RE: [Samba] NTUSER.DAT
NTUSER.DAT is the running registry file for the user logged onto the machine. Each user instance creates a new NTUSER.DAT file located in the profile directory. While the user is logged into the machine you will NOT be able to copy this file, nor will you be able to copy it after logging the user off the machine (if administrator) since the file will still be locked. So what to do, I would assume you are wanting to create a form of roaming profile for your Administrator account... 1 - Create a new administrator user on the local machine for the server, make sure this user is a member of the administrator group. 2 - Reboot the server and log on as your new local admin user. 3 - At this point in time you can access the c:\Documents and Settings\%username% that you want and you should be able to copy all contents of the users profile including NTUSER.DAT file. There are tools: USMT (User State Migration Tool) and FSTW (Files and Settings Transfer Wizard) from Microsoft that you can use. Check out the Resource Kit for the OS you are using. Great stuff. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Richards Sent: Monday, March 20, 2006 11:09 AM To: samba@lists.samba.org Subject: Re: [Samba] NTUSER.DAT Hiya, I have never tried to copy the NTUSER.DAT file before but if i would need to i would go about it by either using the recovery console, by putting the drive in another windows pc or by using the ntfs fs module on linux. Have you tired any of these methods ? Matt. I am attempting to get a copy of NTUSER.DAT so that I can put it on my Samba3 PDC server. Everything I have tried has resulted in a sharing violation error. All of these xcopy /h, copy and ftp have failed. Those of you who successfully copied it, how did you go about getting a copy so you could put it on your Samba3 PDC server? The NTUSER.DAT file is located on a Windows 2000 PDC server. Thanks, Guru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem at include a machine in domain
Is the sambaSAMAcount information included in the Machine Account being created or joined to the domain? James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Higuti Sent: Friday, March 17, 2006 6:03 AM To: samba@lists.samba.org Subject: [Samba] Problem at include a machine in domain Hello guys! My name its Stephan and i'm from Brazil , so sorry for my bad english. I'm configuring a Samba how a PDC in my network... working with OpenLdap. I'm using Slackware 10.2 (Default Kernel, 2.4) Samba 3.0.21c slapd 2.3.19. smbdap-tools. When i include a machine in my domain for smbldap-tools , its all right. But when i try to include tha machine for windows (for the clients) , show the message Logon fail: Wrong username or incorrect password., in the smba log show this. [EMAIL PROTECTED]:/var/log/samba# cat ajax.log [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:24, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:25, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2170) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2006/03/17 11:01:26, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2415) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w ajax$' gave 9 Anybody can help me? Thanks! Stephan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
Cool, will post on your wiki... -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:58 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP #1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain authentification problem with LDAP
Just reported it to IDEALX. My IE Client did not show the convert to English function but when you made the comment I swiped my mouse over the screen and it showed me the link. I should load Mozilla on this box. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 11:27 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP You still should report the problem and your 'fix' to wherever you got the smbldap-tools package from, be it your distribution or idealx.com FWIW, I have never seen this issue myself and while I generally use tools other than idealx to manage users/groups, I do add machines on the fly which does use the idealx script to accomplish and is the discussion item...adding machine accounts and getting the proper attributes. This of course does require a properly configured smbldap-tools configuration for both 'binding' to LDAP and for attributes, the configuration of which has been split into 2 files for some time now. Idealx.com - as I said, the 'English flag' button at the top right takes you to their English language site. As for the wiki - that belongs to you - the users - we just try to maintain some semblance of order. Craig On Fri, 2006-03-17 at 11:03 -0800, James Taylor wrote: Cool, will post on your wiki... -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:58 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP #1 - click on the 'English flag' button - et voila, English #2 - you should at least state which smbldap-tools you are speaking of that you have fixed so others have a chance to compare and where you got it from, idealx.com or from your distribution, and report the issue to the place where it came from. #3 - people are likely to ask you for if they are struggling and they don't know why and you authoritatively suggest that your solution will fix things for them. I think we had a very recent issue where that wasn't the problem but the problem lied in his pam/ldap.conf. #4 - suggesting that people do a complete replace the file that came packaged with their system by one that you have modified doesn't seem like the best solution at all...you could offer a 'patch' which should throw up an alert if the file looks different or just the suggestions about where you have modified the code and why...in fact, we have a wiki for that kind of stuff now... http://wiki.samba.org Craig On Fri, 2006-03-17 at 10:22 -0800, James Taylor wrote: I know that the last 2 versions of the script I am working with are missing this function when using the -w switch (as documented) it will NOT add the sambaSAMAccount information. I have had several users also request a copy of this script from me solving their problems with a similar issue. It seems very odd that there are so many similar issues lately on the posts concerning the (I can't connect to the Domain). Had it not been for the fact I decided to look at the script itself I would not have found this problem. Going to the IDEALX site I would love to send them comments but as my French is very minimal not too sure where to go. Thanks James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 10:09 AM To: James Taylor Cc: 'Daniel Tousignant'; samba@lists.samba.org Subject: RE: [Samba] Domain authentification problem with LDAP James - this is the second time you have made that reference to the smbldap-useradd script. There have been a lot and lot of versions of the smbldap-tools and perhaps the version that you are looking at is missing something like that but I assure you that most versions aren't. Craig On Fri, 2006-03-17 at 10:03 -0800, James Taylor wrote: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login
RE: [Samba] Domain authentification problem with LDAP
It could be ACL's but I am wondering how your /etc/ldap.conf file looks. Also, does the Domain Users group have the sambaGroupMapping objectClass? Also is it associated with the right samba Domain under the sambaSID? Otherwise the domain won't refer to that group. James -Original Message- From: Daniel Tousignant [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 12:08 PM To: James Taylor Cc: samba@lists.samba.org Subject: Re: [Samba] Domain authentification problem with LDAP The objectclass sambaSAMAccount and subsequent fields have been created. We are using the standard perl script tools that are installed with the mandriva 2006 distro (samba 3.0.13 and openldap 2.3.6). What I really do not understand is that if I put a user in the standard ldap group Domain Admins (gid=512), the user is able to logon to the domain, but not when it is in the Domain Users group (gid=513). What is the big difference for Samba between the two's ? Can it be an ACL problems ? James Taylor [EMAIL PROTECTED] a écrit: The LDAP users you have created (including the machines) need to have the objectclass: sambaSAMAccount and the subsequent fields. What are your user add scripts and machine add scripts you are using. Also, I have found that the IDEALX tools have an error in the smbldap-useradd script which includes that when you use the add machine switch the sambaSAMAccount information is not added to the LDAP database. I do have a copy of this modified file if you need it. Otherwise if you can edit the script yourself. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Tousignant Sent: Friday, March 17, 2006 9:11 AM To: samba@lists.samba.org Subject: [Samba] Domain authentification problem with LDAP We use samba 3.0.13 and openldap 2.3.6 Members of the ldap group Domain Admins are working fine, but members of the group Domain Users can not login to the domain, and do not have access to the shares. Also, we are unable to join a windows xp workstation to the domain. Can anyone give me a hint where to start looking ... Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Daniel Tousignant Support informatique Intair Transit Courriel : [EMAIL PROTECTED] Telephone : (514) 286-8515 poste 3326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA+LDAP in a Workgroup
Tom, Personally I believe LDAP is an excellent backend database for Samba, especially if you are looking for Single-Sign-On capabilities. PC's do not have to join the Samba Domain in order to still gain domain access, however users will be prompted for username and password when accessing a share for your Samba Domain. One way around this is to use the same username and password for your LDAP database as you do currently for their machine logon accounts. Also, in order to find samba shares on Samba/LDAP servers with a different domain your current WINS servers should be able to find the new domain and list it within your Network List so you should be able to browse to them. Otherwise you can use DNS. Good Luck! James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Haerens Sent: Thursday, March 16, 2006 1:00 AM To: samba@lists.samba.org Subject: [Samba] SAMBA+LDAP in a Workgroup Hi, This may be a dumb question (I'm new with this), but is it possible to use SAMBA in combination with LDAP in a Workgroup? All the manuals and examples I can find, are talking about Domains and PDCs. I have to set up a new Samba server and checkout LDAP but I'm not allowed to change the Workgroup settings... Now we use smbpasswd... Is LDAP worth the effort and time? Kind Regards, ToHa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to add computer to domain
Wesley, Currently I am using Mandriva 2006 as well. What Craig is telling you is correct, if you do not have your /etc/ldap.conf configured correctly and as mentioned before by both Craig and myself if your smbldap-tools conf files are not correctly setup then this will not work and you will receive the errors you are receiving. I would strongly suggest going through every file line by line and make sure everything matches up correctly. Just the statements that you tried several different accounts and different passwords for the same account leaves me to believe that you might not have the most organized installation. Look at your /openldap/slapd.conf file use your root cn for your bind configuration. If you have a root user in your openldap database and you can successfully bind then change your openldap root password and document it so you won't have conflicting information. Start out simple, make sure you have the correct access to your ldap directory structure within the slapd.access.conf file. Then make it more restrictive using the DSA accounts (if you used the IDEALX configuration info). Don't do this if this is production but from the sounds of it you are not in a production environment with your LDAP Database, otherwise yikes. Once you get yourself on some firm footing the pieces should all come together. James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 6:30 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would then prefer that you take me off the reply list. Whatever you've got installed and configured for smbldap-tools doesn't appear to be configured correctly and may be too old. At the point where you have a working ldap and smbldap-tools, we can review the add user/machine scripts within samba. Craig On Tue, 2006-03-14 at 19:38 -0600, Wesley Hobbie wrote: I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189
RE: [Samba] Unable to add computer to domain
Great! I am glad you got it. JT -Original Message- From: Wesley Hobbie [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 5:21 PM To: 'James Taylor'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain James, Once I got smbldap-tools configured, ran smbldap-populate, and used your script, my problem was according to that the smb-ldap-3-howto I was following said to use the Administrator account to do the join but the uid they had for Administrator was 506, and I had read somewhere the uid needed to be 0, so I kept trying both Administrator and root. However, since I use the cn=root to execute LDAP command line commands, and I thought I had set the Samba root password the same/I forgot I had set it differently, I was using the wrong password for root. When I started getting the error about user not found or bad password, I tried another password...I may have used, and then it worked. So like I said last night, after I got all of that figured out I successfully got the machine joined to the domain. No it is not a production environment, it is kind of a toy machine for now, just trying to learn some things. Trying to see if I can set up a Linux domain controller equal to a Windows domain controller, and was joining a Windows Server running SharePoint as a domain member to the domain. Again, thanks you guys for your help. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 15, 2006 12:47 PM To: 'Craig White'; 'Wesley Hobbie' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wesley, Currently I am using Mandriva 2006 as well. What Craig is telling you is correct, if you do not have your /etc/ldap.conf configured correctly and as mentioned before by both Craig and myself if your smbldap-tools conf files are not correctly setup then this will not work and you will receive the errors you are receiving. I would strongly suggest going through every file line by line and make sure everything matches up correctly. Just the statements that you tried several different accounts and different passwords for the same account leaves me to believe that you might not have the most organized installation. Look at your /openldap/slapd.conf file use your root cn for your bind configuration. If you have a root user in your openldap database and you can successfully bind then change your openldap root password and document it so you won't have conflicting information. Start out simple, make sure you have the correct access to your ldap directory structure within the slapd.access.conf file. Then make it more restrictive using the DSA accounts (if you used the IDEALX configuration info). Don't do this if this is production but from the sounds of it you are not in a production environment with your LDAP Database, otherwise yikes. Once you get yourself on some firm footing the pieces should all come together. James -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 6:30 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain On Tue, 2006-03-14 at 20:20 -0600, Wesley Hobbie wrote: I am using smbldap-tools 0.9.2, was using 0.9.1 but when that was not working I went and grabbed the most recent. I am using Mandriva 2006 x86-64. I am sorry, what was your advice that I did not follow? I think that you've answered it already...you are going to have to point ldap.conf to also search for 'people' in ou=Hosts,dc=bluemapletech,dc=com as well as ou=People,dc=bluemapletech,dc=com if getent can't find it, samba can't find it and it is not gonna work. the above is what I suggested yesterday. As for now, why smbldap-useradd doesn't work anymore... smbldap-tools 0.9.2 will almost certainly put configuration files and ldap bind configuration in /etc/smbldap-tools hopefully, you still have your smbldap-useradd program... # which smbldap-useradd /usr/sbin/smbldap-useradd (note this is on RHEL 4 system - Mandriva should be pretty close to the same) -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 7:58 PM To: Wesley Hobbie Cc: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain The idea that you could use one piece of his smbldap-tools was an exercise in futility. First of all, is your smbldap-tools up to date or very reasonably close to up to date? I haven't a clue what OS you are using or version of smbldap-tools, or packaging. Second of all, there were other things wrong with the results from the ldapsearch which returned the dn of uid=server-02 $,ou=Host,dc=bluemapletech,dc=com but I didn't concern myself with them at that point because getent passwd couldn't find them anyway. I don't mind that you don't want to follow my advice but would
RE: [Samba] Unable to add computer to domain
Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine script, that is not the problem, when I try to join the domain from the Windows server, it does create the account in LDAP and still fails :-(. I did look at the server02.log file (log file for my Windows 2003 Server) and I see the following entries: [2006/03/13 20:55:40, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:40, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:40, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:51, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/13 20:55:51, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/13 20:55:51, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/13 20:55:52, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 1:25 PM To: 'Wesley Hobbie'; [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Wes, Do a google search on this topic: [Samba] Can't join my domain You will see what the problem is with the username can't be found. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Sunday, March 12, 2006 11:14 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Hey Craig, Actually I found on the Internet that I needed to run smbldap-populate, so I did and now I can manually add the user, although when I go to my Windows 2003 Server to join the domain I am still having a problem. Wes -Original Message- From: Wesley Hobbie Sent: Sunday, March 12, 2006 5:57 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain I can connect to LDAP via the command line, and I am using the same user in smb.conf as I am in smbldap-tools_bind.config. Excerpt from smb.conf: passdb backend = ldapsam:ldap://server01.bluemapletech.com ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=Hosts ldap admin dn = cn=root,dc=mydomain,dc=com add machine script = /usr/sbin/smbldap-useradd -w %u Excerpt from smbldap.conf: slaveLDAP=127.0.0.1 slavePort=389 masterLDAP=127.0.0.1 masterPort=389 ldapTLS=1 suffix=dc=mydomain,dc=com usersdn=ou=People,${suffix} computersdn=ou=Hosts,${suffix} with_smbpasswd=0 smbpasswd=/usr/bin/smbpasswd (I am wondering if this is right?) with_slappasswd=0 slappasswd=/usr/sbin/slappasswd Excerpt from smbldap_bind.conf: slaveDN=cn=root,dc=mydomain,dc=com slavePw=** masterDN=cn=root,dc=mydomain,dc=com masterPw=** Actually, I while I was copying the info from the files I noticed I mispelled my domain name, so I fixed it and tried it again. Now I do not get an error about
RE: [Samba] Unable to add computer to domain
What user are you using to create the account? I know the script works since several users are currently using it. You need to be using a user with Administrative access rights to the LDAP Database so the machine account can be created properly. If you are getting a permission denied you aren't using the right account to create the machine. You can also run the smbldap-useradd script manually from the LDAP server, (make sure your SMBLDAP_BIND.CONF file is setup correctly). Your command should look like this: smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' Where %u is the Machine name you are adding. JT -Original Message- From: Wesley Hobbie [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 5:38 PM To: 'James Taylor'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain I tried your script, but I am still getting the same error. I deleted the LDAP entry, tried again, and now the entry is not even being created. I checked my log file and I get slightly different results now: [2006/03/14 19:10:55, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:10:55, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:10:55, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:05, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:11:05, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:11:05, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:11:06, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 9 [2006/03/14 19:15:49, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:15:49, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:15:49, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied [2006/03/14 19:16:00, 0] lib/util_sock.c:matchname() sys_gethostbyname(server02): lookup failure. [2006/03/14 19:16:00, 0] lib/util_sock.c:get_peer_name(1189) Matchname failed on server02 172.16.0.11 [2006/03/14 19:16:00, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied Error: modifications require authentication at /usr/lib/perl5/vendor_perl/5.8.7/smbldap_tools.pm line 1056, DATA line 283. [2006/03/14 19:16:00, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2404) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w server02$' gave 127 [2006/03/14 19:19:16, 0] lib/debug.c:reopen_logs(597) Unable to open new log file /var/log/samba/server02.log: Permission denied -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 14, 2006 12:23 PM To: 'Wesley Hobbie'; 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Here is what you are missing: sambaSAMAccount information. Use the script attached to this email to fix this problem. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Monday, March 13, 2006 7:48 PM To: 'Craig White' Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain ldapsearch: # server02$, Hosts, bluemapletech.com dn: uid=server02$,ou=Hosts,dc=bluemapletech,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount cn: server02$ sn: server02$ uid: server02$ uidNumber: 1002 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer getent passwd | grep server02 returns nothing. Computers go in ou=Hosts and users go in ou=People. What exactly do you want from the ldap.config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig White Sent: Monday, March 13, 2006 9:27 PM To: Wesley Hobbie Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain It might be helpful to put cards on table here... ldapsearch -x -h localhost -D 'whatever_your_bind_dn' \ -W '(uid=server02*)' getent passwd |grep server02 and are you putting computers in the same container as users or do you have separate container for computers? what does the relevant section in ldap.conf look like? Craig On Mon, 2006-03-13 at 21:21 -0600, Wesley Hobbie wrote: I did a search on Google and all I found was a bunch of copies of a conversation between Fran Fabrizio and John H Terpstra, and in the end Fran did not have the add machine script. I have the add machine
RE: [Samba] Unable to add computer to domain
Wes, Do a google search on this topic: [Samba] Can't join my domain You will see what the problem is with the username can't be found. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wesley Hobbie Sent: Sunday, March 12, 2006 11:14 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Unable to add computer to domain Hey Craig, Actually I found on the Internet that I needed to run smbldap-populate, so I did and now I can manually add the user, although when I go to my Windows 2003 Server to join the domain I am still having a problem. Wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join my domain
The first time you try to join the Domain the computer account gets created. Try it once more after the computer account is created and it should work. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 08, 2006 3:06 PM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain OK I installed it and it did take care of the problem where the samba info was not being added to the database. However my original problem still remains. When I try to join my XP Desktop to the domain using the interface on the desktop I get the same error that states The following error occurred attempting to join the domain CDCGA The user name could not be found I'm thinking the problems may have to do with my DDNS not working properly. What do you think or am I just missing the boat? In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 4:25 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Try this one... JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 11:39 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Here you go In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 3:02 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Sorry I wasn't able to reply earlier. Can you send me a copy of your smbldap-useradd script? What is happening is that the script is not adding the sambaSAMAccount information to the machine account it is creating. The -w switch should add this information. It could be this script needs to be modified to make appropriate changes. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Thursday, March 02, 2006 6:44 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain I have tried running smbldap-useradd with various switches however objectClass: sambaSAMAccount sambaSID: domain sid-xxx and any other samba info only gets added if it is run with the -a options which makes it a user not a machine. I am using smbldap 0.9.1 with samba 3.0.14a-2 I don't if anyone has experienced this before but any help would be appreciated. I would really like to get this box set up as our PDC that would be able to do single sign-on and manage windows user accounts. In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 4:06 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Then that would be your problem... change your Add Machine Script... smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' Then try adding a new machine. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 12:04 PM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:59 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain Does the LDAP Machine account include: objectClass: sambaSAMAccount sambaSID: domain sid- JT [Bevan Agard] Actually it does not. strange -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:53 AM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:04 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain When you are trying to join a system to your Domain are the computer accounts created in your LDAP Database as machinename$ also with the sambaSAMAccount information? [Bevan Agard] Yes the machine name gets added to the LDAP Database and I get an error on the windows box stating Cannot join Domain User name not found What does your SAMBA Add Machine Script look like in your smb.conf file? JT [Bevan Agard
RE: [Samba] Unable to join to domain: The username could not be found.
Common issue I am seeing, are you using the smbldap-useradd script? If so you need to modify the script so that when the machine account is created in ldap that the sambaSAMAccount information is added to the machine account that you are joining to the Samba Domain. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hakan BAYINDIR Sent: Monday, March 06, 2006 9:43 AM To: samba@lists.samba.org Subject: Re: [Samba] Unable to join to domain: The username could not be found. I'm using the root account, the root. I think the accounts are enabled and I used smbpasswd to set the paswd. I also want to mention that I'm using idealx scripts to maintain smb and ldap at the same time. Mark Rutherford wrote: You need to use the superuser account, root to join a domain. Are you using 'root' or 'administrator' to do this? Also, is your root account enabled and has a password set using smbpasswd? Hakan BAYINDIR wrote: Hi, This is my first post here, so if I make any mistakes, warnings are always welcome. I'm working in an organization and we are migrating are domain controllers from windows to linux. I'm trying to deploy a working configuration of samba. Using openSuSE 10.0. I was following the Keith Robertson's how-to from IBM-Developerworks but in the end; the finished installation fails to work as expected. I can see the shares, log in with correct id's which are saved in ldap, transfer files, share the same workgroup with supplying correct username and password which is saved in ldap again. But when I try to join the domain, windows system wants username and password. It refuses it if I give wrong creds and if I give the true ones, refuses again with the user name could not be found I've tried signorseal patch, configured local policy but no hopes. Also samba config test and slaptest returns OK. Any help will be highly appreciated. Thanks in advance. Hakan BAYINDIR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join my domain
Sorry I wasn't able to reply earlier. Can you send me a copy of your smbldap-useradd script? What is happening is that the script is not adding the sambaSAMAccount information to the machine account it is creating. The -w switch should add this information. It could be this script needs to be modified to make appropriate changes. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Thursday, March 02, 2006 6:44 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain I have tried running smbldap-useradd with various switches however objectClass: sambaSAMAccount sambaSID: domain sid-xxx and any other samba info only gets added if it is run with the -a options which makes it a user not a machine. I am using smbldap 0.9.1 with samba 3.0.14a-2 I don't if anyone has experienced this before but any help would be appreciated. I would really like to get this box set up as our PDC that would be able to do single sign-on and manage windows user accounts. In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 4:06 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Then that would be your problem... change your Add Machine Script... smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' Then try adding a new machine. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 12:04 PM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:59 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain Does the LDAP Machine account include: objectClass: sambaSAMAccount sambaSID: domain sid- JT [Bevan Agard] Actually it does not. strange -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:53 AM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:04 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain When you are trying to join a system to your Domain are the computer accounts created in your LDAP Database as machinename$ also with the sambaSAMAccount information? [Bevan Agard] Yes the machine name gets added to the LDAP Database and I get an error on the windows box stating Cannot join Domain User name not found What does your SAMBA Add Machine Script look like in your smb.conf file? JT [Bevan Agard] add machine script = /usr/local/sbin/smbldap-useradd -w %u -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:00 AM To: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 2:39 PM To: 'Bevan Agard'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain What do your Add Machine Scripts look like in Samba? Also, are you using the smbldap-tools from idealx? [Bevan Agard] I am using the scripts from idealx. I followed the HOWTO on samba.org (Happy Users Ch 5) JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bevan Agard Sent: Wednesday, February 22, 2006 5:12 AM To: samba@lists.samba.org Subject: [Samba] Can't join my domain Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty. I have a samba, openldap question. I am trying to setup a FC-4 box to be a PDC for a small network of about 150 users. I was following the HOWTO on the SAMBA site. Everything seems to be fine however I cannot join the domain. I get the error User name could not be found. The error logs show that the login/password used to join the domain was accpeted and correct. I decided to step back a bit to see if the PDC could join the domain but also no luck. I got the following when I ran the command [EMAIL PROTECTED] ~]# net rpc join -d 3 -l -S PDC -U root [2006/02/21 10:57:03, 3] param
RE: [Samba] Can't join my domain
Try this one... JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 11:39 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Here you go In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Friday, March 03, 2006 3:02 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Sorry I wasn't able to reply earlier. Can you send me a copy of your smbldap-useradd script? What is happening is that the script is not adding the sambaSAMAccount information to the machine account it is creating. The -w switch should add this information. It could be this script needs to be modified to make appropriate changes. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Thursday, March 02, 2006 6:44 AM To: 'James Taylor' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain I have tried running smbldap-useradd with various switches however objectClass: sambaSAMAccount sambaSID: domain sid-xxx and any other samba info only gets added if it is run with the -a options which makes it a user not a machine. I am using smbldap 0.9.1 with samba 3.0.14a-2 I don't if anyone has experienced this before but any help would be appreciated. I would really like to get this box set up as our PDC that would be able to do single sign-on and manage windows user accounts. In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 4:06 PM To: 'Bevan Agard' Cc: samba@lists.samba.org Subject: RE: [Samba] Can't join my domain Then that would be your problem... change your Add Machine Script... smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' Then try adding a new machine. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 12:04 PM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:59 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain Does the LDAP Machine account include: objectClass: sambaSAMAccount sambaSID: domain sid- JT [Bevan Agard] Actually it does not. strange -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:53 AM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:04 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain When you are trying to join a system to your Domain are the computer accounts created in your LDAP Database as machinename$ also with the sambaSAMAccount information? [Bevan Agard] Yes the machine name gets added to the LDAP Database and I get an error on the windows box stating Cannot join Domain User name not found What does your SAMBA Add Machine Script look like in your smb.conf file? JT [Bevan Agard] add machine script = /usr/local/sbin/smbldap-useradd -w %u -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:00 AM To: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 2:39 PM To: 'Bevan Agard'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain What do your Add Machine Scripts look like in Samba? Also, are you using the smbldap-tools from idealx? [Bevan Agard] I am using the scripts from idealx. I followed the HOWTO on samba.org (Happy Users Ch 5) JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bevan Agard Sent: Wednesday, February 22, 2006 5:12 AM To: samba@lists.samba.org Subject: [Samba] Can't join my domain Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty
RE: [Samba] Migration from NT4 to W2K3 AD
Shouldn't be too difficult. You will need to know or at least have some level of access to the AD Domain so you can bind to it for user account information and group membership. What you could ask for is possibly getting a DC replica that you can use for testing that has a copy of the domain on it that you can place in a lab and keep segmented from you network then test Samba and make sure everything is working for you. I believe the LDAP Bind features in Samba will work for you as you are only managing access to shares and not creating user accounts and managing the domain. www.samba.org has great documents on the configuration. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 02, 2006 7:28 AM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: RE: [Samba] Migration from NT4 to W2K3 AD Frankly, I am not quite sure what those needs will be yet. I am not in control of the project, just the samba servers are mine. A few more details though. Wins will stay, 2 separate NT4 domains that previously had a trust configured will be merged, Usernames will stay the same (for the most part.. A few tweaks will be made but all of that will be finished before the actual migration starts), Computer names will stay the same (again except for a few ..), The AD domain already exists except I am not a part of it, nor am I an administrator within the new domain (at least not yet), ...will have to see if I can do some early testing on it. I will not be using cups. I will be mapping users home directories. There will be group based shares setup (accounting group is only group with access to \\server\accounting) What else should I add?... Many thanks, Mike Barber -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of updatemyself . Sent: Wednesday, March 01, 2006 5:30 PM To: Michael J Barber Cc: samba@lists.samba.org Subject: Re: [Samba] Migration from NT4 to W2K3 AD write abt ur needs sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Are there any gotcha's. I am currently using winbindd and very successfully integrating my Samba boxes with the NT4 domain structure. The admin who is doing the migration (A corporate person not used to Linux at all) is already nervous about the migration since it involves Linux. Usernames are not supposed to change..but, the authentication domain is going to be a completely new one. Any and all help is greatly appreciated. Thanks, Mike Barber WPTZ/WNNE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration from NT4 to W2K3 AD
So many changes that you are working on... just the migration from NT4 to AD2k3 is a project, though not too difficult. You will be moving to an Active Directory configuration (very similar to OpenLDAP) and binding to the new AD LDAP database will be critical. Also, adding the appropriate schema information to your AD infrastructure. If you are planning on making a 100% immediate cutover I would strongly recommend against it. Starting out in a mixed environment would be the best until you get the LDAP/AD Samba Integration resolved. Since Samba is not fully integrated with AD yet there could be some issues you might not have foreseen. If your current admin working on this project is unfamiliar with Linux and the configuration I might suggest using an outside source for additional support and help. I would strongly recommend (if you haven't already building a test lab for this project to test the entire user migration from NT4 to AD2k3, as well as how Samba will respond during the Domain changes. Recently completing a project very similar to this I know what you are about to go through. James Taylor [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of updatemyself . Sent: Wednesday, March 01, 2006 2:30 PM To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Migration from NT4 to W2K3 AD write abt ur needs sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Are there any gotcha's. I am currently using winbindd and very successfully integrating my Samba boxes with the NT4 domain structure. The admin who is doing the migration (A corporate person not used to Linux at all) is already nervous about the migration since it involves Linux. Usernames are not supposed to change..but, the authentication domain is going to be a completely new one. Any and all help is greatly appreciated. Thanks, Mike Barber WPTZ/WNNE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Need Advice
Save yourself the costs of having to buy licensing and extra equipment and run Samba as an NT4 BDC. In my humble belief it would be easier for you to maintain and less overhead at your remote location where you might have limited IT support. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Monday, February 27, 2006 12:53 PM To: Samba Subject: [Samba] Need Advice Greetings, We are going to be expanding our operations to another city. I currently use Samba and Winbind to provide shares and file access to my existing locations users. The account information is kept on a NT4.0 PDC and BDC. I have connected the new location via OpenVPN. I am wondering how I should go about expanding my domain. Should I set up another NT4.0 BDC in the new office and have a local Samba machine get account info from that via Winbind? Or should I set up the Samba machine as a BDC itself? Is it possible for a Samba BDC to receive account updates from a NT4.0 PDC? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Need Advice
Yes you could do that as well, but I would figure it might be easier administratively for you to just use samba as a BDC. There are some great documents @ www.samba.org http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#sbehap-bldg1 JT -Original Message- From: Travis Bullock [mailto:[EMAIL PROTECTED] Sent: Monday, February 27, 2006 1:23 PM To: 'James Taylor'; 'Samba' Subject: RE: [Samba] Need Advice Alternatively, could I set up a knew Domain in the new location, have the PDC be Samba but have a two-way trust between the new domain and my old windows NT 4.0 domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: February 27, 2006 2:04 PM To: 'James Taylor'; 'Samba' Subject: RE: [Samba] Need Advice Well that is what I was thinking as well, but I was unsure if Samba was able to act as a BDC. How does the account replication work between my NT4.0 PDC and the Samba BDC? I do not have the time right now to switch from MS to Samba at my main site. I am trying to learn the ways of the force in regards to OpenLDAP and Samba but have not mastered them yet. With MS still acting as the PDC, will this negate the possibility of a Samba BDC? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: February 27, 2006 1:55 PM To: [EMAIL PROTECTED]; 'Samba' Subject: RE: [Samba] Need Advice Save yourself the costs of having to buy licensing and extra equipment and run Samba as an NT4 BDC. In my humble belief it would be easier for you to maintain and less overhead at your remote location where you might have limited IT support. JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Monday, February 27, 2006 12:53 PM To: Samba Subject: [Samba] Need Advice Greetings, We are going to be expanding our operations to another city. I currently use Samba and Winbind to provide shares and file access to my existing locations users. The account information is kept on a NT4.0 PDC and BDC. I have connected the new location via OpenVPN. I am wondering how I should go about expanding my domain. Should I set up another NT4.0 BDC in the new office and have a local Samba machine get account info from that via Winbind? Or should I set up the Samba machine as a BDC itself? Is it possible for a Samba BDC to receive account updates from a NT4.0 PDC? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join my domain
What do your Add Machine Scripts look like in Samba? Also, are you using the smbldap-tools from idealx? JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bevan Agard Sent: Wednesday, February 22, 2006 5:12 AM To: samba@lists.samba.org Subject: [Samba] Can't join my domain Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty. I have a samba, openldap question. I am trying to setup a FC-4 box to be a PDC for a small network of about 150 users. I was following the HOWTO on the SAMBA site. Everything seems to be fine however I cannot join the domain. I get the error User name could not be found. The error logs show that the login/password used to join the domain was accpeted and correct. I decided to step back a bit to see if the PDC could join the domain but also no luck. I got the following when I ran the command [EMAIL PROTECTED] ~]# net rpc join -d 3 -l -S PDC -U root [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) lp_load: refreshing parameters [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) Processing section [global] [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) WARNING: The min passwd length option is deprecated [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name PDC0x20 [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) name_resolve_bcast: Attempting broadcast lookup for name PDC0x20 [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:04, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2006/02/21 10:57:04, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2006/02/21 10:57:04, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:10, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=58) [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/21 10:57:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got principal=NONE [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60890215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2006/02/21 10:57:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2006/02/21 10:57:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 Creation of workstation account failed Unable to join domain CDCGA. [2006/02/21 10:57:12, 2] utils/net.c:main(897) return code = 1 I googled the the NT_STATUS_ACCESS_DENIED error and no luck as of yet. Have any of you samba sensei seen anything like this or have an suggestions as to how to kick this trouble ticket out. Thanks In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join my domain
Then that would be your problem... change your Add Machine Script... smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%m' Then try adding a new machine. JT -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 12:04 PM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:59 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain Does the LDAP Machine account include: objectClass: sambaSAMAccount sambaSID: domain sid- JT [Bevan Agard] Actually it does not. strange -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:53 AM To: 'James Taylor' Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 3:04 PM To: 'Bevan Agard' Subject: RE: [Samba] Can't join my domain When you are trying to join a system to your Domain are the computer accounts created in your LDAP Database as machinename$ also with the sambaSAMAccount information? [Bevan Agard] Yes the machine name gets added to the LDAP Database and I get an error on the windows box stating Cannot join Domain User name not found What does your SAMBA Add Machine Script look like in your smb.conf file? JT [Bevan Agard] add machine script = /usr/local/sbin/smbldap-useradd -w %u -Original Message- From: Bevan Agard [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 11:00 AM To: 'James Taylor'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain In the World one must be able to Adapt, and Evolve Or run the risk of becoming EXTINCT -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 22, 2006 2:39 PM To: 'Bevan Agard'; samba@lists.samba.org Subject: RE: [Samba] Can't join my domain What do your Add Machine Scripts look like in Samba? Also, are you using the smbldap-tools from idealx? [Bevan Agard] I am using the scripts from idealx. I followed the HOWTO on samba.org (Happy Users Ch 5) JT -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bevan Agard Sent: Wednesday, February 22, 2006 5:12 AM To: samba@lists.samba.org Subject: [Samba] Can't join my domain Guys and dolls, Greetings, I hope you all are in good health, great spirits and your glasses never empty. I have a samba, openldap question. I am trying to setup a FC-4 box to be a PDC for a small network of about 150 users. I was following the HOWTO on the SAMBA site. Everything seems to be fine however I cannot join the domain. I get the error User name could not be found. The error logs show that the login/password used to join the domain was accpeted and correct. I decided to step back a bit to see if the PDC could join the domain but also no luck. I got the following when I ran the command [EMAIL PROTECTED] ~]# net rpc join -d 3 -l -S PDC -U root [2006/02/21 10:57:03, 3] param/loadparm.c:lp_load(3916) lp_load: refreshing parameters [2006/02/21 10:57:03, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2006/02/21 10:57:03, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2006/02/21 10:57:03, 3] param/loadparm.c:do_section(3418) Processing section [global] [2006/02/21 10:57:03, 1] param/loadparm.c:lp_do_parameter(3159) WARNING: The min passwd length option is deprecated [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=10.50.0.20 bcast=10.50.255.255 nmask=255.255.0.0 [2006/02/21 10:57:03, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/02/21 10:57:03, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name PDC0x20 [2006/02/21 10:57:03, 3] libsmb/namequery.c:name_resolve_bcast(694) name_resolve_bcast: Attempting broadcast lookup for name PDC0x20 [2006/02/21 10:57:03, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.50.0.20 ( 10.50.0.20 ) [2006/02/21 10:57:03, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=PDC [2006/02/21 10:57:03, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.50.0.20 at port 445 [2006/02/21 10:57:04, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds
RE: [Samba] Samba + LDAP Windows Join Domain
I figured out the issues I was having... Basically when the machine accounts were created the smbldap-tools I was using did not add the sambaSAMAccount objectclass and the appropriate sub information needed for the Domain lookup. I made several modifications to my scripts and viola! It works. Thank you James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gordon Messmer Sent: Friday, February 17, 2006 4:41 PM To: samba@lists.samba.org Subject: Re: [Samba] Samba + LDAP Windows Join Domain James Taylor wrote: I am currently running samba 3.0.13. I have set the samba server up as a NT4 Domain controller and I have also integrated my LDAP configuration with samba. When I try to join the samba domain from any Windows 2000 or Windows XP machine I get the error message The user could not be found. My smbldap-tools scripts are working in the sense that the Machine Add script is adding the machinename$ domain account. Does getent passwd machinename$ produce the expected result? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining a domain - ads_connect: no results returned
When I try to connect to the Samba Domain this is the error message I receive. [2006/02/16 12:35:07, 0] utils/net_ads.c:ads_startup(191) ads_connect: No results returned Creation of workstation account failed Unable to join domain DOMAIN-NAME The machine account is created in the LDAP database even though I get this message. Any ideas? JT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP Windows Join Domain
Hello all, I have been working on this issue for some time and I know I am close to a solution. I am currently running samba 3.0.13. I have set the samba server up as a NT4 Domain controller and I have also integrated my LDAP configuration with samba. When I try to join the samba domain from any Windows 2000 or Windows XP machine I get the error message The user could not be found. My smbldap-tools scripts are working in the sense that the Machine Add script is adding the machinename$ domain account. I have read several different Samba Windows Join Domain documents and have tried different variations of my config's to see if I can resolve this issue. I know my Samba LDAP configuration is good as I am able to authenticate to SMB file shares on the samba server with groups mapped to my LDAP database. I am also seeing successful LDAP binds as well in the logs. Any pointers on things I may be able to try would be great. Configs as follows: # Global parameters [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = Samba Server %v interfaces = 192.168.0.8/16 min password length = 3 map to guest = Bad User passdb backend = ldapsam:ldap://myldapsvr/ enable privileges = Yes passwd program = /usr/sbin/smbldap-passwd username map = /etc/samba/smbusers client NTLMv2 auth = No client lanman auth = No client plaintext auth = No syslog = 7 log file = /var/log/samba/log.%m max log size = 10 smb ports = 135 445 min protocol = NT1 time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' logon script = logon.bat logon path = logon drive = H: logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap ssl = no ldap user suffix = ou=Users printer admin = @adm, root create mask = 0755 directory mask = 0750 hosts allow = 192.168., 127. nt acl support = No case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [admin] path = / valid users = @adm, root, jtaylor admin users = @adm, root, jtaylor read only = No browseable = No Thank you all James Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba setup in win2k A.D.
Maybe this will help... Have you verified that all you AD controllers have replicated their info? I had similar issues to this back when I was using AD with Microsoft. You can force replication to occur but going to sites and services of your AD. You should be able to find all the AD replication partners and force a replication. James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Verdugo Sent: Wednesday, February 15, 2006 2:46 PM To: samba@lists.samba.org Subject: [Samba] samba setup in win2k A.D. Please help, I'm having this problem at my job and it really needs to get solved. I'm trying to setup samba 3.0 to be a member fileserver in my Windows 2000 active directory domain. I followed the instruction on this website: http://www.linux-sxs.org/networking/nt4dom_samba.html#win_sysreq net RPC join -W domain -U domain user works wbinfo -t works wbinfo -G works wbinfo -U fails with the error: Error looking up domain users When I try to access the samba share from a windows network browser window it fails with the error: Logon Failure: The target account name is incorrect Any guidance you can offer will be repayed ten fold, thank you so much. Rich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA netbois lookup issues
My VPN Address is in a Virtual Pool on the Firewall I am using. I am able to connect to any other server other than a Samba server. If it was a network related issue would it not be having a problem on all the servers? James -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 5:11 PM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Is your VPN server on the same segment? I only ask because in our company, our VPN segment is isolated with it's own DNS servers. My guess is that when you come in via VPN, you are using a different DNS server and you are not registered. Instead, you are using NetBIOS for name resolution. Try putting an A host record on the DNS server used by your VPN server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: Friday, February 03, 2006 6:43 PM To: samba@lists.samba.org Subject: [Samba] SAMBA netbois lookup issues Hi all! I am from the Windows world and am trying to migrate to Linux and have done a fairly good job so far. My recent challenge is that I have built a Samba file/print server that works very well on my internal network but when I VPN into the network remotely I am unable to access the server via it's server name. What is driving me crazy is the fact that the last of my Windows servers is a file/print server as well and I am able to access it without issues. Is this a simple NetBios Port change or is this something else that I am missing? If anyone has some pointers as to what I can do to resolve this issue I would be grateful. Thank you James Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA netbois lookup issues
Yes, the other servers are registered as well. It has to be something simple that I am missing. I will attach a copy of my global smb.conf config and maybe you might be able to see something there. # Global parameters [global] workgroup = LASZLOSYSTEMS realm = INTRANET.CORP.LASZLOSYSTEMS.COM server string = Intranet Samba Server map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://intranet.corp.laszlosystems.com, smbpasswd, guest passwd program = /usr/sbin/smbldap-passwd %u log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts dns host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 60 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=*,dc=*,dc=com ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap passwd sync = Yes ldap suffix = dc=laszlosystems,dc=com ldap ssl = no ldap user suffix = ou=People winbind use default domain = Yes printer admin = @adm, root create mask = 0755 hosts allow = 192.168., 127. [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [pdf-gen] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes printing = bsd print command = /usr/share/samba/scripts/print-pdf %s %H //%L/%u %m %I %J lpq command = /bin/true lprm command = lprm -P'%p' %j [ILSA] comment = HP Color LaserJet 5500DN Network Printer path = /var/spool/samba guest ok = Yes printable = Yes [public] comment = Laszlo Public Files path = /home/laszlo/public valid users = @users write list = @users force user = laszlo force group = users create mask = 0775 force create mode = 0550 JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:26 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Sorry, I didn't realize that the samba server was the DNS server. So all the other servers have properly registered on this samba/DNS server? Do you have host records for all the other systems? It may be a port issue, but that is well out of my range of knowledge since we have a dedicated network team here. I still think it is something simple, I just can't put my finger on it without knowledge of your entire network. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:23 PM To: Trimble, Ronald D Subject: RE: [Samba] SAMBA netbois lookup issues Samba server is the DNS server. I also opened the wins.dat file to make sure the samba server had it's info registered and it does. Could this be a simple port issue? JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:10 AM To: James Taylor; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Not if they are all in the DNS server and the new samba server is not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Taylor Sent: Monday, February 06, 2006 2:06 PM To: samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues My VPN Address is in a Virtual Pool on the Firewall I am using. I am able to connect to any other server other than a Samba server. If it was a network related issue would it not be having a problem on all the servers? James -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 5:11 PM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Is your VPN server on the same segment? I only
RE: [Samba] SAMBA netbois lookup issues
Not sure if that is a good thing or not on a crazy config. What I have tried is using changing the order to include lmhosts file, wins, DNS. Of course I have modified the LMHOSTS file to include all the servers and that made no difference. I will try the change to the pam restrictions and see if that makes a difference. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:40 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Wow... that is the craziest smb.conf I have ever seen! Nice work. I don't see anything obvious, but I am curious if you ever tried shuffling the name resolve order? Furthermore, I see that you are forcing PAM restrictions... did you try the configuration with that line commented out. I know PAM can be complex and tough to figure out some times. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:31 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Yes, the other servers are registered as well. It has to be something simple that I am missing. I will attach a copy of my global smb.conf config and maybe you might be able to see something there. # Global parameters [global] workgroup = LASZLOSYSTEMS realm = INTRANET.CORP.LASZLOSYSTEMS.COM server string = Intranet Samba Server map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://intranet.corp.laszlosystems.com, smbpasswd, guest passwd program = /usr/sbin/smbldap-passwd %u log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts dns host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 60 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=*,dc=*,dc=com ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap passwd sync = Yes ldap suffix = dc=laszlosystems,dc=com ldap ssl = no ldap user suffix = ou=People winbind use default domain = Yes printer admin = @adm, root create mask = 0755 hosts allow = 192.168., 127. [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [pdf-gen] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes printing = bsd print command = /usr/share/samba/scripts/print-pdf %s %H //%L/%u %m %I %J lpq command = /bin/true lprm command = lprm -P'%p' %j [ILSA] comment = HP Color LaserJet 5500DN Network Printer path = /var/spool/samba guest ok = Yes printable = Yes [public] comment = Laszlo Public Files path = /home/laszlo/public valid users = @users write list = @users force user = laszlo force group = users create mask = 0775 force create mode = 0550 JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:26 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Sorry, I didn't realize that the samba server was the DNS server. So all the other servers have properly registered on this samba/DNS server? Do you have host records for all the other systems? It may be a port issue, but that is well out of my range of knowledge since we have a dedicated network team here. I still think it is something simple, I just can't put my finger on it without knowledge of your entire network. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:23 PM To: Trimble, Ronald D Subject: RE: [Samba] SAMBA netbois lookup issues Samba server is the DNS server. I also opened
RE: [Samba] SAMBA netbois lookup issues
Ok, tested the change with PAM and no difference. The message that is returned to me is: Windows cannot find '\\Intranet'. Check the spelling and try again, or try searching for the item by useless Microsoft Jargon... I am running Samba version 3.0.13. Could it possibly need an upgrade to the newer version? Thank you for the compliment, I was worried I might be doing something somewhat unorthodox. I am trying to get everything to eventually use single sign-on with LDAP and Samba, hence the LDAP bind info and the smbldap commands for users. The LDAP bind is working 100% perfect and internal access works great. All my internal servers are binding to LDAP via PAM modules at this point in time and that is working very well. So I am almost there. Once I get Samba to communicate over the VPN properly then I will setup and make it act as PDC for my Windows clients so they too will begin using the LDAP database for user access. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:47 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues It was a compliment... -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:45 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Not sure if that is a good thing or not on a crazy config. What I have tried is using changing the order to include lmhosts file, wins, DNS. Of course I have modified the LMHOSTS file to include all the servers and that made no difference. I will try the change to the pam restrictions and see if that makes a difference. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:40 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Wow... that is the craziest smb.conf I have ever seen! Nice work. I don't see anything obvious, but I am curious if you ever tried shuffling the name resolve order? Furthermore, I see that you are forcing PAM restrictions... did you try the configuration with that line commented out. I know PAM can be complex and tough to figure out some times. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:31 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Yes, the other servers are registered as well. It has to be something simple that I am missing. I will attach a copy of my global smb.conf config and maybe you might be able to see something there. # Global parameters [global] workgroup = LASZLOSYSTEMS realm = INTRANET.CORP.LASZLOSYSTEMS.COM server string = Intranet Samba Server map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://intranet.corp.laszlosystems.com, smbpasswd, guest passwd program = /usr/sbin/smbldap-passwd %u log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts dns host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 60 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=*,dc=*,dc=com ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap passwd sync = Yes ldap suffix = dc=laszlosystems,dc=com ldap ssl = no ldap user suffix = ou=People winbind use default domain = Yes printer admin = @adm, root create mask = 0755 hosts allow = 192.168., 127. [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [pdf-gen] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes printing = bsd print command = /usr/share/samba
RE: [Samba] SAMBA netbois lookup issues
The server is a backup LDAP server, but the bind connects to my master LDAP server for database changes to stay as current and up to date as possible. As far as pinging the server, that works 100%, anything related to DNS works just fine as well. It is just when I go to access via hostname, NetBios, that is fails. My local machine is using the Samba server for WINS. I also tried using my local lmhosts file on my Windows XP machine with no success. I can ping the name all day but when I try access to the share no go. I will try changing the port numbers and see what happens. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 12:01 PM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues That's a nice plan. Do you have a copy of the LDAP database on your server or are you simply linking to it? As far as accessing the server goes, let's go back to the basics... What happens when you try to ping the server by IP address? Does it work? If so, it is most definitely a name resolution issue and not something else. At this point, check your own IP config (I am assuming you are using some flavor of Windows.) What DNS and WINS servers are you pointing at? Check to see if they have host records for the new server. If it doesn't it may point you towards a port issue. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:57 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Ok, tested the change with PAM and no difference. The message that is returned to me is: Windows cannot find '\\Intranet'. Check the spelling and try again, or try searching for the item by useless Microsoft Jargon... I am running Samba version 3.0.13. Could it possibly need an upgrade to the newer version? Thank you for the compliment, I was worried I might be doing something somewhat unorthodox. I am trying to get everything to eventually use single sign-on with LDAP and Samba, hence the LDAP bind info and the smbldap commands for users. The LDAP bind is working 100% perfect and internal access works great. All my internal servers are binding to LDAP via PAM modules at this point in time and that is working very well. So I am almost there. Once I get Samba to communicate over the VPN properly then I will setup and make it act as PDC for my Windows clients so they too will begin using the LDAP database for user access. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:47 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues It was a compliment... -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:45 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Not sure if that is a good thing or not on a crazy config. What I have tried is using changing the order to include lmhosts file, wins, DNS. Of course I have modified the LMHOSTS file to include all the servers and that made no difference. I will try the change to the pam restrictions and see if that makes a difference. JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:40 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Wow... that is the craziest smb.conf I have ever seen! Nice work. I don't see anything obvious, but I am curious if you ever tried shuffling the name resolve order? Furthermore, I see that you are forcing PAM restrictions... did you try the configuration with that line commented out. I know PAM can be complex and tough to figure out some times. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:31 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Yes, the other servers are registered as well. It has to be something simple that I am missing. I will attach a copy of my global smb.conf config and maybe you might be able to see something there. # Global parameters [global] workgroup = LASZLOSYSTEMS realm = INTRANET.CORP.LASZLOSYSTEMS.COM server string = Intranet Samba Server map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://intranet.corp.laszlosystems.com, smbpasswd, guest passwd program = /usr/sbin/smbldap-passwd %u log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts dns host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 60 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group
RE: [Samba] SAMBA netbois lookup issues
Got it! It was the port that was causing the problem. I should have known right away. I read through my config and found that using 445, 139. I added port 135 to the mix and voila! Thank you for your help! James -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:40 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Wow... that is the craziest smb.conf I have ever seen! Nice work. I don't see anything obvious, but I am curious if you ever tried shuffling the name resolve order? Furthermore, I see that you are forcing PAM restrictions... did you try the configuration with that line commented out. I know PAM can be complex and tough to figure out some times. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:31 PM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] SAMBA netbois lookup issues Yes, the other servers are registered as well. It has to be something simple that I am missing. I will attach a copy of my global smb.conf config and maybe you might be able to see something there. # Global parameters [global] workgroup = LASZLOSYSTEMS realm = INTRANET.CORP.LASZLOSYSTEMS.COM server string = Intranet Samba Server map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://intranet.corp.laszlosystems.com, smbpasswd, guest passwd program = /usr/sbin/smbldap-passwd %u log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts dns host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 60 printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd '%g' /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap admin dn = cn=*,dc=*,dc=com ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Hosts ldap passwd sync = Yes ldap suffix = dc=laszlosystems,dc=com ldap ssl = no ldap user suffix = ou=People winbind use default domain = Yes printer admin = @adm, root create mask = 0755 hosts allow = 192.168., 127. [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [pdf-gen] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes printing = bsd print command = /usr/share/samba/scripts/print-pdf %s %H //%L/%u %m %I %J lpq command = /bin/true lprm command = lprm -P'%p' %j [ILSA] comment = HP Color LaserJet 5500DN Network Printer path = /var/spool/samba guest ok = Yes printable = Yes [public] comment = Laszlo Public Files path = /home/laszlo/public valid users = @users write list = @users force user = laszlo force group = users create mask = 0775 force create mode = 0550 JT -Original Message- From: Trimble, Ronald D [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:26 AM To: James Taylor Subject: RE: [Samba] SAMBA netbois lookup issues Sorry, I didn't realize that the samba server was the DNS server. So all the other servers have properly registered on this samba/DNS server? Do you have host records for all the other systems? It may be a port issue, but that is well out of my range of knowledge since we have a dedicated network team here. I still think it is something simple, I just can't put my finger on it without knowledge of your entire network. -Original Message- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Monday, February 06, 2006 2:23 PM To: Trimble, Ronald D Subject: RE: [Samba] SAMBA netbois lookup issues Samba server is the DNS server. I also opened the wins.dat file to make sure the samba server had it's info registered and it does
[Samba] SAMBA netbois lookup issues
Hi all! I am from the Windows world and am trying to migrate to Linux and have done a fairly good job so far. My recent challenge is that I have built a Samba file/print server that works very well on my internal network but when I VPN into the network remotely I am unable to access the server via it's server name. What is driving me crazy is the fact that the last of my Windows servers is a file/print server as well and I am able to access it without issues. Is this a simple NetBios Port change or is this something else that I am missing? If anyone has some pointers as to what I can do to resolve this issue I would be grateful. Thank you James Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Nautilus 'smb:' is it buggy?
I've googled for this and it seems quite a few people can't access Windows shares as described below. Is Nautilus the smb: command buggy? --- James Taylor [EMAIL PROTECTED] wrote: Hi, New to Samba, RH8. Searched for an answer but without joy. I have set up a lone Linux machine with Samba on a Windows 2K network. I can log in from Windows - Linux. I can also login into Windows resources from Linux when I use the command: smbclient //hostname/sharename -U username However, when I use Gnome Nautilus and the 'smb:' command, I can see the workgroup, enter and see the Windows server in the workgroup but when I open the server to locate the share I get ¨Couldnt Find \\hosename\sharename please check the spelling and try again¨ Any thoughts? Another question - are there any better ways of allowing a user access to a WinNT share than having to allow the Windows Guest user browse rights to the share? Regards James __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Nautilus 'smb:' command
Hi, New to Samba, RH8. Searched for an answer but without joy. I have set up a lone Linux machine with Samba on a Windows 2K network. I can log in from Windows - Linux. I can also login into Windows resources from Linux when I use the command: smbclient //hostname/sharename -U username However, when I use Gnome Nautilus and the 'smb:' command, I can see the workgroup, enter and see the Windows server in the workgroup but when I open the server to locate the share I get ¨Couldnt Find \\hosename\sharename please check the spelling and try again¨ Any thoughts? Another question - are there any better ways of allowing a user access to a WinNT share than having to allow the Windows Guest user browse rights to the share? Regards James __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba