Re: [Samba] Problem with domain membership
Hello - can anybody explain, what this means in detail? ---snip--- 10 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0010 0014 context_id: 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 18 net_io_r_auth_2 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDC-SERVER. Error was : NT_STATUS_OK. write_socket(19,45) write_socket(19,45) wrote 45 ---snip--- Am Dienstag, den 22.03.2005, 22:18 +0100 schrieb Jochen Witte: OKOK no attachements here. On the PDC side I get: ---snip--- account_policy_get: password history:0 pdb_set_user_sid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 from rid 132098 pdb_set_group_sid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 from rid 61001 pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [000] 4A 8C 6C 14 69 D1 72 B8 46 71 33 55 75 F8 01 C3 J.l.i.r. Fq3Uu... cred_session_key clnt_chal: E166CA9056B37776 srv_chal : 5EC8E922D299E1CE clnt+srv : 3F2FB4B3284D5945 sess_key : 629F7453EFF68A4B cred_create sess_key : 629F7453EFF68A4B stor_cred: E166CA9056B37776 timestamp: 0 timecred : E166CA9056B37776 calc_cred: FE38AA70FD16006A cred_assert challenge : 4C87E9631DF688E5 calculated: FE38AA70FD16006A credentials check wrong 00 net_io_r_auth_2 00 smb_io_chal data: c8 d8 ff bf 3b 5f 0e 08 08 net_io_neg_flags 0008 neg_flags: 41ff 000c status: NT_STATUS_ACCESS_DENIED api_rpcTNP: called NETLOGON successfully free_pipe_context: destroying talloc pool of size 78 write_to_pipe: data_used = 140 read_from_pipe: 712c name: NETLOGON len: 156 read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(p-out_data.rdata) = 16. ---snip--- Am Dienstag, den 22.03.2005, 22:07 +0100 schrieb Jochen Witte: Attached are the logs with the according log-level. ---snip--- doing parameter workgroup = DOMAINNAME doing parameter netbios name = HAL 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCHOST. Ewrite_socket(19,45) ---snip--- Do I have a wrong secrets.tdb ? I deleted it completely and then joined the domain again (after removing the machine account in my ldap server). Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jochen Witte wrote: | One update: when trying security=server | on the fileserver side, I can log on | to the fileserver. But i do not want | security=server! Any hints out there? You need to look at a level 10 log on the server (and set 'debug timestamp = no' for high debug logs). There's not enough information here to really offer sound advice. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCP/xZIR7qMdg1EfYRAsfVAJ9GqO/9UVgJpgTJmHdODPU+YO2x6gCg3bHl STOznlGLrgKRJuZGUFH0h/E= =Je16 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Jochen Witte [EMAIL PROTECTED] -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Problem with domain membership]
Well, this is what I did: I removed secrets.tdb, joined the domain again -- and then I got this error Is there a chance to sniff details of the credentials the member-server uses to connect to the PDC? Weitergeleitete Nachricht Von: Gerald (Jerry) Carter [EMAIL PROTECTED] An: Jochen Witte [EMAIL PROTECTED] Kopie: samba@lists.samba.org Betreff: Re: [Samba] Problem with domain membership Datum: Wed, 23 Mar 2005 08:14:27 -0600 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jochen Witte wrote: | Hello - can anybody explain, what this means in detail? | | ---snip--- | 10 smb_io_rpc_hdr_resp rpc_hdr_resp | 0010 alloc_hint: 0010 | 0014 context_id: | 0016 cancel_ct : 00 | 0017 reserved : 00 | rpc_api_pipe: len left: 0 smbtrans read: 40 | rpc_api_pipe: fragment first and last both set | 18 net_io_r_auth_2 | 18 smb_io_chal | 0018 data: c8 d8 ff bf 3b 5f 0e 08 | 20 net_io_neg_flags | 0020 neg_flags: 41ff | 0024 status: NT_STATUS_ACCESS_DENIED | cli_net_auth2: Error NT_STATUS_ACCESS_DENIED | cli_nt_setup_creds: auth2 challenge failed | connect_to_domain_password_server: unable to setup the PDC credentials | to machine PDC-SERVER. Error was : NT_STATUS_OK. | write_socket(19,45) | write_socket(19,45) wrote 45 | ---snip--- It means the machine trust account password on the Samba server is invalid. Rejoining the domain should clear things up. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQXnDIR7qMdg1EfYRApUlAJ4lVmZnrztddnlgNW7XlBI6q0UXvACg6bsU uqDMmTuLegaooWduO+ZKApY= =qakP -END PGP SIGNATURE- -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with domain membership
Just to be sure, I got it right: here is, what I do to get into the domain and the dump the avaiable services: ---snip--- [EMAIL PROTECTED] /etc/init.d/samba stop Shutting down SAMBA nmbd : done Shutting down SAMBA smbd : done [EMAIL PROTECTED] rm /opt/samba/private/s* [EMAIL PROTECTED] smbpasswd -j DOMAINNAME -r PDC -U Administrator Password: Joined domain DOMAINNAME. [EMAIL PROTECTED] /etc/init.d/samba start Starting SAMBA nmbd : done Starting SAMBA smbd : done [EMAIL PROTECTED] smbclient -L //hal -U jwitte -W DOMAIN added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0 Password: RIGHT PASSWORD HERE session setup failed: NT_STATUS_LOGON_FAILURE [EMAIL PROTECTED] smbpasswd -X hal # == localhost SID for domain hal is: S-1-5-21-1600896514-926734994-3729081620 [EMAIL PROTECTED] smbpasswd -X Mundwerk SID for domain Mundwerk is: S-1-5-21-1790986081-3911417905-1778689532 ---snip--- If anybody has an idea, I would greatly appreciate it, since this is a real blocker Regards Jochen Am Mittwoch, den 23.03.2005, 11:35 +0100 schrieb Jochen Witte: Hello - can anybody explain, what this means in detail? ---snip--- 10 smb_io_rpc_hdr_resp rpc_hdr_resp 0010 alloc_hint: 0010 0014 context_id: 0016 cancel_ct : 00 0017 reserved : 00 rpc_api_pipe: len left: 0 smbtrans read: 40 rpc_api_pipe: fragment first and last both set 18 net_io_r_auth_2 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDC-SERVER. Error was : NT_STATUS_OK. write_socket(19,45) write_socket(19,45) wrote 45 ---snip--- Am Dienstag, den 22.03.2005, 22:18 +0100 schrieb Jochen Witte: OKOK no attachements here. On the PDC side I get: ---snip--- account_policy_get: password history:0 pdb_set_user_sid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 from rid 132098 pdb_set_group_sid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 from rid 61001 pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [000] 4A 8C 6C 14 69 D1 72 B8 46 71 33 55 75 F8 01 C3 J.l.i.r. Fq3Uu... cred_session_key clnt_chal: E166CA9056B37776 srv_chal : 5EC8E922D299E1CE clnt+srv : 3F2FB4B3284D5945 sess_key : 629F7453EFF68A4B cred_create sess_key : 629F7453EFF68A4B stor_cred: E166CA9056B37776 timestamp: 0 timecred : E166CA9056B37776 calc_cred: FE38AA70FD16006A cred_assert challenge : 4C87E9631DF688E5 calculated: FE38AA70FD16006A credentials check wrong 00 net_io_r_auth_2 00 smb_io_chal data: c8 d8 ff bf 3b 5f 0e 08 08 net_io_neg_flags 0008 neg_flags: 41ff 000c status: NT_STATUS_ACCESS_DENIED api_rpcTNP: called NETLOGON successfully free_pipe_context: destroying talloc pool of size 78 write_to_pipe: data_used = 140 read_from_pipe: 712c name: NETLOGON len: 156 read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(p-out_data.rdata) = 16. ---snip--- Am Dienstag, den 22.03.2005, 22:07 +0100 schrieb Jochen Witte: Attached are the logs with the according log-level. ---snip--- doing parameter workgroup = DOMAINNAME doing parameter netbios name = HAL 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCHOST. Ewrite_socket(19,45) ---snip--- Do I have a wrong secrets.tdb ? I deleted it completely and then joined the domain again (after removing the machine account in my ldap server). Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jochen Witte wrote: | One update: when trying security=server | on the fileserver side, I can log on | to the fileserver. But i do not want | security=server! Any hints out there? You need to look at a level 10 log on the server (and set 'debug timestamp = no' for high debug logs). There's not enough information here to really offer sound advice. cheers, jerry = Alleviating the pain of Windows(tm
Re: [Samba] Problem with domain membership
Attached are the logs with the according log-level. ---snip--- doing parameter workgroup = DOMAINNAME doing parameter netbios name = HAL 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCHOST. Ewrite_socket(19,45) ---snip--- Do I have a wrong secrets.tdb ? I deleted it completely and then joined the domain again (after removing the machine account in my ldap server). Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jochen Witte wrote: | One update: when trying security=server | on the fileserver side, I can log on | to the fileserver. But i do not want | security=server! Any hints out there? You need to look at a level 10 log on the server (and set 'debug timestamp = no' for high debug logs). There's not enough information here to really offer sound advice. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCP/xZIR7qMdg1EfYRAsfVAJ9GqO/9UVgJpgTJmHdODPU+YO2x6gCg3bHl STOznlGLrgKRJuZGUFH0h/E= =Je16 -END PGP SIGNATURE- -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with domain membership
OKOK no attachements here. On the PDC side I get: ---snip--- account_policy_get: password history:0 pdb_set_user_sid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1790986081-3911417905-1778689532-132098 from rid 132098 pdb_set_group_sid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1790986081-3911417905-1778689532-61001 from rid 61001 pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [000] 4A 8C 6C 14 69 D1 72 B8 46 71 33 55 75 F8 01 C3 J.l.i.r. Fq3Uu... cred_session_key clnt_chal: E166CA9056B37776 srv_chal : 5EC8E922D299E1CE clnt+srv : 3F2FB4B3284D5945 sess_key : 629F7453EFF68A4B cred_create sess_key : 629F7453EFF68A4B stor_cred: E166CA9056B37776 timestamp: 0 timecred : E166CA9056B37776 calc_cred: FE38AA70FD16006A cred_assert challenge : 4C87E9631DF688E5 calculated: FE38AA70FD16006A credentials check wrong 00 net_io_r_auth_2 00 smb_io_chal data: c8 d8 ff bf 3b 5f 0e 08 08 net_io_neg_flags 0008 neg_flags: 41ff 000c status: NT_STATUS_ACCESS_DENIED api_rpcTNP: called NETLOGON successfully free_pipe_context: destroying talloc pool of size 78 write_to_pipe: data_used = 140 read_from_pipe: 712c name: NETLOGON len: 156 read_from_pipe: NETLOGON: fault_state = 0 : data_sent_length = 0, prs_offset(p-out_data.rdata) = 16. ---snip--- Am Dienstag, den 22.03.2005, 22:07 +0100 schrieb Jochen Witte: Attached are the logs with the according log-level. ---snip--- doing parameter workgroup = DOMAINNAME doing parameter netbios name = HAL 18 smb_io_chal 0018 data: c8 d8 ff bf 3b 5f 0e 08 20 net_io_neg_flags 0020 neg_flags: 41ff 0024 status: NT_STATUS_ACCESS_DENIED cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCHOST. Ewrite_socket(19,45) ---snip--- Do I have a wrong secrets.tdb ? I deleted it completely and then joined the domain again (after removing the machine account in my ldap server). Am Dienstag, den 22.03.2005, 05:07 -0600 schrieb Gerald (Jerry) Carter: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jochen Witte wrote: | One update: when trying security=server | on the fileserver side, I can log on | to the fileserver. But i do not want | security=server! Any hints out there? You need to look at a level 10 log on the server (and set 'debug timestamp = no' for high debug logs). There's not enough information here to really offer sound advice. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCP/xZIR7qMdg1EfYRAsfVAJ9GqO/9UVgJpgTJmHdODPU+YO2x6gCg3bHl STOznlGLrgKRJuZGUFH0h/E= =Je16 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with domain membership
One update: when trying security=server on the fileserver side, I can log on to the fileserver. But i do not want security=server! Any hints out there? Regards Jochen Am Samstag, den 19.03.2005, 13:11 +0100 schrieb Jochen Witte: Hello, I have a Samba 3.0.11/LDAP-Backend PDC configured and I am able to join all kinds of machines quite well. However my Samba 2.2.12 Linux Fileserver is just able to join the domain: ---snip--- [EMAIL PROTECTED]/opt/samba smbpasswd -j Domainname -r PDC Name -U Administrator Password: Joined domain Domainname ---snip--- When I now try to access my Fileserver with a valid PDC account, I get: ---snip--- [EMAIL PROTECTED]/opt/samba /opt/samba/bin/smbclient -L //hal -U jwitte -W Domainname -d4 Serverzone is 0 Initialising global parameters params.c:pm_process() - Processing configuration file /opt/samba-2.2.12/lib/smb.conf Processing section [global] doing parameter workgroup = Domainname doing parameter netbios name = HAL handle_netbios_name: set global_myname to: HAL doing parameter server string = Samba 2.2.12 on HAL doing parameter log file = /var/log/samba/%m-log.smbd doing parameter lock dir = /var/lock/samba doing parameter template homedir = /home/%U doing parameter guest account = ftp doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE doing parameter kernel oplocks = yes doing parameter log level = 4 doing parameter debuglevel = 4 doing parameter security = domain doing parameter encrypt passwords = yes doing parameter password server = * doing parameter os level = 33 doing parameter local master = no doing parameter wins server = 10.128.0.24 wins_srv_load_list(): Building WINS server list: 10.128.0.24, 1 WINS server listed. doing parameter dns proxy = no pm_process() returned Yes added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0 Client started (version 2.2.12). resolve_lmhosts: Attempting lmhosts lookup for name hal0x20 resolve_hosts: Attempting host lookup for name hal0x20 Connecting to 10.128.0.23 at port 139 session request ok Password: session setup failed: NT_STATUS_LOGON_FAILURE ---snip--- On the PDC side I get the following: ---snip--- [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1345) open_oplock_ipc: opening loopback UDP socket. [2005/03/19 13:08:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks (303) Linux kernel oplocks enabled [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1376) open_oplock ipc: pid = 349, global_oplock_port = 36763 [2005/03/19 13:08:22, 4] lib/time.c:get_serverzone(122) Serverzone is -3600 [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) Transaction 0 of length 168 [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 349) conn 0x0 [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [MICROSOFT NETWORKS 1.03] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [MICROSOFT NETWORKS 3.0] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Samba] [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_nt1(327) not using SPNEGO [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LANMAN 1.0 [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 92 [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 349) conn 0x0 [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=13 flg2=0xc001 [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804) sesssetupX:[EMAIL PROTECTED] [2005/03/19 13:08:22, 3] smbd/sesssetup.c:check_guest_password(116) Got anonymous request [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2005/03/19 13:08:22, 3] smbd/password.c:register_vuid(222) User name
[Samba] Problem with domain membership
debuglevel = 4 security = domain encrypt passwords = yes password server = * os level = 33 local master = no wins server = 10.128.0.24 dns proxy = no ---snip--- If anybody feels able to help, it would be greatly appreciated! Thanks, Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compile problems on SuSE 7.2
Hello, I try to compile Samba 3.0.11 on SuSE 7.2 (Kernel 2.4.10, glibc 2.2.2, gcc 2.95.3) and get a lot of warnings and then the compilation fails with ---snip--- Linking nsswitch/libnss_wins.so lib/system.po: In function `sys_dlopen': lib/system.po(.text+0xf3f): undefined reference to `dlopen' lib/system.po: In function `sys_dlsym': lib/system.po(.text+0xf6f): undefined reference to `dlsym' lib/system.po: In function `sys_dlclose': lib/system.po(.text+0xf9b): undefined reference to `dlclose' lib/system.po: In function `sys_dlerror': lib/system.po(.text+0xfc4): undefined reference to `dlerror' lib/username.po: In function `user_in_netgroup_list': lib/username.po(.text+0xbd2): undefined reference to `yp_get_default_domain' lib/access.po: In function `string_match': lib/access.po(.text+0x200): undefined reference to `yp_get_default_domain' Compiling nsswitch/pam_winbind.c with -fPIC Linking nsswitch/pam_winbind.so Compiling libsmb/libsmbclient.c with -fPIC Compiling libsmb/libsmb_compat.c with -fPIC make: *** wait: No child processes. Stop. make: *** Waiting for unfinished jobs make: *** wait: No child processes. Stop. ---snip--- Is compiling with such an old system not supported? Or: what Do I have to do to get it compiled? Regards Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replicated LDAP
Hello, I would like to have a central LDAP-Server in my main office and a replicated one in my satellite office, connected via VPN. Then I want my SAMBA-PDC in the satellite to use the local LDAP. I think this should end in: READ Samba - Replicate WRITE - Samba - Replicate -referrer- Samba - Central LDAP Am I right with my assumption? Is this setup possible and advisable? Cheers Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Complete posixGroups
Hello, I would like to upgrade my existing posix-groups to be sambaGroupMapping`s. Here is an example posixGroup: dn: cn=mygroup,ou=Group,ou=corp,o=Mundwerk,dc=excelsisnet,dc=com gidNumber: 1001 memberUid: jwitte description: blabla objectClass: posixGroup objectClass: top cn: cvsadmin how do i achieve this? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldapsam question
I want to check my new LDAP passdb with the net command, but I get: # net user root's password: [2005/02/08 15:00:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call If I use a wrong password, I get: # net user root's password: [2005/02/08 15:04:05, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call Could not connect to server 127.0.0.1 The username or password was not correct. So the connection seems to be established correctly the first time. Any hints on this? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compiling on an old system...
Hello, I would like to compile samba-latest on an old Linux system (SuSE 7.2). Everything seems to run quite well until it comes to the vfs-modules: ---snip--- Linking libsmbclient non-shared library bin/libsmbclient.a Linking libsmbclient shared library bin/libsmbclient.so Compiling modules/vfs_recycle.c with -fPIC Building plugin bin/recycle.so modules/vfs_recycle.po: In function `recycle_connect': modules/vfs_recycle.po(.text+0x23): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x31): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x55): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x6d): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_disconnect': modules/vfs_recycle.po(.text+0xc3): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0xd1): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0xf5): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x114): undefined reference to `lp_servicename' modules/vfs_recycle.po(.text+0x121): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_repository': modules/vfs_recycle.po(.text+0x197): undefined reference to `lp_parm_const_string' modules/vfs_recycle.po(.text+0x1a5): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x1b6): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x1da): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x1f1): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_keep_dir_tree': modules/vfs_recycle.po(.text+0x247): undefined reference to `lp_parm_bool' modules/vfs_recycle.po(.text+0x255): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x266): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x28a): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x2b3): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_versions': modules/vfs_recycle.po(.text+0x317): undefined reference to `lp_parm_bool' modules/vfs_recycle.po(.text+0x325): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x336): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x35a): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x383): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_touch': modules/vfs_recycle.po(.text+0x3e7): undefined reference to `lp_parm_bool' modules/vfs_recycle.po(.text+0x3f5): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x406): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x42a): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x453): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_exclude': modules/vfs_recycle.po(.text+0x4b7): undefined reference to `lp_parm_string_list' modules/vfs_recycle.po(.text+0x4c5): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x4d6): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x4fa): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x51f): undefined reference to `dbgtext' modules/vfs_recycle.po: In function `recycle_exclude_dir': modules/vfs_recycle.po(.text+0x577): undefined reference to `lp_parm_string_list' modules/vfs_recycle.po(.text+0x585): undefined reference to `DEBUGLEVEL_CLASS' modules/vfs_recycle.po(.text+0x596): undefined reference to `DEBUGLEVEL_CLASS_ISSET' modules/vfs_recycle.po(.text+0x5bd): undefined reference to `dbghdr' modules/vfs_recycle.po(.text+0x5e2): undefined reference to `dbgtext' ... ... ---snip--- What can I do? Thank You Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam question
Am Dienstag, den 08.02.2005, 08:13 -0600 schrieb Paul Gienger: I want to check my new LDAP passdb with the net command, but I get: # net user root's password: [2005/02/08 15:00:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call I don't think you should be seeing ads messages at all. What is your security setting? Perhaps shoot your whole smb.conf to the list, inline not attached. If I use a wrong password, I get: # net user root's password: [2005/02/08 15:04:05, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call Could not connect to server 127.0.0.1 This part would be a Bad Thing (TM). You're using LDAP on localhost (from your previous posts) so something is borked here. Is ldap running? Are you trying to use SSL? Again, smb.conf please. Here we go (just the important parts): ---snip--- security = user encrypt passwords = Yes # Deprecated #min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=root,suffix ldap suffix = suffix ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People ---snip--- Do You need more? Regards Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ldapscripts v1.0 !
Hi I just tried out YOur scripts on a brand new installation. Very cool but: ldapscripts.log: 02/08/05 - 06:09:01 : Command : /usr/local/bin/ldapaddmachine Successfully added machine philippines$ to LDAP samba-log: -- [2005/02/08 18:09:01, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:02, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:03, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:04, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:05, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:06, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:07, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:08, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:09, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:10, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:11, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:12, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:13, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:14, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:15, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:16, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:16, 0] lib/smbldap.c:smbldap_search_suffix(1169) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) [2005/02/08 18:09:16, 0] rpc_server/srv_samr_nt.c:_samr_create_user (2398) could not add user/computer philippines$ to passdb. Check permissions? = I am not able to add a machine account. Any hints? /Jochen Am Dienstag, den 08.02.2005, 15:27 + schrieb Ganael Laplanche: Hi all, I've been working on shell scripts that allow to manage ldap accounts (users, groups, machines). They are similar to the smbldap-tools but do not need PERL to work (and so on...) and are *very* simple to configure - they may be a good alternative. The only tools you need are standard ldap client commands (ldapadd, ldapdelete, ldapmodify, ldapsearch). The scripts can be used as standalone commands or within Samba configuration : add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines add user script = /usr/local/bin/ldapadduser '%u' sambausers add group script = /usr/local/bin/ldapaddgroup '%g' add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/bin/ldapdeleteuser '%u' delete group script = /usr/local/bin/ldapdeletegroup '%g' delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' (see README file for more details) For those who want to give a try, you can find the tarball of ldapscripts v1.0 here : http://contribs.martymac.com http://linagora.org/article108.html Just extract the tarball and type in ./install as root... These scripts are in early version, so feel free to send bug reports and any feedback ! Ganael LAPLANCHE - http://www.martymac.com [EMAIL PROTECTED] [EMAIL PROTECTED] -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -w
Hi, I try to set up samba (latest) to use LDAP. I get # smbpasswd -w secret -w not available unless configured --with-ldapsam I xompiled with LDAP support. Any hints? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User Migration question
Hello, I would like to migrate my user-accounts from a Samba 2 to a Samba 3 setup. Old Setup: Samba 2 with PAM support. PAM uses LDAP to store PosixAccounts New Setup: Samba 3 with native LDAP. PosixAccounts are already migrated to my new LDAP server. I tried pdbedit with my old smbpasswd file: ---snip--- # pdbedit -i smbpasswd:./smbpasswd build_sam_account: smbpasswd database is corrupt! username jwitte with uid 1000 is not in unix passwd database! ---snip--- But: ---snip--- # getent passwd|grep jwitte jwitte:x:1000:1000:Jochen Witte:/home/jwitte:/bin/bash ---snip--- Any hints? Regards Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Migration question
Am Montag, den 07.02.2005, 22:48 -0700 schrieb Craig White: On Tue, 2005-02-08 at 06:18 +0100, Jochen Witte wrote: Hello, I would like to migrate my user-accounts from a Samba 2 to a Samba 3 setup. Old Setup: Samba 2 with PAM support. PAM uses LDAP to store PosixAccounts New Setup: Samba 3 with native LDAP. PosixAccounts are already migrated to my new LDAP server. I tried pdbedit with my old smbpasswd file: ---snip--- # pdbedit -i smbpasswd:./smbpasswd build_sam_account: smbpasswd database is corrupt! username jwitte with uid 1000 is not in unix passwd database! ---snip--- But: ---snip--- # getent passwd|grep jwitte jwitte:x:1000:1000:Jochen Witte:/home/jwitte:/bin/bash ---snip--- Any hints? --- sounds like your passdb parameter isn't set properly Craig Hm: quoting didnt help. This is my config: passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=root,suffix ldap suffix = suffix ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People ldap ssl = Off and this is a typical user in LDAP: dn: uid=jwitte,ou=People,suffix objectClass: corpUser objectClass: posixAccount objectClass: top uid: jwitte uidNumber: 1000 loginShell: /bin/bash gidNumber: 1000 gecos: Jochen Witte homeDirectory: /home/jwitte description: System Engineer / Engineering cn: Jochen sn: Witte userPassword:: e1NNRDV9QWxrRTZ1sdasaYVVKbFBEeTFTMHRQZdsanjkdsajkd What can I do next? -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Migration question
Am Montag, den 07.02.2005, 22:48 -0700 schrieb Craig White: On Tue, 2005-02-08 at 06:18 +0100, Jochen Witte wrote: Hello, I would like to migrate my user-accounts from a Samba 2 to a Samba 3 setup. Old Setup: Samba 2 with PAM support. PAM uses LDAP to store PosixAccounts New Setup: Samba 3 with native LDAP. PosixAccounts are already migrated to my new LDAP server. I tried pdbedit with my old smbpasswd file: ---snip--- # pdbedit -i smbpasswd:./smbpasswd build_sam_account: smbpasswd database is corrupt! username jwitte with uid 1000 is not in unix passwd database! ---snip--- But: ---snip--- # getent passwd|grep jwitte jwitte:x:1000:1000:Jochen Witte:/home/jwitte:/bin/bash ---snip--- Any hints? --- sounds like your passdb parameter isn't set properly Craig So here is my config: passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=root,o=sub,dc=domain,dc=com ldap suffix = ou=corp,o=sub,dc=domain,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People The Domain-Info part is created correctly (so it is not a permission- problem, or a problem with the suffix). Is it a problem, that the used smbpasswd is from a different installation on a different host? Once again my procedure: - set up new host - set up new ldap - set up new samba - import posixaccount from old ldap to new - import old smbpasswd in new ldap - failure Regards Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] syncing unix passwords
Hi, the passwd program parameter defines a program/script to change both smbpasswd AND the Unix-password. In Your config, only the Unix-passwd will be changed NOT the samba password. I use something like this: passwd program = /usr/local/sbin/alphapasswd %u alphapasswd then is a little script, changing smbpasswd and (in my case) the password in ldap. Also note the password chat parameter. It should reflect the procedure of Your script... This leaves the question, why it worked before :) Greetiungs Am Don, 2002-06-13 um 19.17 schrieb Paul Crittenden: I give up. I had this working and now it isn't and I don't know why. I was able to sync unix password using smbpasswd but now it won't work. When I run smbpasswd it changes the samba password but acts like it doesn't even see the parameters in the smb.conf to change the unix password. Here is a sample changing session: as400:# ./smbpasswd xx New SMB password: Retype new SMB password: Password changed for user xx. as400:# When it worked there was a second Password changed for user xx Nothing is logged in any logs so I can't tell what is going on. Here is my smb.conf. Any help would be appreciated. # Global parameters [global] interfaces = xxx.xxx.xxx.xxx/255.255.255.0 security = SHARE encrypt passwords = yes unix password sync = yes passwd program = /bin/passwd %u passwd chat debug = yes passwd chat = *New* %n\n *Retype* %n\n password level = 8 log file = /usr/local/samba/logs/log.%m max log size = 500 time server = Yes printcap name = /etc/printcap guest account = guest invalid users = root hosts allow = xxx.xxx.xxx.0/255.255.255.0 printing = bsd [homes] comment = Home Directories read only = No create mask = 0755 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Jochen Witte [EMAIL PROTECTED] IRC: bacchus.alpha-lab.net/#alpha-lab PGP fingerprint = 2F92 97EA BB67 E49A EE79 AD55 2FE7 DF05 EA9A 3A32 Keyserver = www.keyserver.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba