Re: [Samba] Information required on mounting Windows shared folders on Unix s ystems
You can't mount a windows share onto Solaris, because Solaris don't have kernel drivers for it. You can do it on a Linux based system though. /Patrik On Mon, 2004-02-23 at 13:14, Chalamalasetti Sreedhar, Noida wrote: Hi, I am new to this Samba. As of my knowledge we can access unix files on Windows and Windows files on Unix. I have configured my samba on Solaris. My smb.conf file ***smb.conf*** * # Global parameters workgroup = MYGROUP encrypt passwords = Yes security = domain hosts allow = localhost, xxx.xxx.xxx. [MY_HOMEDIR] path = /home1/ravi writeable = true user = ravi read only = No ***smb.conf*** *** Now I am able to access my Unix folder (/home1/ravi) on windows system, using find computer and Map network drive. Now my question is How to mount my windows shared folder ( \\ravi\SharedFolder file://\\ravi\SharedFolder ) on Unix system. For that What I have to do. What are the things I have to do Thanks and Regards Sreedhar -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] reduce the size of samba 3.0 binary
Run strip on the executables to remove symbol table, debugging information. That will shrink the size. /Patrik On Sat, 2004-02-21 at 01:59, Spam wrote: 800MB seem very large, or do you calculate size with all possible dependencies? Even so it seem large. I have had Samba on a Linux system where the total size is smaller than 800MB. Another possibility would be to use Unix services for Windows. It is a package which you can download from microsoft.com. It contains many standard GNU utils (even gcc I think!) including NFS support. Or simply use FTP. Windows Explorer can browse FTP servers (though not optimally). I installed samba 3.0. It works. But the only problem is that the whole binary package is 800MB (Solaris 2.8) It's a big package to fit in a 2g of / partition. Is there way we can reduce the size of the binary by select function/local/etc? I don't need all the funcations it supports. Only support UNIX nfs data to PC. thanks, Jeffrey -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
Let me the try to communicate in a different way. The only thing I want to know if byte range locks or file share reservation are propagated to or from UNIX. That is: a) When a external program is doing a byte range lock through fcntl on file, will that be checked before Samba is opening the file ? My findings tells me it does. b) When a external program is doing file share reservation through on a file fcntl will that be checked before Samba is opening the file ? My findings tells me it don't. The test-program did file share reservation through fcntl on file with the parameters: f_access=F_RWACC (Set a file share reservation for read and write access) f_deny=F_RWDNY (Set a file share reservation to deny read and write) The client could through Samba open and write in that file. c) If/When Samba is doing a byte range lock on file will that byte range lock be propagated externaly to UNIX ? I believe it will not. d) If/When Samba is doing a file share reservation on file will that be propagated externaly to UNIX ? My findings tells me it don't. I don't this good or bad. I just want to know. /Patrik On Tue, 2004-02-10 at 19:18, Jeremy Allison wrote: On Tue, Feb 10, 2004 at 09:39:01AM +0100, Patrik Gustavsson wrote: Well, you should know. But if Samba is doing byte ranged lock using fcntl, then I don't understand why my tests failed. The first test I did was: I simulated a NFS client and did byte range lock on a file, a document in this case 8K in size, and tried to open that from client using Samba and it failed becuse is was locked. The second test I did was: When a client opened the file using samba, with a DENY_WRITE lock (output from smbstatus) and I used the same simulated NFS client that did a byte range write lock using fcntl() on that document. I would assume that the byte range lock would fail, but it didn't it succeeded. That surprised me. You're confusing share modes with byte range locks. Read up on share modes - smbstatus doesn't report byte range locks, only share modes. Until you understand the difference we're not really communicating :-). At all :-). Jeremy. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
Well, you should know. But if Samba is doing byte ranged lock using fcntl, then I don't understand why my tests failed. The first test I did was: I simulated a NFS client and did byte range lock on a file, a document in this case 8K in size, and tried to open that from client using Samba and it failed becuse is was locked. The second test I did was: When a client opened the file using samba, with a DENY_WRITE lock (output from smbstatus) and I used the same simulated NFS client that did a byte range write lock using fcntl() on that document. I would assume that the byte range lock would fail, but it didn't it succeeded. That surprised me. The third test I did on my Solaris box was: I wrote a 'new' fcntl() function and that was preloaded when smbd was started. This 'new' function call logged all fcntl-calls before it called the real fcntl() call and returned the result. I opened the file from the client and tracked the filedesriptor for the opened file in /proc and compared with logging information from the fcntl calls. The only fcntl calls for that file was that smbd was asking for F_GETLK information. That lead me to the fact that smbd is not doing any byte range locks using fcntl(). Mayby I am wrong, but I can't where. /Patrik On Tue, 2004-02-10 at 08:15, Jeremy Allison wrote: On Tue, Feb 10, 2004 at 07:46:11AM +0100, Patrik Gustavsson wrote: Yes, your are wright. But Samba will not do a byte ranged lock using fcntl() on the file when lock range is below 2^31 as stated in the docs. No, you've got it wrong (I *wrote* the mapping code). Samba checks a lock request against the internal 64-bit unsigned locking database. If that lock request would be granted (no other Windows locks conflict) then it tries to map the 64-bit unsigned Windows lock onto either (a) a 64-bit signed POSIX lock or (b) a 32-bit signed POSIX lock (depending on what the underlying UNIX supports). If it can also get that lock then the lock is granted, if not then it rolls back the lock entry in the internal Windows locking database and returns a lock error to the client. It can be complicated by the fact there is a parameter to tell Samba whether to map onto POSIX locks or not, and also a client may ask for a blocking lock which may delay the response. Jeremy. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
Yes, your are wright. But Samba will not do a byte ranged lock using fcntl() on the file when lock range is below 2^31 as stated in the docs. /Patrik On tis, 2004-02-10 at 00:22, Jeremy Allison wrote: On Thu, Feb 05, 2004 at 09:25:25AM +0100, Patrik Gustavsson wrote: The things that tricked me was that I read the docs for Samba 3 regarding locks. And it says in the third paragraph in section 14.2 Samba 2.2 and above implements record locking completely independent of the underlying UNIX system. If a byte range lock that the client requests happens to fall into the range of 0-2^31, Samba hands this request down to the UNIX system. All other locks cannot be seen by UNIX, anyway I interperted that Samba would do fcntl locks on the file if the request is below 2^31 and not if it is above. Which are not true. Secondly, I don't understand why Samba is checking if a file locked through fcntl before opening it, when it is not locking the file through fcntl when Samba is opening the file. Samba doesn't use fcntl to check locks before opening, that's what share modes are for. fcntl locks are for byte range lock mapping onto POSIX. Jeremy. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
The things that tricked me was that I read the docs for Samba 3 regarding locks. And it says in the third paragraph in section 14.2 Samba 2.2 and above implements record locking completely independent of the underlying UNIX system. If a byte range lock that the client requests happens to fall into the range of 0-2^31, Samba hands this request down to the UNIX system. All other locks cannot be seen by UNIX, anyway I interperted that Samba would do fcntl locks on the file if the request is below 2^31 and not if it is above. Which are not true. Secondly, I don't understand why Samba is checking if a file locked through fcntl before opening it, when it is not locking the file through fcntl when Samba is opening the file. /Patrik On ons, 2004-02-04 at 18:38, Jeremy Allison wrote: On Wed, Feb 04, 2004 at 11:14:31AM +0100, Patrik Gustavsson wrote: Let me be more specific of what I am trying to do. I am the engineer at Sun that wrote the cluster agent for Samba, a standard HA agent. This works as a dream and is deployed on several clusters around the world. Now, I am doing study to see if the standard samba can be run as a scalable service (Several smbd's on different nodes accessing the same data). I know the issue with oplocks, so they are disable duering this tests. The Sun Cluster has the feature GFS (Global File system) as what True Cluster has. And the GFS will propagate all fcntl(), lockf() calls to all the nodes in the cluster. This has been tested by issuing a fcntl() locks on file, both local and remote, and having pc trying open that file and it's fail because it is locked. The issue I have with Samba locks is that, when a client open file I can have put a fcntl() write lock on that file. That shouldn't be possible if the file or part of that file had been looked with a fcntl() call. The output from smbstatus for that file: 6696 DENY_WRITE 0x2019f RDWR NONE /global/mnt1/datadir/TEST.sxw Wed Feb 4 10:50:44 2004 This won't work unless you have some method of propagating the open file table (found in locking.tdb) which tells clients what the current open share modes are. You need to solve this basic problem before you get to esoterica like byte range locks across the cluster. Jeremy. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
Hi, If I get this wright is that Samba will not use a direct call to fcnl() to lock the file. IE: If a PC open a file and do lock that file, will that lock be propagated so other application on the server can see that file is locked by calling fcntl(). /Patrik On lör, 2004-01-31 at 01:24, Andrew Bartlett wrote: On Thu, 2004-01-29 at 23:55, Patrik Gustavsson wrote: Hi, Maybe this is a stupid question, but any way Will samba use fcntl locking if level 1 and 2 oplocks is disabled and samba is not compiled with spin-locks enabled ? I am using Samba on solaris Samba uses fcntl() locking in two places. Firstly, it is used to mirror SMB locks, asked for by the client. Secondly they are used to mediate access to tdbs. Spinlocks are an alternative (if much less reliable) method for tdb mediation. oplocks do not override fcntl locks - but clients that have successfully gained an oplock might not ask for an SMB lock, and therefore Samba might not attempt to gain the matching fcntl() lock. The nasty performance issues in Solaris are due to bad fcntl() lock contention performance in Samba's TDB access. Andrew Bartlett -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A samba locking question
Let me be more specific of what I am trying to do. I am the engineer at Sun that wrote the cluster agent for Samba, a standard HA agent. This works as a dream and is deployed on several clusters around the world. Now, I am doing study to see if the standard samba can be run as a scalable service (Several smbd's on different nodes accessing the same data). I know the issue with oplocks, so they are disable duering this tests. The Sun Cluster has the feature GFS (Global File system) as what True Cluster has. And the GFS will propagate all fcntl(), lockf() calls to all the nodes in the cluster. This has been tested by issuing a fcntl() locks on file, both local and remote, and having pc trying open that file and it's fail because it is locked. The issue I have with Samba locks is that, when a client open file I can have put a fcntl() write lock on that file. That shouldn't be possible if the file or part of that file had been looked with a fcntl() call. The output from smbstatus for that file: 6696 DENY_WRITE 0x2019f RDWR NONE /global/mnt1/datadir/TEST.sxw Wed Feb 4 10:50:44 2004 The samba version I am using is 3.0.1 /Patrik On ons, 2004-02-04 at 10:45, Andrew Bartlett wrote: On Wed, 2004-02-04 at 20:29, Patrik Gustavsson wrote: Hi, If I get this wright is that Samba will not use a direct call to fcnl() to lock the file. IE: If a PC open a file and do lock that file, will that lock be propagated so other application on the server can see that file is locked by calling fcntl(). Yes. Samba will, to the best of it's ability, use fcntl() locks to indicate SMB locks to other applications (be they local unix apps, or NFS clients etc) Andrew Bartlett -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Back to 3.0.1, Winbind and Solaris 9
Did you use the pam.conf file I sent you ? I will attached again. Do you have patch 113476-08 or later installed ? /Patrik On Thu, 2004-01-29 at 11:26, Ganguly, Sapan wrote: I've gone back to 3.0.1 to try and get winbind to work with my Solaris 9 machine and NT4 domain. Everything works except user authentication. The wbinfo and getent commands do what they are supposed to. I've included a truss of 'su - ganguly' According to pamlog, the user 'ganguly' has been granted access but it is still hanging. How do I do a truss of a telnet login? I'm hoping some one out there is good with Solaris. Can you help? Thanks, Sapan __ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- # #ident @(#)pam.conf 1.2002/01/23 SMI # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the other section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth sufficient pam_winbind.so.1 try_first_pass login auth sufficient pam_dhkeys.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth sufficient pam_dhkeys.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient pam_winbind.so.1 try_first_pass # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other auth requisite pam_authtok_get.so.1 other auth sufficient pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient pam_winbind.so.1 try_first_pass # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cronaccount requiredpam_projects.so.1 cronaccount requiredpam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account requiredpam_projects.so.1 other account sufficient pam_unix_account.so.1 other account sufficient pam_winbind.so.1 try_first_pass # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session requiredpam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #cron account optionalpam_krb5.so.1 #other account optionalpam_krb5.so.1 #other session optionalpam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Back to 3.0.1, Winbind and Solaris 9
Ok, Lets take a step back, I have used the pam.conf file on both 3.0.1 and 3.0.2rc1 and it works. The libraries is 32 bits and is installed in /usr/lib/security and has been compiled with gcc 3.2.3. The only thing I have changed is that Samba is compiling pam_winbind.so instead of pam_winbind.so.1, so I renamed pam_winbind.so to pam_winbind.so.1 in /usr/lib/security and created a symlink from pam_winbind.so to pam_winbind.so.1 lrwxrwxrwx 1 root other 16 Jan 26 14:13 pam_winbind.so - pam_winbind.so.1 -rwxr-xr-x 1 root other 27904 Jan 28 15:25 pam_winbind.so.1 /Patrik On Thu, 2004-01-29 at 12:29, Ganguly, Sapan wrote: Hello Patrik, Yes, I used your pam.conf and I have the patch installed. I can't think what else the problem could be. I can't see what happens after I type in my password. Pamlog looks like this - Jan 29 11:28:27 sun001 login: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 29 11:28:31 sun001 login: [ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 29 11:28:31 sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jan 29 11:28:31 sun001 login: [ID 219349 auth.debug] pam_unix_auth: user ganguly not found Jan 29 11:28:31 sun001 pam_winbind[1138]: [ID 572310 auth.info] Verify user `ganguly' Jan 29 11:28:31 sun001 pam_winbind[1138]: [ID 614614 auth.notice] user 'ganguly' granted acces Jan 29 11:28:31 sun001 login[1138]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = teln et user = ganguly ruser = not set rhost = pc8723_w2k.uk.trt.thales It tells me that the user is granted access but then nothing happens, I don't get a shell even though I have an entry in smb.conf 'template shell = /bin/bash' Strange huh? -Original Message- From: Patrik Gustavsson [mailto:[EMAIL PROTECTED] Sent: 29 January 2004 11:13 To: Ganguly, Sapan Cc: 'Samba'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: Re: [Samba] Back to 3.0.1, Winbind and Solaris 9 Did you use the pam.conf file I sent you ? I will attached again. Do you have patch 113476-08 or later installed ? /Patrik On Thu, 2004-01-29 at 11:26, Ganguly, Sapan wrote: I've gone back to 3.0.1 to try and get winbind to work with my Solaris 9 machine and NT4 domain. Everything works except user authentication. The wbinfo and getent commands do what they are supposed to. I've included a truss of 'su - ganguly' According to pamlog, the user 'ganguly' has been granted access but it is still hanging. How do I do a truss of a telnet login? I'm hoping some one out there is good with Solaris. Can you help? Thanks, Sapan __ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] A samba locking question
Hi, Maybe this is a stupid question, but any way Will samba use fcntl locking if level 1 and 2 oplocks is disabled and samba is not compiled with spin-locks enabled ? I am using Samba on solaris /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Back to 3.0.1, Winbind and Solaris 9
/lib is symlink to /usr/lib The 32 bits pam libs are installed in /usr/lib/security and 64 bits are installed in /usr/lib/security/sparcv9 If you want to know if your libs are 32 or 64 bits, run file command, # file /usr/lib/security/pam_winbind.so.1 /usr/lib/security/pam_winbind.so.1: ELF 32-bit MSB dynamic lib SPARC Version 1, dynamically linked, not stripped # file /usr/lib/security/sparcv9/pam_unix.so.1 /usr/lib/security/sparcv9/pam_unix.so.1:ELF 64-bit MSB dynamic lib SPARCV9 Version 1, dynamically linked, not stripped I think the compiler is compiling 32 bits by default. /Patrik On Thu, 2004-01-29 at 14:31, Ganguly, Sapan wrote: Ah, I compiled with gcc 3.3.2. My machine is an Enterprise 220R so I guess I would have compiled in 64 bit by default right? How do I force it to compile everything in 32 bit? I think I installed the OS to be compatible with 32 bit apps. I have the same symbolic links as you but what is /usr/lib/security/sparcv9 for? What is the difference between /usr/lib/security and /lib/security? -Original Message- From: Patrik Gustavsson [mailto:[EMAIL PROTECTED] Sent: 29 January 2004 12:46 To: Ganguly, Sapan Cc: 'Patrik Gustavsson'; 'Samba'; '[EMAIL PROTECTED]' Subject: RE: [Samba] Back to 3.0.1, Winbind and Solaris 9 Ok, Lets take a step back, I have used the pam.conf file on both 3.0.1 and 3.0.2rc1 and it works. The libraries is 32 bits and is installed in /usr/lib/security and has been compiled with gcc 3.2.3. The only thing I have changed is that Samba is compiling pam_winbind.so instead of pam_winbind.so.1, so I renamed pam_winbind.so to pam_winbind.so.1 in /usr/lib/security and created a symlink from pam_winbind.so to pam_winbind.so.1 lrwxrwxrwx 1 root other 16 Jan 26 14:13 pam_winbind.so - pam_winbind.so.1 -rwxr-xr-x 1 root other 27904 Jan 28 15:25 pam_winbind.so.1 /Patrik On Thu, 2004-01-29 at 12:29, Ganguly, Sapan wrote: Hello Patrik, Yes, I used your pam.conf and I have the patch installed. I can't think what else the problem could be. I can't see what happens after I type in my password. Pamlog looks like this - Jan 29 11:28:27 sun001 login: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 29 11:28:31 sun001 login: [ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 29 11:28:31 sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jan 29 11:28:31 sun001 login: [ID 219349 auth.debug] pam_unix_auth: user ganguly not found Jan 29 11:28:31 sun001 pam_winbind[1138]: [ID 572310 auth.info] Verify user `ganguly' Jan 29 11:28:31 sun001 pam_winbind[1138]: [ID 614614 auth.notice] user 'ganguly' granted acces Jan 29 11:28:31 sun001 login[1138]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = teln et user = ganguly ruser = not set rhost = pc8723_w2k.uk.trt.thales It tells me that the user is granted access but then nothing happens, I don't get a shell even though I have an entry in smb.conf 'template shell = /bin/bash' Strange huh? -Original Message- From: Patrik Gustavsson [mailto:[EMAIL PROTECTED] Sent: 29 January 2004 11:13 To: Ganguly, Sapan Cc: 'Samba'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: Re: [Samba] Back to 3.0.1, Winbind and Solaris 9 Did you use the pam.conf file I sent you ? I will attached again. Do you have patch 113476-08 or later installed ? /Patrik On Thu, 2004-01-29 at 11:26, Ganguly, Sapan wrote: I've gone back to 3.0.1 to try and get winbind to work with my Solaris 9 machine and NT4 domain. Everything works except user authentication. The wbinfo and getent commands do what they are supposed to. I've included a truss of 'su - ganguly' According to pamlog, the user 'ganguly' has been granted access but it is still hanging. How do I do a truss of a telnet login? I'm hoping some one out there is good with Solaris. Can you help? Thanks, Sapan __ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550
RE: [Samba] winbind and Solaris 9 with AD
Hi, I have attached a pam.conf file for Solaris 9. I had to re-create the file. It has been tested for telnet,rlogin and ftp using winbind for 3.0.1 as a W2003 Server member. /Patrik On Mon, 2004-01-19 at 15:45, Ganguly, Sapan wrote: Patrik, Hello! I have been waiting for you to get back, you may be able to help me. I am having trouble making winbind work with Solaris 9. I was wondering if you could post a copy of your pam.conf again so that I can double check that I have a correct copy of it? The problem I am having is that when I try to log in with an NT username and password the login process hangs after I put the password in. I don't know why this happens because getent works. I decided to log what is going on in PAM, here is what I got - Jan 14 13:29:55 sun001 pam_winbind[15352]: [ID 571141 auth.debug] libpam_winbind:pam_sm_close_sessio n handler Jan 14 13:29:59 sun001 login: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 14 13:30:05 sun001 login: [ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 14 13:30:05 sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate() Jan 14 13:30:05 sun001 login: [ID 219349 auth.debug] pam_unix_auth: user ganguly not found Jan 14 13:30:05 sun001 pam_winbind[15369]: [ID 572310 auth.info] Verify user `ganguly' Jan 14 13:30:05 sun001 pam_winbind[15369]: [ID 614614 auth.notice] user 'ganguly' granted acces Jan 14 13:30:05 sun001 login[15369]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = tel net user = ganguly ruser = not set rhost = 192.168.224.90 Thanks for any help you can offer! Sapan -Original Message- From: Patrik Gustavsson [mailto:[EMAIL PROTECTED] Sent: 19 January 2004 14:39 To: Unix Service (ANTS) Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] winbind and Solaris 9 with AD Hi, I have the following libraries and links in /usr/lib and it works: libnss_winbind.so libnss_winbind.so.1 - libnss_winbind.so nss_winbind.so.1 - libnss_winbind.so /Patrik On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote: Hi have been trying to get winbind working on Solaris 9 but to no effect. version info: samba: 3.0.0 openldap: 2.1.23 kerberos: MIT 1.3.1 Have followed the instructions in every howto, usenet posting I could find: nscd not running created relevant links in /lib and /lib/security/sparcv9 applied patch for nsswitch as recommended kinit -e works net ads join works wbinfo -t works wbinfo -u gives list of all users in all trusted domains getent doesn't work samba authentication doesn't work - get the following in winbindd.log: [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379) NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875) [ 3551]: create_user: user=(test7), group=() [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521) wb_getgrnam: Did not find group (nobody) my smb.conf is: workgroup = DEV #workgroup = DEV.ANTS.AD.ANPLC.CO.UK realm = DEV.ANTS.AD.ANPLC.CO.UK security = ADS password server = lonsd010.dev.ants.ad.anplc.co.uk dns proxy = no idmap gid = 7-8 idmap uid = 80-90 winbind cache time = 15 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes encrypt passwords = yes log level = 9 [temp] path = /tmp read list = @users [docs] path = /var/tmp/samba-3.0.0 read list = @users I would appreciate any pointers as to further debugging I could do or possible problems as being able to use winbind to deal with samba authentication would make life a great deal easier. ** * This communication (including any attachments) contains confidential information. If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents. Please notify the sender immediately of the error. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes. If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication. This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding. Abbey National Treasury Services plc. Registered Office: Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN. Registered in England under Company Registration Number: 2338548. Regulated by the Financial
Re: [Samba] winbind and Solaris 9 with AD
Hi, I have the following libraries and links in /usr/lib and it works: libnss_winbind.so libnss_winbind.so.1 - libnss_winbind.so nss_winbind.so.1 - libnss_winbind.so /Patrik On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote: Hi have been trying to get winbind working on Solaris 9 but to no effect. version info: samba: 3.0.0 openldap: 2.1.23 kerberos: MIT 1.3.1 Have followed the instructions in every howto, usenet posting I could find: nscd not running created relevant links in /lib and /lib/security/sparcv9 applied patch for nsswitch as recommended kinit -e works net ads join works wbinfo -t works wbinfo -u gives list of all users in all trusted domains getent doesn't work samba authentication doesn't work - get the following in winbindd.log: [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379) NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875) [ 3551]: create_user: user=(test7), group=() [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521) wb_getgrnam: Did not find group (nobody) my smb.conf is: workgroup = DEV #workgroup = DEV.ANTS.AD.ANPLC.CO.UK realm = DEV.ANTS.AD.ANPLC.CO.UK security = ADS password server = lonsd010.dev.ants.ad.anplc.co.uk dns proxy = no idmap gid = 7-8 idmap uid = 80-90 winbind cache time = 15 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes encrypt passwords = yes log level = 9 [temp] path = /tmp read list = @users [docs] path = /var/tmp/samba-3.0.0 read list = @users I would appreciate any pointers as to further debugging I could do or possible problems as being able to use winbind to deal with samba authentication would make life a great deal easier. *** This communication (including any attachments) contains confidential information. If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents. Please notify the sender immediately of the error. Internet communications are not necessarily secure and may be intercepted or changed after they are sent. Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes. If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication. This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding. Abbey National Treasury Services plc. Registered Office: Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN. Registered in England under Company Registration Number: 2338548. Regulated by the Financial Services Authority (FSA). *** -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mounting smbfs from a Solaris 7 box
You can't, Solaris don't have the smbfs kernel driver. /Patrik On Wed, 2004-01-14 at 21:18, Knoll, Steve wrote: Has any Sun Solaris samba admin ever attempted to mount to a WindowsNT server? Unfortunately after several attempts and some elaborate syntax I can not get this to work. I do not see that Sun supports smbfs as Linux does. If anyone has any ideas or tricks please drop me a line. Thanks, Steve Knoll Intersil Corporation PAT Systems Group * (email) mailto:[EMAIL PROTECTED] * (voice) 1(321)729-5871 * (fax) 1(321)729-1194 -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can I setup Samba server to use UNIX (Solaris) username Passwor ds ?
Hi, You have to have a unix user through passwd, nis, ldap and samba user through smbpasswd,ldap, mysql. Or if you are using NT/Win200x as PDC and use winbind, which will do both. /Patrik On Thu, 2003-10-09 at 13:22, Hooton, Gerard wrote: Hi All, Can I setup Samba server to use UNIX (Solaris) username Passwords ? Or must I use smbpasswd ? Gerard Hooton Department of Microelectronic Engineering UCC Enterprise Centre, North Mall, Cork. Phone: 021 490 4576 http://www.ue.ucc.ie/index.htm -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 / Solaris 8 / Kerberos
On Solaris 8 and 9 I am using Kerberos from MIT and OpenLdap. /Patrik Thomas Müller wrote: Hi, I have a problem to compile Samba 3 with ADS support on Solaris. Unfortunatly, Solaris 8 doesn't come with integrated kerberos support, so that configure doesn't find any support for kerberos. For Solaris 8 there is a package called SEAM 1.0.1 with provides kerberos functionality for Solaris, but the needed header file, i.e krb5.h, are not included and according to my informations from SUN, they will not ship the headers in future. Do I have a chance to compile Samba 3 with ADS support? Might it be a solution to compile an install heimdal kerberos? When Samba 3 is compiled with the installed heimdal kerberos, will it work with the SEAM from SUN? Does anyone here have experience with this topic and a solution? Kind regards. Th. Müller Thomas Müller Phone: +49-711-88716-147 Department Manager ITFax: +49-711-88716-777 Christ GmbHMail: [EMAIL PROTECTED] Mittlerer Pfad 9Internet: www.christ-wasser.de 70499 Stuttgart Germany DISCLAIMER Any opinions expressed in this eMail are those of the the individual and not necesserily the company. This eMail and any files transmitted with it are confidential and solely for use of the intended recipient. If you are not the intended recipient or the person responsible fo delivering to the intended recipient, be advised that you have received this eMail in error and that any use is strictly prohibited. If you have received this eMail in error, please advise the sender immediately by using the reply facility in your eMail software. We have taken every reasonable precaution to ensure that any attachement to this eMail is swept for viruses. However, we cannot accept liability for any damage sustained as a result of software viruses and advise you carry out your own virus checks before opening any attachement. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error loading module messages from Samba-3rc4 on Solaris
I know this Q has been asked before, but I can't find any answers. If I have my LANG set to C the message will be Error loading module '/usr/local/samba/lib/charset/646.so': ld.so.1: bin/testparm: fatal: /usr/local/samba/lib/charset/646.so: open failed: No such file or directory and if LANG is set to sv (for swedish) the messages will be Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: bin/testparm: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory My Q is where to find those libraries ? I have used libiconv.1.9.1 when compiling samba. /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient is broken and W2k can't connect to Samba3.0-rc2
Hi, I have done the same test since Samba-3 alfa. - Compiled the source - Joined the W2003 server - Winbind works - wbinfo tests passed - Connect to samba using smbclient fails with session setup failed: NT_STATUS_INVALID_PARAMETER - W2K client can't brows or connect to Samba. I have attached the debugging info from smbclient. I have also bug-reported this. /Patrik My smb.conf file: # Global parameters [global] workgroup = TEST password server = w2003server realm = TEST.SE netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix2/255.255.0.0 bind interfaces only = Yes ;client use spnego = no ;use spnego = no security = ads private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/TEST.SE/%U template shell = /bin/sh ;winbind use default domain = Yes winbind use default domain = True wins server = w2003server [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No [homes] comment = Home directory read only = No exec=/bin/mkdir -p /global/mnt1/SAMBA/home/TEST.SE/%U [profiles] comment = Profile directory path = /global/mnt1/SAMBA/profiles read only = No create mask = 0600 directory mask = 0700 [data] comment = Data disk path = /global/mnt1/datadir read only = No guest ok = yes -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Something is broken in Samba3.0-rc2 compared to Samba3.0-rc1
Hi, After the bug 380 was fixed I recompiled Samba3.0-rc2 using Sun One Studio 8 on my Solaris 9 box. I joind my Windows 2003 Server. net ADS JOIN -U Administrator Started winbindd and did wbinfo tests and all worked. Run smbclient locally to connect to the samba-server and it failed with session setup failed: NT_STATUS_INVALID_PARAMETER. My W2000 client can't access the samba server any more. I have attached the trace from smbclient. Everything worked fine with rc1. My smb.conf # Global parameters [global] workgroup = TEST password server = w2003server realm = TEST.SE netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix2/255.255.0.0 bind interfaces only = Yes ;client use spnego = no ;use spnego = no security = ads private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/TEST.SE/%U template shell = /bin/sh ;winbind use default domain = Yes winbind use default domain = True wins server = w2003server [scmondir] comment = Monitor directory for Sun Cluster path = /tmp browseable = No [homes] comment = Home directory read only = No exec=/bin/mkdir -p /global/mnt1/SAMBA/home/TEST.SE/%U [profiles] comment = Profile directory path = /global/mnt1/SAMBA/profiles read only = No create mask = 0600 directory mask = 0700 [data] comment = Data disk path = /global/mnt1/datadir read only = No guest ok = yes -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting compiler erros on Samba3.0.rc2 on Solaris 9
Hi, A new kind error has appeared in rc2. I am getting compiler errors on CP850.c when compiling with Sun ONE Studio 8 on Solaris 9. Using FLAGS = -g -I/usr/local/include -I./popt -Iinclude -I/UTILCD/opt2/Cprg/Pr ogram/samba-3.0.0rc2/source/include -I/UTILCD/opt2/Cprg/Program/samba-3.0.0rc2/s ource/ubiqx -I/UTILCD/opt2/Cprg/Program/samba-3.0.0rc2/source/smbwrapper -I. -I /usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/incl ude -I/UTILCD/opt2/Cprg/Program/samba-3.0.0rc2/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl LDSHFLAGS = -G -g -I/usr/local/include -L /usr/local/lib LDFLAGS = -L /usr/local/lib Compiling modules/CP850.c with -KPIC modules/CP850.c, line 27: syntax error before or at: [ -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2003 + winbind = hell
Hi, You can't. You have to use Samba 3.0 to do what you want, because Samba 3.0 have ADS support and 2.2.x don't. /Patrik [EMAIL PROTECTED] wrote: Hi, I want to set up authentication using samba 2.2.7 winbind and pam with Windows 2003. The Windows 2003 server is set up in mixed mode. I follow the HOWTO, set up smb.conf and join the samba server to the domain. I hit a road block when 'getent passwd' yields no active directory users. I have been trying to get this running for two days, and I am beginning to think Windows 2003 and winbind don't like each other. If anyone can enlightenmen me as to where the problem is, please do. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ads server = huh?
The parameter password server has the same functionality as ads server. ads server is EOL. /Patrik [EMAIL PROTECTED] wrote: All, I've installed a Redhat 9 system with all packages from 3 discs. Now I've removed my samba 2 related packages and installed samba 3 using rpm. After setting up kerberos with my W2k system and testing that out successfully I set up smb.conf with security = ads etc I've also set 'ads server' but this config option causes various samba binaries to report unknown parameter: ads server What am I missing here ? Is the ads server option still an option ? Thx Aaron Colichia -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dual smb/nmb for interfaces
Hi, I use the following parameters in the smb.conf file(s): interfaces = hahostix1/255.255.0.0 bind interfaces only = Yes(Bind nmbd/smbd only to the defined interfaces) lock dir = /opt/SAMBA/locks( Store lock info in a another directory ) pid directory = /opt/SAMBA/var/locks(Store pid-files in a another directory ) log file = /opt/SAMBA/logs/logfile smb passwd file = /opt/SAMBA/private/smbpasswd (Were to store the smbpasswd file) In this example I store the smb.conf in /opt/SAMBA/lib The directory structure will be in this case: /opt/SAMBA/lib/smb.conf /opt/SAMBA/locks /opt/SAMBA/logs /opt/SAMBA/var/locks /opt/SAMBA/private The a start nmbd/smbd with -s path to smb.conf /Patrik Mohamed, Amin wrote: HI I'm need to run samba version 2.2.8 and 2 smbd / nnbd processes in a single machine with two separate smb.conf files . They will runs on individual interfaces and how can I do that ? Tried all means that I know off , but to no avail. Please help. Thanks rgs amin == This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. == -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] When will Samba-3 be released as stable ?
Hi, Is there a date when you could expect Samba-3 will be release as stable ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with iconv for Samba-3.0.0-rc1 on Solaris
Hi, I have dowloaded and installed iconv (1.9.1) from http://freshmeat.net/projects/libiconv. I have used default-settings for iconv, meaning: # configure # make # make install I tried then run configure for Samba-3.0.0-rc1 and configure couldn't find sufficient support for iconv. I tried using --with-libiconv, but it didn't help. Did I miss something when installing iconv on my Solaris box ? Do I have to install GNU gettext ? Do I have to use LD_PRELOAD when I run configure and running Samba ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Got strange message when using wbinfo/winbind on Samba-3beta3
Hi, I have joined a ADS (W2003 server) with success. Started winbindd. When I run any wbinfo commands I recieve the following message in the logfile and the command fails: cli_negprot: SMB signing is mandatory and we have disabled it. I am using the same smb.conf as for beta1 and beta2. What have changed or what have missed ? I am running on Solaris 9. My smb.conf file [global] workgroup = SAMBA-NET password server = * ads server = w2003server realm = TEST.SE netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix2/255.255.0.0 bind interfaces only = Yes ;client use spnego = no ;use spnego = no security = ads private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/TEST.SE/%U template shell = /bin/sh winbind use default domain = Yes ;winbind use default domain = No wins server = w2003server -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it sombody who has a working pam.conf for Solaris 9 ?
Hi, I have now a working pam.conf for Solaris 9 with winbind for telnet, rlogin, ftp, dtsession. The following changes have been done compered to the default. diff pam.conf.ORG pam.conf 21,23c21,24 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 --- login auth sufficient pam_dhkeys.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_dial_auth.so.1 login auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass 29,30c30,32 rloginauth required pam_dhkeys.so.1 rloginauth required pam_unix_auth.so.1 --- rloginauth sufficient pam_dhkeys.so.1 rloginauth sufficient pam_unix_auth.so.1 rloginauth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass 49,50c51,53 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 --- other auth sufficient pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass 65,66c68,70 other account requiredpam_projects.so.1 other account requiredpam_unix_account.so.1 --- other account sufficient pam_projects.so.1 other account sufficient pam_unix_account.so.1 other account sufficient /usr/lib/security/pam_winbind.so.1 71a76 other session sufficient /usr/lib/security/pam_winbind.so.1 /Patrik Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: Hi, I am trying to setup PAM for telnet on my solaris 9 box and the pam_winbind grant me access but I recieve a acount failure: Jul 4 13:29:59 clusterix1 pam_winbind[9688]: user 'patrikg' granted acces Jul 4 13:29:59 clusterix1 login[9688]: login account failure: Permission denied The values in pam.conf for winbind is: login auth required /usr/lib/security/pam_winbind.so other auth sufficient /usr/lib/security/pam_winbind.so login account sufficient /usr/lib/security/pam_winbind.so other account sufficient /usr/lib/security/pam_winbind.so login session sufficient /usr/lib/security/pam_winbind.so What have I missed ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0beta2
In order to get ADS support you have to compile SAMBA with Kerberos- and LDAP- support. /Patrik vincent Badier wrote: Hello all, First, i present myself since this is the first time i post here. My name is Vincent Badier, and i'm a samba beginner. I tried to compil and install samba-3.0.0beta2. I configured it with the --with-acl-support and no error occured. The problem appear when i tried to join an active directory domain. firstly : # /usr/local/samba/bin/net ADS JOIN MEMBER -S mydc -Umyname ADS support not compiled in However the configure --help said on Optional Packages: [...] --with-ads Active Directory support (default yes) ok, let's try without ADS option : # /usr/local/samba/bin/net JOIN MEMBER -S ip.of.my.dc -Umyname [2003/07/08 11:38:29, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(249) cli_nt_setup_creds: request challenge failed [2003/07/08 11:38:29, 1] utils/net_rpc.c:run_rpc_command(154) rpc command function failed! (NT_STATUS_INVALID_COMPUTER_NAME) Password: Create of workstation account failed Unable to join domain MYDOM. Arg, this is not good for me. Any idea? PS : this is my smb.conf : (I also tried to deal with lient lanman auth = Yes but without success) # Samba config file created using SWAT # from my.desktop.ip.addr (my.desktop.ip.addr) # Date: 2003/07/08 10:37:38 # Global parameters [global] workgroup = MYDOM netbios name = MYSRV server string = Samba 3.0.0beta2 interfaces = eth0 security = DOMAIN password server = ip.of.my.dc client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.smbd max log size = 8000 show add printer wizard = No preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no invalid users = root [data] path = /mnt/homes valid users = AD2+domain_users admin users = AD2+mynamevi /etc/sam read only = No -- Vincent -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind in samba3-beta2 is broken compered to samba3-beta1on solaris
I compiled samba3-beta2 with the same argument, kerberos- and ldap libraries as for samba3-beta1. The ADS join worked as it should. I am using the same smb.conf file as before: # Samba config file created using SWAT # from 10.0.0.254 (10.0.0.254) # Date: 2003/06/03 15:37:08 # Global parameters [global] workgroup = SAMBA-NET password server = * ads server = w2003server realm = TEST.SE netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix2/255.255.0.0 bind interfaces only = Yes ;client use spnego = no ;use spnego = no security = ads private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/TEST.SE/%U template shell = /bin/sh winbind use default domain = Yes ;winbind use default domain = No wins server = w2003server With samba3-beta2 I can't do: wbinfo -u wbinfo -g But I can do: wbinfo -n patrikg Everything worked fine with samba3-beta1. What is changed in samba3-beta2 for winbind ? -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is it sombody who has a working pam.conf for Solaris 9 ?
Hi, I am trying to setup PAM for telnet on my solaris 9 box and the pam_winbind grant me access but I recieve a acount failure: Jul 4 13:29:59 clusterix1 pam_winbind[9688]: user 'patrikg' granted acces Jul 4 13:29:59 clusterix1 login[9688]: login account failure: Permission denied The values in pam.conf for winbind is: login auth required /usr/lib/security/pam_winbind.so other auth sufficient /usr/lib/security/pam_winbind.so login account sufficient /usr/lib/security/pam_winbind.so other account sufficient /usr/lib/security/pam_winbind.so login session sufficient /usr/lib/security/pam_winbind.so What have I missed ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How fix the Error loading module messages on samba3-beta1and 2
I know the Q has been asked before, but I havn't seen any answers. On any samba command the following errors occur: Error loading module '/usr/local/samba/lib/charset/CP850.so': ld.so.1: bin/testp arm: fatal: /usr/local/samba/lib/charset/CP850.so: open failed: No such file or directory Conversion from UCS-2LE to CP850 not supported Error loading module '/usr/local/samba/lib/charset/CP850.so': ld.so.1: bin/testp arm: fatal: /usr/local/samba/lib/charset/CP850.so: open failed: No such file or directory Conversion from UTF8 to CP850 not supported Error loading module '/usr/local/samba/lib/charset/CP850.so': ld.so.1: bin/testp arm: fatal: /usr/local/samba/lib/charset/CP850.so: open failed: No such file or directory Conversion from 646 to CP850 not supported Error loading module '/usr/local/samba/lib/charset/CP850.so': ld.so.1: bin/testp arm: fatal: /usr/local/samba/lib/charset/CP850.so: open failed: No such file or directory How do you fix that ? I running Samba3 on Solaris. /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Questions about w2003 server
To be full ADS member in W2003 server you have to use Samba 3(-beta1). You have to compile Samba 3 with kerberos and ldap support to get ADS support within Samba. /Patrik Johan wrote: Greetings and Thank You in advance to anyone who responds to this message. As the saying goes long time listener first time caller. Our campus is switching(might I add not with our blessing) to a windows 2003 backend. Since we at the library prefer to stay Linux/FreeBsd we are searching for information about joining a Samba Server to a 2003 environment. Has anyone been successful in integrating the two? If so could you offer any advice, pointers, roadblocks, showstoppers etc. Thanks Johan Dowdy Cabrillo College Library -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Has anybody used the mysql passdb backend in samba 3-beta1 ?
Any hints for compiling with mysql passdb backend. I set MYSQL_CONFIG to /usr/local/mysql/bin/mysql_config have tried with run configure with --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql The result in config.log was configure:28942: checking how to build pdb_mysql configure:28971: result: not /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3-beta1 as a PDC and using tdbsam as passdb backend ittakes the home-directory info from /etc/passwd
I didn't get any answers so I try again: I am using tdbsam as passdb backand. I have added root user with pdbedit. The machine trust account was added on the fly. I have added the user with pdbedit. I have created the user in /etc/passwd. When the user logs in from a W2k and mounts the home-directory I noticed that Samba didn't take the home-directory information from tdbsam, it took it from /etc/passwd. Is that correct ? I assumed it would use the info in tdbsam. /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Setting up 3.0 to authenticate to AD
I got the same problem, but I recompiled Samba using the latest kerberos for MIT (1.3) and that works. /Patrik Norris, Brent wrote: Ok I changed my samba entries in pam.d and now I get a login box, but I still cannot login. Here is what the log file for my machine shows now: [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:33:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(175) Failed to verify incoming ticket! [2003/06/19 09:34:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(221) Username bnorris is invalid on this system Anyone got any ideas? Well, I have the same exact problem as you. I have everything setup right so that wbinfo pulls all information fine. I can Kerberos too. But, can't login from the network. I thought it was PAM, but no for me either. I've posted about this a couple of times, to no avail. Hope someone answers yours! -Original Message- From: Norris, Brent [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 10:14 AM To: Chip Bell Subject: RE: [Samba] Setting up 3.0 to authenticate to AD Sounds like you set up winbind..did you do pam? I was under the impression from the documentation that pam only needed to be changed if you wanted to be able to use the accounts to login as far as telnet, ssh, ftp type stuff. It states that winbindd and samba should be working together and that they /etc/pam.d/samba didn't need changing. Though mine looks like this: auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth While the doc's only has the two lines: authrequired/lib/security/pam_stack.so service=system-auth account required/lib/security/pam_stack.so service=system-auth I wasn't attempting to change it though since that is what the samba rpm put in there. Perhaps I should change it to look like the one in the docs?? Brent -- output from testparm - Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [public] Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = STU realm = STU.EDMONSON.K12.KY.US server string = Linux File Server security = ADS log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 10.76.16.50 winbind separator = + winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [public] comment = Public Stuff path = /home/samba write list = bnorris guest ok = Yes -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Strange UID/GID mapping in Samba-3beta1 and Win2003 server
I have strange uid/gid problem. I am testing Samba 3-beta1 and Samba is ADS member to W2003 server. Everythings work, wbinfo, getent passwd and so on. Now to the problem: When I list the users with getent passwd I get: Administrator:x:1:1:Administrator:/global/mnt1/SAMBA/home/TEST.SE/administrator:/bin/sh Guest:x:10001:10002:Guest:/global/mnt1/SAMBA/home/TEST.SE/guest:/bin/sh krbtgt:x:10002:1:krbtgt:/global/mnt1/SAMBA/home/TEST.SE/krbtgt:/bin/sh root:x:10003:1:root:/global/mnt1/SAMBA/home/TEST.SE/root:/bin/sh patrikg:x:10004:1:patrik Gustavsson:/global/mnt1/SAMBA/home/TEST.SE/patrikg:/bin/sh fmuser:x:10005:1:fmuser:/global/mnt1/SAMBA/home/TEST.SE/fmuser:/bin/sh When I list the users with wbinfo -u Administrator Guest krbtgt root patrikg fmuser When I am using a W2k client and log into the W20003 Server and access a share on Samba with my user (patrikg) is remaped to pgpc (10.0.0.140) connect to service profiles initially as user TEST.SE\patrikg (uid=10006, gid=10003) That uid 10006 and group 10003 can't be displayed with getent passwd and getent group. Why do I get uid 10006 when I should have 10004 ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange UID/GID mapping in Samba-3beta1 and Win2003 server
Yes, I'm running winbindd and it's defined in nsswitch.conf. /Patrik Andrew Bartlett wrote: On Mon, 2003-06-23 at 19:10, Patrik Gustavsson PS Sweden Senior Technical Consultant wrote: I have strange uid/gid problem. I am testing Samba 3-beta1 and Samba is ADS member to W2003 server. Everythings work, wbinfo, getent passwd and so on. Now to the problem: When I list the users with getent passwd I get: Administrator:x:1:1:Administrator:/global/mnt1/SAMBA/home/TEST.SE/administrator:/bin/sh Guest:x:10001:10002:Guest:/global/mnt1/SAMBA/home/TEST.SE/guest:/bin/sh krbtgt:x:10002:1:krbtgt:/global/mnt1/SAMBA/home/TEST.SE/krbtgt:/bin/sh root:x:10003:1:root:/global/mnt1/SAMBA/home/TEST.SE/root:/bin/sh patrikg:x:10004:1:patrik Gustavsson:/global/mnt1/SAMBA/home/TEST.SE/patrikg:/bin/sh fmuser:x:10005:1:fmuser:/global/mnt1/SAMBA/home/TEST.SE/fmuser:/bin/sh When I list the users with wbinfo -u Administrator Guest krbtgt root patrikg fmuser When I am using a W2k client and log into the W20003 Server and access a share on Samba with my user (patrikg) is remaped to pgpc (10.0.0.140) connect to service profiles initially as user TEST.SE\patrikg (uid=10006, gid=10003) That uid 10006 and group 10003 can't be displayed with getent passwd and getent group. Why do I get uid 10006 when I should have 10004 ? This looks like you are not running winbindd, and have found the bugs in beta 1. This has been fixed in current Samba 3.0 CVS. If you were running winbind, was it configured in nsswitch? Andrew Bartlett -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] My Samba 3.0beta1 stopped working as ADS member
I had a working Samba 3.0beta1 as ADS member of a W2003 server. My w2000 client could log in to the W2003 server and use services on Samba (home directory). Winbind is working. So I tried to re-do all my work again. And suddenly the w2k can use any services on Samba anymore. The output from the logfile tells me it's kerberos problem: [2003/06/18 08:35:03, 3] libads/kerberos_verify.c:(126) krb5_rd_req with auth failed (Bad encryption type) [2003/06/18 08:35:03, 1] smbd/sesssetup.c:(175) Failed to verify incoming ticket! [2003/06/18 08:35:03, 3] smbd/error.c:(94) error string = No such file or directory Winbind/wbinfo works as it should. I know what problem it is, but not WHY and not HOW to fix it ? /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I am testing Samba 3beta1 as a PDC and have a Q about it'sbehaviure
I am using tdbsam as passdb backand. I have added root user with pdbedit. I have added the machine trust account with pdbedit. I have added the user with pdbedit. I have created the user in /etc/passwd. When the user logs in from a W2k and mounts the home-directory I noticed that Samba didn't take the home-directory information from tdbsam, it took it from /etc/passwd. Is that correct ? I assumed it would use the info in tdbsam. /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinBind - 3.0.0beta1
What I did for getting winbind to work with Windows 2003 ADS. 1) Compiled Samba with both kerberos and ldap support. If you don't do this it will not work. 2) Configure kerberos klient on your server. 3) Then I ran net ads JOIN -U administrator My smb.conf # Global parameters [global] workgroup = SAMBA-NET password server = * ads server = w2003server realm = TEST.SE netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix1/255.255.0.0 bind interfaces only = Yes security = ads private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/%D/%U template shell = /bin/sh winbind use default domain = Yes wins server = w2003server Brett Hales wrote: I am trying to get WinBind working against Windows 2000 ADS. I am following the document http://de.samba.org/samba/devel/docs/html/winbind.html. I have successfully joined the samba server to the PDC domain. /usr/local/samba/bin/net join -S PDC -U Administrator The winbindd starts successfully however when I try to use wbinfo -u it returns. [EMAIL PROTECTED] root]# /usr/local/samba/bin/wbinfo -u Error looking up domain users And the /usr/local/samba/var/log.winbindd log file contains the below. [2003/06/16 14:57:03, 1] nsswitch/winbindd_util.c:add_trusted_domain(138) Added domain AU.MYDOMAIN.COM [2003/06/16 14:57:03, 1] nsswitch/winbindd_util.c:init_domain_list(214) Could not fetch sid for our domain AU.MYDOMAIN.COM My samba.conf is [EMAIL PROTECTED] lib]# cat smb.conf [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes workgroup = AU.MYDOMAIN.COM security = domain password server = myad01 Can anybody advise why this is not working. -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem to get winbind working for Samba3-beta1 on Solaris9 against W2003 PDC
My smb.conf global] workgroup = SAMBA-NET password server = * ;ads server = w2000server netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix1/255.255.0.0 bind interfaces only = Yes client use spnego = no ;use spnego = no security = domain private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/%D/%U template shell = /bin/sh winbind use default domain = Yes I have joined the W2003 server and created the trust account. But winbind can't retrieve any users and group. Do I have to configure realm and ads server parameters to get winbind to work ? Or have I missed something else ? -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems joining W2003 PDC with Samba 3.0 alpha 24
I know the Q has been asked, but I havn't seen the answer. I have PDC in native mode The ADS name is test.se The domain-name is SAMBA-NET The name of the pdc is W2003SERVER ( 10.0.0.20) In smb.conf have the following settings workgroup = SAMBA-NET ; ads server = 10.0.0.20 password server = W2003SERVER netbios name = SAMBA server string = Samba (%v) domain (%h) interfaces = hahostix1/255.255.0.0 bind interfaces only = Yes security = domain private dir = /global/mnt1/SAMBA/private log file = /global/mnt1/SAMBA/logs/logfile lock dir = /global/mnt1/SAMBA/locks pid directory = /global/mnt1/SAMBA/var/locks idmap uid = 1-2 idmap gid = 1-2 template homedir = /global/mnt1/SAMBA/home/%D/%U template shell = /bin/sh winbind use default domain = Yes I recieve the following errors when I run the net command # net -s /global/mnt1/SAMBA/lib/smb.conf -S W2000SERVER JOIN -U Administrator [2003/06/05 13:30:43, 1] libsmb/cliconnect.c:(1274) failed tcon_X with NT_STATUS_DUPLICATE_NAME [2003/06/05 13:30:43, 1] utils/net.c:(177) Cannot connect to server (anonymously). Error was NT_STATUS_DUPLICATE_NAME Password: [2003/06/05 13:30:46, 0] libsmb/ntlmssp_sign.c:(182) NTLMSSP packet check failed due to invalid signiture! [2003/06/05 13:30:46, 1] libsmb/cliconnect.c:(1274) failed tcon_X with NT_STATUS_ACCESS_DENIED [2003/06/05 13:30:46, 1] utils/net.c:(148) Cannot connect to server. Error was NT_STATUS_ACCESS_DENIED I have tried to set: password server = * security = ads ads server = 10.0.0.20 But I get the same problem. Please advice /Patrik -- In a world without fences who needs Gates Patrik Gustavsson, Senior Technical Consultant [EMAIL PROTECTED] Telephone: +46 60 671540 http://glen.swedenMobile: +46 70 3551040 SUN MICROSYSTEMS Fax: +46 60 671550 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
