.255.254.0
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth4 ip=10.3.2.250 bcast=10.3.3.255 netmask=255.255.254.0
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth3 ip=10.3.16.1 bcast=10.3.31.255 netmask=255.255.240.0
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface eth2 ip=10.3.255.1 bcast=10.3.255.255 netmask=255.255.255.0
[2009/01/14 20:28:10,  2] lib/interface.c:add_interface(337)
  added interface tap0 ip=10.8.0.1 bcast=10.8.0.255 netmask=255.255.255.0
[2009/01/14 20:28:10,  4] libads/dns.c:ads_dns_lookup_ns(620)
  ads_dns_lookup_ns: 1 records returned in the answer section.
DNS update failed!
[2009/01/14 20:28:10,  2] utils/net.c:main(1172)
  return code = 0




Med Venlig Hilsen / Best regards

Henrik Dige Semark

T?v dine venner i retro spillet UNO med Windows Live Messenger. Start spillet 
her!
_
Spil det nye spil Atomic Subattle med dine venner i Windows Live Messenger
http://www2.messengerplayground.dk/spil/84--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] RE: return codes ?

[Henrik Dige Semark]

Never mind I forgot to start the winbindd in daemon mode :P sorry 



Med Venlig Hilsen / Best regards

Henrik Dige Semark



 From: hendig...@hotmail.com
 To: samba@lists.samba.org
 Date: Wed, 14 Jan 2009 20:00:30 +
 Subject: [Samba] RE: return codes ?
 
 
 
 
 
 
 Hey I have just installed Samba 3.2.7 on my Debian 4.0 with compile.
 
 But I'm trying to to join my Windows AD, and samba returns 
 
 Using short domain name -- UNDERVISNING 
 Joined 'MAIL' to realm 'UNDERVISNING.LOCAL'
 return code = 0 
 
 First I got 
 
 return code = -1 I just assumed that this was bad, so I powered on, but now I 
 get return code = 0 but I still can't get any user info out of my AD
 
 is this a good thing ? ore what is return code = 0 means ?
 
 
 My debug:
 net ads join -U Administrator --debuglevel=10 --long
 
 [2009/01/14 20:28:02,  5] lib/debug.c:debug_dump_status(407)
   INFO: Current debug levels:
 all: True/10
 tdb: False/0
 printdrivers: False/0
 lanman: False/0
 smb: False/0
 rpc_parse: False/0
 rpc_srv: False/0
 rpc_cli: False/0
 passdb: False/0
 sam: False/0
 auth: False/0
 winbind: False/0
 vfs: False/0
 idmap: False/0
 quota: False/0
 acls: False/0
 locking: False/0
 msdfs: False/0
 dmapi: False/0
 registry: False/0
 [2009/01/14 20:28:02,  3] param/loadparm.c:lp_load_ex(8753)
   lp_load_ex: refreshing parameters
 [2009/01/14 20:28:02,  3] param/loadparm.c:init_globals(4597)
   Initialising global parameters
 [2009/01/14 20:28:02,  3] param/params.c:pm_process(569)
   params.c:pm_process() - Processing configuration file 
 /usr/local/samba/lib/smb.conf
 [2009/01/14 20:28:02,  3] param/loadparm.c:do_section(7416)
   Processing section [global]
   doing parameter server string = Debian 4.0 - Samba %v - BDC
   doing parameter netbios name = mail
 [2009/01/14 20:28:02,  4] param/loadparm.c:handle_netbios_name(6764)
   handle_netbios_name: set global_myname to: MAIL
   doing parameter workgroup = UNDERVISNING
   doing parameter Inherit permissions = yes
   doing parameter Inherit owner = yes
   doing parameter security = ADS
   doing parameter idmap uid = 500-1000
   doing parameter idmap gid = 500-1000
   doing parameter template shell = /bin/bash
   doing parameter winbind use default domain = yes
   doing parameter winbind separator = %
   doing parameter winbind enum users = yes
   doing parameter winbind enum groups = yes
   doing parameter template homedir = /home/%D/%U
   doing parameter client use spnego = yes
   doing parameter password server = bgdc.birke-gym.dk
   doing parameter encrypt passwords = Yes
   doing parameter realm = UNDERVISNING.LOCAL
   doing parameter wins server = bgdc.birke-gym.dk
   doing parameter nt acl support = true
   doing parameter os level = 255
   doing parameter preferred master = no
   doing parameter domain master = no
   doing parameter local master = no
   doing parameter domain logons = no
   doing parameter hide special files = Yes
   doing parameter hide unreadable = Yes
   doing parameter disable netbios = yes
   doing parameter name resolve order = wins lmhosts hosts bcast
   doing parameter log level = 10
   doing parameter log file = /var/log/samba/UNDERVISNING
 [2009/01/14 20:28:02,  4] param/loadparm.c:lp_load_ex(8797)
   pm_process() returned Yes
 [2009/01/14 20:28:02,  7] param/loadparm.c:lp_servicenumber(9002)
   lp_servicenumber: couldn't find homes
 [2009/01/14 20:28:02, 10] param/loadparm.c:set_server_role(7975)
   set_server_role: role = ROLE_DOMAIN_MEMBER
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UCS-2LE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UCS-2LE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UTF-16LE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UTF-16LE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UCS-2BE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UCS-2BE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UTF-16BE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UTF-16BE
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UTF8
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UTF8
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset UTF-8
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset UTF-8
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(104)
   Attempting to register new charset ASCII
 [2009/01/14 20:28:02,  5] lib/iconv.c:smb_register_charset(112)
   Registered charset ASCII

RE: [Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

 to bgdc.undervisning.local
[2009/01/09 19:12:41,  3] lib/util_sock.c:interpret_string_addr_internal(122)
  interpret_string_addr_internal: getaddrinfo failed for name 
bgdc.undervisning.local [Name or service not known]
[2009/01/09 19:12:41,  3] lib/util_sock.c:interpret_addr(158)
  interpret_addr: Unknown host. bgdc.undervisning.local
[2009/01/09 19:12:41,  1] libads/cldap.c:recv_cldap_netlogon(156)
  no reply received to cldap netlogon
[2009/01/09 19:12:41,  1] libnet/libnet_join.c:libnet_Join(1801)
  libnet_Join:
  libnet_JoinCtx: struct libnet_JoinCtx
  out: struct libnet_JoinCtx
  account_name : NULL
  netbios_domain_name  : NULL
  dns_domain_name  : NULL
  dn   : NULL
  domain_sid   : NULL
  domain_sid   : (NULL SID)
  modified_config  : 0x00 (0)
  error_string : 'failed to find DC for domain 
UNDERVISNING.LOCAL'
  domain_is_ad : 0x00 (0)
  result   : WERR_DOMAIN_CONTROLLER_NOT_FOUND
[2009/01/09 19:12:41, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/share/samba/da_DK:da:en_GB:en.msg: No such file or 
directory
Failed to join domain: failed to find DC for domain UNDERVISNING.LOCAL
[2009/01/09 19:12:41,  2] utils/net.c:main(1172)
  return code = -1


# nslookup undervisning.local
Server:10.3.17.1
Address:10.3.17.1#53

Name:undervisning.local
Address: 10.3.17.8
Name:undervisning.local
Address: 10.3.17.1

# nslookup bgdc.undervisning.local
Server:10.3.17.1
Address:10.3.17.1#53

Name:bgdc.undervisning.local
Address: 10.3.17.1

BTW. I have updated my SMB to version 3.2.7 with LDAP and ADS support



Med Venlig Hilsen / Best regards

Henrik Dige Semark



From: hendig...@hotmail.com
To: ag...@aeso.ca; samba@lists.samba.org
Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 22:42:44 +








I don't know way my last mail did not got posted, but now I have add my domains 
to my resolv.conf

mail:~# nslookup undervisning.local
Server: 10.3.17.1
Address:10.3.17.1#53

Name:   undervisning.local
Address: 10.3.17.1
Name:   undervisning.local
Address: 10.3.17.8

nslookup bgdc.undervisning.local
Server: 10.3.17.1
Address:10.3.17.1#53

Name:   bgdc.undervisning.local
Address: 10.3.17.1

But its still the same error when I try to join the debian with Win2k3 domain

[2009/01/08 23:39:30, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations error
[2009/01/08 23:39:30, 2] utils/net.c:main(988)
  return code = -1

I might think that its my anonymous user on the win-server that isen't 
configured right as Avron said in the first mail 
(https://bugzilla.samba.org/show_bug.cgi?id=4771)




Med Venlig Hilsen / Best regards

Henrik Dige Semark



 Subject: RE: [Samba] Samba + Windows 2003 AD
 Date: Thu, 8 Jan 2009 10:59:06 -0700
 From: ag...@aeso.ca
 To: hendig...@hotmail.com; samba@lists.samba.org
 
 I have two domains. One is production and one is development.
 - - - - - - 
 Development domain:
 bash-2.05# cat /etc/resolv.conf
 domain dev.ca
 search dev.ca
 nameserver yyy.yyy.yyy.xx
 nameserver yyy.yyy.yyy.yy
  
 bash-2.05# ping -I 1 dev.ca
 PING dev.ca: 56 data bytes
 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms
 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms
 ^C
 - - - - - -  
 Production domain:
 bash-2.05# cat /etc/resolv.conf
 doamin prod.ca
 search prod.ca
 nameserver xxx.xxx.xxx.xx
 nameserver xxx.xxx.xxx.yy
 
 bash-2.05# ping -I 1 prod.ca
 PING prod.ca: 56 data bytes
 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms
 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms
 ^C
 - - - - - - 
 I have one host that sees BOTH domains:
 # cat /etc/resolv.conf
 doamin dev.ca
 search dev.ca prod.ca
 
 nameserver yyy.yyy.yyy.xx
 nameserver yyy.yyy.yyy.yy
 nameserver xxx.xxx.xxx.xx
 
 bash-2.05# ping -I 1 dev.ca
 PING dev.ca: 56 data bytes
 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms
 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms
 ^C
  
 bash-2.05# ping -I 1 prod.ca
 PING prod.ca: 56 data bytes
 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms
 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms
 ^C
 - - - - - - 
 
 Can you ping XXX.UNDERVISNING.LOCAL by IP address? Can you nslookup
 XXX.UNDERVISNING.LOCAL?
 
 - Avron

_
Del dine billeder med alle vennerne med Windows Live Photo Gallery.
http://download.live.com/photogallery--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

   SeDebugPrivilege
   SeSystemEnvironmentPrivilege
   SeLoadDriverPrivilege
   SeImpersonatePrivilege
   SeEnableDelegationPrivilege

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.


==
 
 
 
Windows Server Event - [23:01:34]
 
User Logoff:
User Name:BGDC$
Domain:UNDERVISNING
Logon ID:(0x0,0x1C82893) 
Logon Type:3

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.


--
 
My klist:
===
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administra...@undervisning.local
 
Valid starting ExpiresService principal
01/04/09 16:36:47  01/04/09 23:16:47  
krbtgt/undervisning.lo...@undervisning.local
 
 
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
 
--
 
smb.conf
===
cat /etc/samba/smb.conf | grep -v #
[global]
dos charset = ASCII
display charset = ASCII
workgroup = UNDERVISNING
realm = UNDERVISNING.LOCAL
server string = Debian 4.0 - Samba %v - BDC
security = ADS
password server = bgdc.birke-gym.dk
log level = 10
log file = /var/log/samba/UNDERVISNING
disable netbios = Yes
name resolve order = wins lmhosts hosts bcast
os level = 1000
preferred master = No
local master = No
domain master = No
wins server = bgdc.birke-gym.dk
idmap uid = 500-1000
idmap gid = 500-1000
template shell = /bin/bash
winbind separator = %
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
inherit permissions = Yes
inherit owner = Yes
hide special files = Yes
hide unreadable = Yes

[homes]
comment = Home Directories
valid users = %U
read only = No
browseable = No

--
 
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section [homes]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
^C
 
--
 
krb5.conf
==
 
[logging]
default = FILE:/var/log/krb5libs.log
#kdc = FILE:/var/log/krb5kdc.log
#admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
ticket_lifetime = 24000
default_realm = UNDERVISNING.LOCAL
 
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
 
[realms]
# Birke-gym.dk =
UNDERVISNING.LOCAL = {
kdc = bgdc.birke-gym.dk
admin_server = bgdc.birke-gym.dk
default_domain = UNDERVISNING.LOCAL
}
 
[domain_realm]
.undervisning.local = UNDERVISNING.LOCAL
undervisning.local = UNDERVISNING.LOCAL
 
[login]
krb4_convert = true
krb4_get_tickets = false
 
--
 
# cat /etc/hosts
127.0.0.1 localhost mail
127.0.1.1 mail.birke-gym.dk mail

10.3.17.1 bgdc.birke-gym.dk bgdc

--

Any suggestion ?

And how mutch do I have to setup on the Windows Server ? I have createt a krb. 
trust on it and I use the pass I gave there, but is there more I have to set ?

Sorry for my bad english, and if there is anything plz feel free to write, all 
help is resived with love 


Med Venlig Hilsen / Best regards
Henrik Dige Semark
_
Del dine billeder med alle vennerne med Windows Live Photo Gallery.
http://download.live.com/photogallery--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

Sorry to Avron for sending my answer
direct
and not over the groupe :)










Hey thanx for the quick
answer :)

When I try the net ads testjoin its not very
informative :P

# net ads testjoin 

ma...@undervisning.local's password:
[2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations error
Join to domain is not valid


I have also tried wbinfo
--all-domains but it can't see the domain I try to connect to, will
this say that my smb.conf I rung in some point ?
I have an older SMB witch
is running a Domain it self, and it can see the domain when I run
this command




Med Venlig Hilsen / Best regards

Henrik Dige Semark



 Subject: RE: [Samba] Samba + Windows 2003 AD
 Date: Thu, 8 Jan 2009 09:25:47 -0700
 From: ag...@aeso.ca
 To: hendig...@hotmail.com; samba@lists.samba.org
 
 Have you run:
 net ads testjoin
 
 Does it say Join is OK?
 
 
 This might not be related... 
 
 I had to compile samba 3.0.33 to get around a Windows Domain restriction
 issue:
 https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
 if the \NETLOGON pipe is opened up on the Windows AD server, the join
 works fine. As soon as it is restricted via domain policies, it
 restricts anonymous access to the ports. As soon as this happens, we are
 unable to complete a net join ads successfully.
 
 - Avron
 
 -Original Message-
 From: samba-bounces+agray=aeso...@lists.samba.org
 [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik
 Dige Semark
 Sent: Thursday, January 08, 2009 9:13 AM
 To: Samba list
 Subject: [Samba] Samba + Windows 2003 AD
 
 
 Hey, I don't know if this is the right list to ask this question in, but
 I have tried on the IRC (irc.freenode.net #samba) and people on there
 advised me to try here instead.
 
 
 I have: 
 Debian 4.0r4
 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1
 krb5 Version 1.4.4-7etch6
 Kernel Version 2.6.18-6-amd64
 
 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1
 
 
 --
 
 When I try to connect my samba to the DC I get this output:
 
 # net ads join -U Administrator --debuglevel=10
 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391)
   INFO: Current debug levels:
 all: True/10
 tdb: False/0
 printdrivers: False/0
 lanman: False/0
 smb: False/0
 rpc_parse: False/0
 rpc_srv: False/0
 rpc_cli: False/0
 passdb: False/0
 sam: False/0
 auth: False/0
 winbind: False/0
 vfs: False/0
 idmap: False/0
 quota: False/0
 acls: False/0
 locking: False/0
 msdfs: False/0
 dmapi: False/0
 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
   lp_load: refreshing parameters
 [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418)
   Initialising global parameters
 [2009/01/08 17:10:15, 3] param/params.c:pm_process(572)
   params.c:pm_process() - Processing configuration file
 /etc/samba/smb.conf
 [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695)
   Processing section [global]
   doing parameter server string = Debian 4.0 - Samba %v - BDC
   doing parameter netbios name = mail
 [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053)
   handle_netbios_name: set global_myname to: MAIL
   doing parameter workgroup = UNDERVISNING
   doing parameter display charset = ASCII
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UCS-2LE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UCS-2LE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UTF-16LE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UTF-16LE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UCS-2BE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UCS-2BE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UTF-16BE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UTF-16BE
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UTF8
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UTF8
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset UTF-8
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset UTF-8
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset ASCII
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
   Registered charset ASCII
 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
   Attempting to register new charset 646
 [2009/01/08 17:10:15, 5] lib

RE: [Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

How can I ping
UNDERVISNING.LOCAL when its just the domain ? the windows server that
runs the domain is bgdc.birke-gym.dk and I can ping that just fine 



My resolv.conf
---
search birke-gym.dk
nameserver 127.0.0.1


My nsswitch.conf
---
passwd: files winbind compat
group:  files winbind compat
shadow: files winbind compat

hosts:  files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:   files

protocols:  files winbind db files
services:   files winbind db files

ethers: db files
rpc:db files

netgroup:   files winbind nis
automount:  files winbind

is I'm missing something ?



Med Venlig Hilsen / Best regards

Henrik Dige Semark



Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 09:54:22 -0700
From: ag...@aeso.ca
To: hendig...@hotmail.com










Can you :
ping -I 1 UNDERVISNING.LOCAL
 
No? Check resolv.conf or nsswitch.conf
 
(I have a SUN Solaris background - not much 
Debian)
 
For more help, please include samba@lists.samba.org in to: or 
cc:
 
Good luck (held og lykke)! 
(Sorry, I don't speak Danish... )
 
- Avron



From: Henrik Dige Semark [mailto:hendig...@hotmail.com] 

Sent: Thursday, January 08, 2009 9:48 AM
To: Avron 
Gray
Subject: RE: [Samba] Samba + Windows 2003 AD






Hey thanx for the quick answer 
:)

When I try the net ads testjoin its not very informative :P

# 
net ads testjoin ma...@undervisning.local's password:
[2009/01/08 
17:39:52, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations 
error
Join to domain is not valid





I have also tried wbinfo --all-domains 
but it can't see the domain I try to connect to, will this say that my smb.conf 
I rung in some point ?



I have an older SMB witch is running a 
Domain it self, and it can see the domain when I run this command
 

Med Venlig Hilsen / Best regards 
Henrik Dige Semark



 
Subject: RE: [Samba] Samba + Windows 2003 AD
 Date: Thu, 8 Jan 2009 
09:25:47 -0700
 From: ag...@aeso.ca
 To: hendig...@hotmail.com; 
samba@lists.samba.org
 
 Have you run:
 net ads 
testjoin
 
 Does it say Join is OK?
 
 
 
This might not be related... 
 
 I had to compile samba 3.0.33 to 
get around a Windows Domain restriction
 issue:
 
https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
 
if the \NETLOGON pipe is opened up on the Windows AD server, the join
 
works fine. As soon as it is restricted via domain policies, it
 
restricts anonymous access to the ports. As soon as this happens, we are
 
unable to complete a net join ads successfully.
 
 - Avron
 

 -Original Message-
 From: 
samba-bounces+agray=aeso...@lists.samba.org
 
[mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik
 
Dige Semark
 Sent: Thursday, January 08, 2009 9:13 AM
 To: Samba 
list
 Subject: [Samba] Samba + Windows 2003 AD
 
 
 
Hey, I don't know if this is the right list to ask this question in, but
 
I have tried on the IRC (irc.freenode.net #samba) and people on there
 
advised me to try here instead.
 
 
 I have: 
 
Debian 4.0r4
 Samba version 3.0.24 - mail.birke-gym.dk - 
10.3.16.1
 krb5 Version 1.4.4-7etch6
 Kernel Version 
2.6.18-6-amd64
 
 A Windows Server 2003 SP2 with AD/DC - 
bgdc.birke-gym.dk - 10.3.17.1
 
 

 
--
 
 When I try to connect my samba to the DC I get 
this output:
 
 # net ads join -U Administrator 
--debuglevel=10
 [2009/01/08 17:10:15, 5] 
lib/debug.c:debug_dump_status(391)
 INFO: Current debug levels:
 
all: True/10
 tdb: False/0
 printdrivers: False/0
 lanman: 
False/0
 smb: False/0
 rpc_parse: False/0
 rpc_srv: 
False/0
 rpc_cli: False/0
 passdb: False/0
 sam: 
False/0
 auth: False/0
 winbind: False/0
 vfs: 
False/0
 idmap: False/0
 quota: False/0
 acls: 
False/0
 locking: False/0
 msdfs: False/0
 dmapi: 
False/0
 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
 
lp_load: refreshing parameters
 [2009/01/08 17:10:15, 3] 
param/loadparm.c:init_globals(1418)
 Initialising global 
parameters
 [2009/01/08 17:10:15, 3] 
param/params.c:pm_process(572)
 params.c:pm_process() - Processing 
configuration file
 /etc/samba/smb.conf
 [2009/01/08 17:10:15, 
3] param/loadparm.c:do_section(3695)
 Processing section 
[global]
 doing parameter server string = Debian 4.0 - Samba %v - 
BDC
 doing parameter netbios name = mail
 [2009/01/08 17:10:15, 4] 
param/loadparm.c:handle_netbios_name(3053)
 handle_netbios_name: set 
global_myname to: MAIL
 doing parameter workgroup = UNDERVISNING
 
doing parameter display charset = ASCII
 [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(105)
 Attempting to register new charset 
UCS-2LE
 [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
 Registered charset UCS-2LE
 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
 
Attempting to register new charset UTF-16LE
 [2009/01/08 17:10:15, 5] 
lib

RE: [Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

Im trying to join a already
existing Windows Domain :)



Med Venlig Hilsen / Best regards

Henrik Dige Semark



 Subject: RE: [Samba] Samba + Windows 2003 AD
 Date: Thu, 8 Jan 2009 10:22:05 -0700
 From: ag...@aeso.ca
 To: hendig...@hotmail.com; samba@lists.samba.org
 
 Are you trying to join an existing Windows domain? Or create a new domain?
 
 - Avron
 
 -Original Message-
 From: samba-bounces+agray=aeso...@lists.samba.org 
 [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige 
 Semark
 Sent: Thursday, January 08, 2009 10:16 AM
 To: Samba list
 Subject: RE: [Samba] Samba + Windows 2003 AD
 
 
 
 How can I ping
 UNDERVISNING.LOCAL when its just the domain ? the windows server that runs 
 the domain is bgdc.birke-gym.dk and I can ping that just fine 
 
 
 
 My resolv.conf
 ---
 search birke-gym.dk
 nameserver 127.0.0.1
 
 
 My nsswitch.conf
 ---
 passwd: files winbind compat
 group:  files winbind compat
 shadow: files winbind compat
 
 hosts:  files mdns4_minimal [NOTFOUND=return] dns mdns4
 networks:   files
 
 protocols:  files winbind db files
 services:   files winbind db files
 
 ethers: db files
 rpc:db files
 
 netgroup:   files winbind nis
 automount:  files winbind
 
 is I'm missing something ?
 
 
 
 Med Venlig Hilsen / Best regards
 
 Henrik Dige Semark
 
 
 
 Subject: RE: [Samba] Samba + Windows 2003 AD
 Date: Thu, 8 Jan 2009 09:54:22 -0700
 From: ag...@aeso.ca
 To: hendig...@hotmail.com
 
 
 
 
 
 
 
 
 
 
 Can you :
 ping -I 1 UNDERVISNING.LOCAL
  
 No? Check resolv.conf or nsswitch.conf
  
 (I have a SUN Solaris background - not much
 Debian)
  
 For more help, please include samba@lists.samba.org in to: or
 cc:
  
 Good luck (held og lykke)! 
 (Sorry, I don't speak Danish... )
  
 - Avron
 
 
 
 From: Henrik Dige Semark [mailto:hendig...@hotmail.com] 
 
 Sent: Thursday, January 08, 2009 9:48 AM
 To: Avron
 Gray
 Subject: RE: [Samba] Samba + Windows 2003 AD
 
 
 
 
 
 
 Hey thanx for the quick answer 
 :)
 
 When I try the net ads testjoin its not very informative :P
 
 # 
 net ads testjoin ma...@undervisning.local's password:
 [2009/01/08 
 17:39:52, 0] utils/net_ads.c:ads_startup(289)
   ads_connect: Operations 
 error
 Join to domain is not valid
 
 
 
 
 
 I have also tried wbinfo --all-domains 
 but it can't see the domain I try to connect to, will this say that my 
 smb.conf 
 I rung in some point ?
 
 
 
 I have an older SMB witch is running a 
 Domain it self, and it can see the domain when I run this command
  
 
 Med Venlig Hilsen / Best regards 
 Henrik Dige Semark
 
 
 
  
 Subject: RE: [Samba] Samba + Windows 2003 AD
  Date: Thu, 8 Jan 2009 
 09:25:47 -0700
  From: ag...@aeso.ca
  To: hendig...@hotmail.com; 
 samba@lists.samba.org
  
  Have you run:
  net ads 
 testjoin
  
  Does it say Join is OK?
  
  
  
 This might not be related... 
  
  I had to compile samba 3.0.33 to 
 get around a Windows Domain restriction
  issue:
  
 https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
  
 if the \NETLOGON pipe is opened up on the Windows AD server, the join
  
 works fine. As soon as it is restricted via domain policies, it
  
 restricts anonymous access to the ports. As soon as this happens, we are
  
 unable to complete a net join ads successfully.
  
  - Avron
  
 
  -Original Message-
  From: 
 samba-bounces+agray=aeso...@lists.samba.org
  
 [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik
  
 Dige Semark
  Sent: Thursday, January 08, 2009 9:13 AM
  To: Samba 
 list
  Subject: [Samba] Samba + Windows 2003 AD
  
  
  
 Hey, I don't know if this is the right list to ask this question in, but
  
 I have tried on the IRC (irc.freenode.net #samba) and people on there
  
 advised me to try here instead.
  
  
  I have: 
  
 Debian 4.0r4
  Samba version 3.0.24 - mail.birke-gym.dk - 
 10.3.16.1
  krb5 Version 1.4.4-7etch6
  Kernel Version 
 2.6.18-6-amd64
  
  A Windows Server 2003 SP2 with AD/DC - 
 bgdc.birke-gym.dk - 10.3.17.1
  
  
 
  
 --
  
  When I try to connect my samba to the DC I get 
 this output:
  
  # net ads join -U Administrator 
 --debuglevel=10
  [2009/01/08 17:10:15, 5] 
 lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
  
 all: True/10
  tdb: False/0
  printdrivers: False/0
  lanman: 
 False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: 
 False/0
  rpc_cli: False/0
  passdb: False/0
  sam: 
 False/0
  auth: False/0
  winbind: False/0
  vfs: 
 False/0
  idmap: False/0
  quota: False/0
  acls: 
 False/0
  locking: False/0
  msdfs: False/0
  dmapi: 
 False/0
  [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
  
 lp_load: refreshing parameters
  [2009/01/08 17:10:15, 3] 
 param/loadparm.c:init_globals(1418)
  Initialising global 
 parameters
  [2009/01/08 17:10:15, 3

RE: [Samba] Samba + Windows 2003 AD

[Henrik Dige Semark]

When I run 
mail:~#
ping -I eth3 bgdc.birke-gym.dk
PING bgdc.birke-gym.dk (10.3.17.1)
from 10.3.16.1 eth3: 56(84) bytes of data.
64 bytes from
bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.142 ms
64
bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128
time=0.230 ms

but if I just type:
mail:~# ping -I eth3
birke-gym.dk
ping: unknown host birke-gym.dk

and no, I cant
ping anything with XXX.UNDERVISNING.LOCAL

How do I set this up
in my resolv.conf ?



If it's possible can you
then post your resolv.conf ? Solaris an Debian is much alike :P



Med Venlig Hilsen / Best regards
 Henrik Dige Semark



Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 10:36:51 -0700
From: ag...@aeso.ca
To: hendig...@hotmail.com; samba@lists.samba.org










Is the name of the existing Windows Domain 
UNDERVISNING.LOCAL?

 
On my 
host:
tstsmb08|/#ping -I 1 domain.ca
PING domain.ca: 56 
data bytes
64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 
ms
64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 
ms
^C
 
Now, if you run:
ping -I 1 birke-gym.dk
the domain controller should respond
 
 
Can you ping any hosts on the undervisning.local 
domain?
ie:
ping -I 1 hostname1.undervisning.local

ping -I 1 
hostname2.undervisning.local
 
 
- Avron


 




From: Henrik Dige Semark [mailto:hendig...@hotmail.com] 

Sent: Thursday, January 08, 2009 10:24 AM
To: Avron Gray; 
Samba list
Subject: RE: [Samba] Samba + Windows 2003 
AD


Im trying to join a 


already existing Windows Domain :)


 Med Venlig Hilsen / Best 
regards 
Henrik Dige Semark



 Subject: RE: [Samba] Samba + 
Windows 2003 AD
 Date: Thu, 8 Jan 2009 10:22:05 -0700
 From: 
ag...@aeso.ca
 To: hendig...@hotmail.com; samba@lists.samba.org
 

 Are you trying to join an existing Windows domain? Or create a new 
domain?
 
 - Avron
 
 -Original 
Message-
 From: samba-bounces+agray=aeso...@lists.samba.org 
[mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige 
Semark
 Sent: Thursday, January 08, 2009 10:16 AM
 To: Samba 
list
 Subject: RE: [Samba] Samba + Windows 2003 AD
 
 

 
 How can I ping
 UNDERVISNING.LOCAL when its just the 
domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can 
ping that just fine 
 
 
 
 My resolv.conf
 
---
 search birke-gym.dk
 nameserver 127.0.0.1
 

 
 My nsswitch.conf
 ---
 passwd: files 
winbind compat
 group: files winbind compat
 shadow: files winbind 
compat
 
 hosts: files mdns4_minimal [NOTFOUND=return] dns 
mdns4
 networks: files
 
 protocols: files winbind db 
files
 services: files winbind db files
 
 ethers: db 
files
 rpc: db files
 
 netgroup: files winbind nis
 
automount: files winbind
 
 is I'm missing something ?
 

 
 
 Med Venlig Hilsen / Best regards
 
 
Henrik Dige Semark
 
 
 
 Subject: RE: [Samba] Samba 
+ Windows 2003 AD
 Date: Thu, 8 Jan 2009 09:54:22 -0700
 From: 
ag...@aeso.ca
 To: hendig...@hotmail.com
 
 
 

 
 
 
 
 
 
 
 Can you 
:
 ping -I 1 UNDERVISNING.LOCAL
 
 No? Check resolv.conf or 
nsswitch.conf
 
 (I have a SUN Solaris background - not 
much
 Debian)
 
 For more help, please include 
samba@lists.samba.org in to: or
 cc:
 
 Good luck (held og 
lykke)! 
 (Sorry, I don't speak Danish... )
 
 - 
Avron
 
 
 
 From: Henrik Dige Semark 
[mailto:hendig...@hotmail.com] 
 
 Sent: Thursday, January 08, 
2009 9:48 AM
 To: Avron
 Gray
 Subject: RE: [Samba] Samba + 
Windows 2003 AD
 
 
 
 
 
 
 
Hey thanx for the quick answer 
 :)
 
 When I try the net 
ads testjoin its not very informative :P
 
 # 
 net ads 
testjoin ma...@undervisning.local's password:
 [2009/01/08 
 
17:39:52, 0] utils/net_ads.c:ads_startup(289)
 ads_connect: Operations 

 error
 Join to domain is not valid
 
 
 

 
 
 I have also tried wbinfo --all-domains 
 but 
it can't see the domain I try to connect to, will this say that my smb.conf 

 I rung in some point ?
 
 
 
 I have an 
older SMB witch is running a 
 Domain it self, and it can see the domain 
when I run this command
  
 
 Med Venlig Hilsen / Best 
regards 
 Henrik Dige Semark
 
 
 
  

 Subject: RE: [Samba] Samba + Windows 2003 AD
  Date: Thu, 8 
Jan 2009 
 09:25:47 -0700
  From: ag...@aeso.ca
  
To: hendig...@hotmail.com; 
 samba@lists.samba.org
  
 
 Have you run:
  net ads 
 testjoin
  
 
 Does it say Join is OK?
  
  
  
 
This might not be related... 
  
  I had to compile samba 
3.0.33 to 
 get around a Windows Domain restriction
  
issue:
  
 https://bugzilla.samba.org/show_bug.cgi?id=4771 The 
bug indicates that
  
 if the \NETLOGON pipe is opened up on 
the Windows AD server, the join
  
 works fine. As soon as it 
is restricted via domain policies, it
  
 restricts anonymous 
access to the ports. As soon as this happens, we are
  
 
unable to complete a net join ads successfully.
  
  - 
Avron
  
 
  -Original Message-
 
 From: 
 samba-bounces+agray=aeso...@lists.samba.org
  

 [mailto:samba-bounces+agray=aeso

[Samba] HELP: Samba + Windows Server 2003 SP2 AD/DC

[Henrik Dige Semark]

 there, but is there more I have to set ?

Sorry for my bad english, and if there is anything plz feel free to write, all 
help is resived with love 


Med Venlig Hilsen / Best regards
Henrik Dige Semark


_
Spil det nye spil Atomic Subattle med dine venner i Windows Live Messenger
http://www2.messengerplayground.dk/spil/84--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba