[Samba] need some assistance - Samba 3.09 on FreeBSD 4.5
Well I did think of that. My biggest concern about upgrading though is that this system has about 1.5 Tb stored on it and I don't have the time to copy it all off and then restore it later, because of how it used within our company. I've never done a upgrade with freebsd so I'm not sure how reliable the entire process would be unless I completely wiped the system. When you say NSS support isn't good, wouldn't that also affect the machine joining the ADS domain? And shouldn't it also affect the winbind data getting returned correctly? Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] need some assistance - Samba 3.09 on FreeBSD 4.5
Hello, I've been able to get Samba up and running, it joins the ADS domain fine. It appears in the network browser on our Windows machines but when anyone attempts to access a restricted share it fails to authenticate them. I say restricted because if anyone accesses an open to everyone share it works. I'm trying to get the entire thing setup so that the Samba server is just a MEMBER of the Active Directory domain, running in Native mode. I do not want the Samba machine to be any kind of domain controller. I've run wbinfo and it does return all the info correctly. The log files, logging set to level 3, are showing the following when someone attempts to connect to a restricted share: From the log of the machine attempting to access Samba share: [2005/01/11 11:50:50, 2] smbd/service.c:make_connection_snum(314) user '[real username]' (from session setup) not permitted to access this share ([real share name]) [2005/01/11 11:50:50, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED From the log.smbd: [2005/01/11 11:50:50, 0] smbd/server.c:open_sockets_smbd(383) open_sockets_smbd: accept: Software caused connection abort From the log.winbindd: [2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [ 5472]: request interface version [2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [ 5472]: request location of privileged pipe [2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(210) [ 5472]: domain_info [[CORRECT_DOMAIN_NAME.COM]] [2005/01/11 11:50:50, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(210) [ 5472]: domain_info [[CORRECT_DOMAIN_NAME.COM]] [2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422) [ 5472]: gid to sid 1001 [2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422) [ 5472]: gid to sid 0 [2005/01/11 11:50:50, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(422) [ 5472]: gid to sid 70 [2005/01/11 11:51:50, 3] nsswitch/winbindd_ads.c:trusted_domains(832) ads: trusted_domains [2005/01/11 11:51:50, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server [correct IP to Domain Controllor] [2005/01/11 11:51:50, 3] libads/ldap.c:ads_server_info(2432) got ldap server name [EMAIL PROTECTED], using bind path: dc=[correct domain name],dc=COM [2005/01/11 11:51:50, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_start_connection(1382) Connecting to host=[correct dc name] [2005/01/11 11:51:50, 3] lib/util_sock.c:open_socket_out(752) Connecting to [correct dc ip] at port 445 [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713) Doing spnego session setup (blob length=115) [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 48018 1 2 2 [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 3 [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 3 6 1 4 1 311 2 2 10 [2005/01/11 11:51:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745) got principal=[correct dc [EMAIL PROTECTED] domain name.com] [2005/01/11 11:51:50, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2005/01/11 11:51:50, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319) Ticket in ccache[MEMORY:cliconnect] expiration Tue, 11 Jan 2005 21:51:48 GMT [smb.conf] [global] workgroup = domain_name realm = realm_name.com server string = Samba Server netbios name = server_name hosts allow = [several IP ranges to allow from] security = ADS encrypt passwords = yes password server = DC_name.domainname.com #username map = /etc/samba/smbusers client signing = yes server signing = yes guest account = samba log level = 3 log file = /var/log/samba/log.%m max log size = 50 idmap uid = 1-2 idmap gid = 1-2 template primary group = Domain Users template shell = /bin/bash socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = fxp0 local master = no dns proxy = no winbind separator = _ # Share Definitions == [homes] comment = Home Directories browseable = no read only = No valid users = %S # A publicly accessible directory, but read only, except for people in # the staff group [public] comment = Public Stuff path = /home/samba browseable = yes public = yes read only = no printable = no valid users = @domainname.com_Domain Users # Processing share, contains processing files and tools. [share name] comment = Stuff path = /usr/local/stuff browseable = yes public =
[Samba] Samba 3.0.10 ADS Setup issue Again
Well I spoke a bit to soon. While I was able to get to the stage of doing a make I get the following errors when the make ends, this is using Kerberos 5: libsmb/clikrb5.c: In function `krb5_set_real_time': libsmb/clikrb5.c:49: dereferencing pointer to incomplete type libsmb/clikrb5.c:50: dereferencing pointer to incomplete type libsmb/clikrb5.c: In function `create_kerberos_key_from_string_direct': libsmb/clikrb5.c:112: syntax error before `salt' libsmb/clikrb5.c:114: `salt' undeclared (first use in this function) libsmb/clikrb5.c:114: (Each undeclared identifier is reported only once libsmb/clikrb5.c:114: for each function it appears in.) libsmb/clikrb5.c: In function `krb5_locate_kdc': libsmb/clikrb5.c:209: syntax error before `hnd' libsmb/clikrb5.c:210: `krb5_krbhst_info' undeclared (first use in this function) libsmb/clikrb5.c:210: `hinfo' undeclared (first use in this function) libsmb/clikrb5.c:211: syntax error before `rc' libsmb/clikrb5.c:219: `rc' undeclared (first use in this function) libsmb/clikrb5.c:219: `KRB5_KRBHST_KDC' undeclared (first use in this function) libsmb/clikrb5.c:219: `hnd' undeclared (first use in this function) libsmb/clikrb5.c:225: `num_kdcs' undeclared (first use in this function) libsmb/clikrb5.c:236: `sa' undeclared (first use in this function) libsmb/clikrb5.c:247: `i' undeclared (first use in this function) libsmb/clikrb5.c:250: `ai' undeclared (first use in this function) *** Error code 1 Stop in /usr/src/samba3/samba-3.0.10/source. :end I then tried heimdal and when make is run I get these errors: /usr/heimdal/lib/libkrb5.a(crypto.o): In function `krb5_hmac': /usr/src/heimdal/heimdal-0.6.3/lib/krb5/crypto.c(.text+0x1974): multiple definition of `krb5_hmac' /usr/local/lib/libk5crypto.a(hmac.o)(.text+0x0):/usr/src/krb5/krb5-1.3.6/src/lib/crypto/hmac.c: first defined here /usr/libexec/elf/ld: Warning: size of symbol `krb5_hmac' changed from 566 to 127 in crypto.o /usr/heimdal/lib/libkrb5.a(crypto.o): In function `krb5_derive_key': /usr/src/heimdal/heimdal-0.6.3/lib/krb5/crypto.c(.text+0x3b14): multiple definition of `krb5_derive_key' /usr/local/lib/libk5crypto.a(derive.o)(.text+0x0):/usr/src/krb5/krb5-1.3.6/src/lib/crypto/dk/derive.c: first defined here /usr/libexec/elf/ld: Warning: size of symbol `krb5_derive_key' changed from 482 to 149 in crypto.o /usr/libexec/elf/ld: warning: libssl.so.2, needed by /usr/local/lib/libcups.so, may conflict with libssl.so.3 /usr/libexec/elf/ld: warning: libcrypto.so.2, needed by /usr/local/lib/libcups.so, may conflict with libcrypto.so.3 *** Error code 1 Stop in /usr/src/samba3/samba-3.0.10/source. :end This is using Kerberos 5 version 1.3.6 and heimdal 0.6.3 . Any help would be appreciated. Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.10 ADS setup issue
I am attempting to setup Samba 3.0.10 on a Windows 2000 Active Directory domain. The problem I'm having is getting Samba to configure correctly to get the Kerberos library. I've gone through previous posts and have tried doing what others suggested but I still keep getting the error of: configure: error: libkrb5 is needed for Active Directory support The current configure params I'm using are: ./configure --with-ads=yes --with-krb5=/usr/lib I've tried many different path entries, left out the path info with just the first option, nothing works I keep getting the exact error. It just never can find the Kerberos files. I've tried installing Kerberos 5 via Pkg_add, I've also downloaded and compiled it, this latest attempt is with Heimdal 0.6.3 being complied from source. Here is dump of a find for libkrb5* on the system: ./usr/local/lib/libkrb5.so.20 ./usr/local/lib/libkrb5.so ./usr/local/lib/libkrb5.a ./usr/lib/libkrb5.a ./usr/lib/libkrb5_p.a ./usr/lib/libkrb5.so.3 ./usr/lib/libkrb5.so ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.lai ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.a ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.la ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/libkrb5.la ./usr/src/krb5/krb5-1.3.6/src/lib/krb5/libkrb5.a ./usr/src/krb5/krb5-1.3.6/src/lib/libkrb5.a ./usr/heimdal/lib/libkrb5.la ./usr/heimdal/lib/libkrb5.a I have pointed the configure param to all of the above, including the source ones (I'm getting desperate!). So please someone help! Let me know if you need more info. Many thanks in advance. Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 ADS setup issue
Follow up: Sorry to have bothered all, after signing up to the list I was able to look at other archives but didn't do so until after I sent the email I found a post with the following link in it which had a helpful little piece in it. http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Hope all have a good holiday. Thanks, Jon Jon Starbird wrote: I am attempting to setup Samba 3.0.10 on a Windows 2000 Active Directory domain. The problem I'm having is getting Samba to configure correctly to get the Kerberos library. I've gone through previous posts and have tried doing what others suggested but I still keep getting the error of: configure: error: libkrb5 is needed for Active Directory support The current configure params I'm using are: ./configure --with-ads=yes --with-krb5=/usr/lib I've tried many different path entries, left out the path info with just the first option, nothing works I keep getting the exact error. It just never can find the Kerberos files. I've tried installing Kerberos 5 via Pkg_add, I've also downloaded and compiled it, this latest attempt is with Heimdal 0.6.3 being complied from source. Here is dump of a find for libkrb5* on the system: ./usr/local/lib/libkrb5.so.20 ./usr/local/lib/libkrb5.so ./usr/local/lib/libkrb5.a ./usr/lib/libkrb5.a ./usr/lib/libkrb5_p.a ./usr/lib/libkrb5.so.3 ./usr/lib/libkrb5.so ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.lai ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.a ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/.libs/libkrb5.la ./usr/src/heimdal/heimdal-0.6.3/lib/krb5/libkrb5.la ./usr/src/krb5/krb5-1.3.6/src/lib/krb5/libkrb5.a ./usr/src/krb5/krb5-1.3.6/src/lib/libkrb5.a ./usr/heimdal/lib/libkrb5.la ./usr/heimdal/lib/libkrb5.a I have pointed the configure param to all of the above, including the source ones (I'm getting desperate!). So please someone help! Let me know if you need more info. Many thanks in advance. Jon -- - Jon Starbird Streamologist Stream Theory 3350 Scott Blvd. Bldg. 24 Santa Clara, CA 95054 Phone: 408-790-2913 Ext. 1069 Fax:408-790-2918 http://www.streamtheory.com Software, suddenly simple. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba