Re: [Samba] net rpc testjoin error
Okay, I have determined that the problem is with the BDC. I shutdown samba on the BDC and was able to log into the domain. So perhaps the ldap replication isn't working. Should 'net getlocalsid' on a BDC show a SID that matches the SID on the PDC? I ran 'net rpc getsid' on the BDC and it said it was storing the SID in secrets.tdb. when I ask for the localsid, it gives me a mismatched SID. root@gracie:~# net rpc getsid Storing SID S-1-5-21-1546634795-1778232220-242194531 for Domain UW-MATH in secre ts.tdb root@gracie:~# net getlocalsid From: "Gaiseric Vandal" To: Sent: Thursday, December 22, 2011 1:43 PM Subject: Re: [Samba] net rpc testjoin error Did you make the required registry changes http://wiki.samba.org/index.php/Windows7 HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do you have problems with XP machines? On 12/22/2011 02:28 PM, John G. Heim wrote: I have a PDC running debian wheezy with samba 3.5.11 . If I run 'net rpc testjoin' on my PDC, it does this: # net rpc testjoin get_schannel_session_key: could not fetch trust account password for domain 'UW-MATH' net_rpc_join_ok: failed to get schannel session key from server HUBBLE for domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'UW-MATH' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO The backend is openldap and I can find the name of my PDC in the ldap database. It appears to have a valid machine trust account based on the ldap record. The main problem I'm having is that after I joined a Win7 machine to the domain, I can't log in as a domain user. It says "The trust relationship between this workstation and the domain failed." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net rpc testjoin error
I ran the Win7_Samba3DomainMember.reg file that comes with the samba-docs package. The contents are below. Does that 'net rpc testjoin' failure mean anything? I was able to join a different Win7 machine to the domain during testing. It seems to have stopped working. But I didn't try that 'net rpc testjoin' test on the PDC until now. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword: "DomainCompatibilityMode"=dword:0001 - Original Message - From: "Gaiseric Vandal" To: Sent: Thursday, December 22, 2011 1:43 PM Subject: Re: [Samba] net rpc testjoin error Did you make the required registry changes http://wiki.samba.org/index.php/Windows7 HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do you have problems with XP machines? On 12/22/2011 02:28 PM, John G. Heim wrote: I have a PDC running debian wheezy with samba 3.5.11 . If I run 'net rpc testjoin' on my PDC, it does this: # net rpc testjoin get_schannel_session_key: could not fetch trust account password for domain 'UW-MATH' net_rpc_join_ok: failed to get schannel session key from server HUBBLE for domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'UW-MATH' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO The backend is openldap and I can find the name of my PDC in the ldap database. It appears to have a valid machine trust account based on the ldap record. The main problem I'm having is that after I joined a Win7 machine to the domain, I can't log in as a domain user. It says "The trust relationship between this workstation and the domain failed." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net rpc testjoin error
I have a PDC running debian wheezy with samba 3.5.11 . If I run 'net rpc testjoin' on my PDC, it does this: # net rpc testjoin get_schannel_session_key: could not fetch trust account password for domain 'UW-MATH' net_rpc_join_ok: failed to get schannel session key from server HUBBLE for domain UW-MATH. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'UW-MATH' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO The backend is openldap and I can find the name of my PDC in the ldap database. It appears to have a valid machine trust account based on the ldap record. The main problem I'm having is that after I joined a Win7 machine to the domain, I can't log in as a domain user. It says "The trust relationship between this workstation and the domain failed." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] switching to smbldap-tools from custom scripts
I'm looking for advice on how to handle this problem... I've inherited a samba domain with an ldap backend. It uses custom scripts to add users and to join a machine to the domain. I don't mind the custom add user script but I'd like to do away with the custom script to join a machine to the domain. The custom script breaks all the time and our Windows systems admin is pretty frustrated with our samba domain. Every time he wants to join a machine to the domain, he has to come to me to coerce that script into working. So I'd like to switch to the smbldap-tools script for adding a machine to the domain. The tricky part is that our ldap database is also used for linux authentication so I have to make sure I don't mess up the ldap database when I fix it for smbldap-tools. I was thinking of building a new ldap/samba server with an empty ldap database, running the smbldap-populate script, and then importing just the ldap records for existing users and machines. So then I could test linux authentication vs the new machine while the old machine is still up. But I don't actually know how to extract the data I need from the old ldap database. And maybe it would be safer to let the old dreck in there. But how does the smbldap-tools populate script know about existing machines? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba & cups & printer defaults
I have 7 color laser printers configured in cups. Linux users can successfully print in color to them but Windows users cannot. I believe this is because the print queues are configured to default to greyscale printing. If you print a document in Windows, you can go into preferences for the printer and set it up to print in color. But samba apparently does not pass those parameters onto the print queue. My config is right out of the samba docs: [global] load printers = yes printing = cups printcap name = cups [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes I'm using the samba package from debian squeeze, 3.5.6. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to samba ldap and ssl
From: "Ander Punnar" To: When you are trying to do syncrepl with startls or ldaps:// between 2 Debian boxes and use self-signed certs, then it doesn't work. When you are using LDAP-client compiled with Instead of self-signed certs, I use certs from cacert.org. Its kind of a hassle to get signed up but once you do, you can generate all the certs you need for free. And the root cert and class-3 cert for cacert.org are in the ca-certificates debian package so it works right out of the box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 on debian squeeze
I'm setting up a debian squeeze file server with NFS mounted home directories and authentication via ldap. Now I want to give Windows users access to those same home directories. I thought I'd try samba4. I figure I have nothing to lose since this is a virtual machine and if I don't like the results, I can just restore from a snapshot. Its not a production machine yet. I'd prefer to install from debian packages because that will make the upgrade to samba4 seameless once samba4 is in the stable repository. If I install from a tarball, its probably not going to install stuff where debian likes it. But I figure that even a package from experimental will install most stuff where it belongs in debian. I've installed packages from experimental & unstable on systems running debian stable before but this time it doesn't work. Blow is my sources.list and a screen cap of the output from the apt-get attempt: # Sources.list deb http://debian.mirrors.tds.net/debian/ experimental main deb http://debian.mirrors.tds.net/debian/ unstable main # end sources.list # apt-get install -fy samba4 Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: samba4 : Depends: libdcerpc0 but it is not going to be installed Depends: libgensec0 but it is not going to be installed Depends: libldb0 but it is not installable Depends: libndr-standard0 but it is not going to be installed Depends: libndr0 but it is not going to be installed Depends: libsamba-hostconfig0 but it is not going to be installed Depends: libsamba-util0 but it is not going to be installed Depends: python-samba but it is not going to be installed Recommends: samba-ldb-tools but it is not going to be installed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] filesystem of choice?
I'm setting up a new linux fileserver and I was wondering if samba likes one filesystem more than another. I have to format a 1.8Tb partition sometime today and I'll probably do ext3 unless samba prefers something else. We have a lot more linux users than Windows users but the Windows users have more problems with slow access. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba