[Samba] Winbind - Unknown parameter encountered:
Hi all, I'm trying to replicate a setup on a linux samba box what i did on another and I'm having an issue with setup. What i've done is copied my samba.conf file and my krb5.conf file from a working samba/ADS member and for some reason on this new box windbind is not recognizing most of the parameters. If i look in the winbind log file this is what I'm seeing: Unknown parameter enounterd: windbind cache time Unknown parameter enounterd: windbind use default domain Unknown parameter enounterd: admin user Are there are special configs i need to check to be sure these parameters are read correctly??? Any help is apreciated. R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS
Hi all, I have a samba server that authenticates users against a AD Domain controler on a different machine and everything works fine. However, i would find ever so often this machine would stop authenticating people for now apparent reason. Usually i would restart winbind, and samba and everything would start working but even that seems not to work anymore. Are there any other processess i should be stopping/starting/restarting to have my samba server talk to the DC again? Regards, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ADS
MORE INFO: I just noticed that in my samba logs when i get a user that is denied access to my share i get and error message similar to: smbd/service.c:reply_spnego_kerberos(250) Username Domain+Machinename is invalid on this system Why is this happeneing? Why is it specifying the machine name and not the username? My understanding is that my machine should contact the DC and pass the authentication info to the DC for access. Why isnt this happening? - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, January 12, 2005 1:35 PM Subject: [Samba] Samba ADS Hi all, I have a samba server that authenticates users against a AD Domain controler on a different machine and everything works fine. However, i would find ever so often this machine would stop authenticating people for now apparent reason. Usually i would restart winbind, and samba and everything would start working but even that seems not to work anymore. Are there any other processess i should be stopping/starting/restarting to have my samba server talk to the DC again? Regards, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba share for ADS users
Hi all, As per suggested i added a windbind seperator comment in my samba.conf file and followed that up with adminin user=Domain+Some AD user. I expected this to give that AD user full control over the share (read , write , execute) however, if that user tries to create a file in that direcotry he still gets accessed is denied. Right now i have the share owned by a unix user (because i dont know of any why to have it owned by an AD user) non root with 755 as the permissions on all the folders. How do i go about giving and ADS user the ability to create files and folders in that directory without changing the rights to 777 for all files and folders? Thanks, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administering Samba Shares
Hey all, Do any of you have an example configureation file for setting up ADS users for administering samba shares? I have a samber server and its part of my ADS and everything works. However i would like for some of my AD users to be administers on the samba share and have yet to figure out how to do that. IF you have an example of how i can go about doing this I would greatly appreciate it. Thanks, R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SHARE PERMISSIONS
Hi Gurus, I have two veriy basic questions. One is, what permissions are necessar for users to be able to copy files from a samba share? I have a share and the machine is part of my AD domain. Currently, the shar is set to 755 and is owned by root. When a user goes to the share they can see the files but can not copy files from. So what permissions does a user need to copy and is it common to leave shares owned by root? My second question is: Now that my server is on my AD Domain i would like to add my AD account as an administrator for my samba shares. How do i go about doing this wihtou adding everyone in my AD group to the machine. I would rather have samba reference a file or group file to find admins and allow those admins write to share folders. Thanks, R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mixed domain types - ADS.
Hi all, I have a question that seems to be an issue when authenticating users for ADS. Before we went to AD we had a 2k domain called Enterprise. Since then we created a domain called Corporated.net and all went well. Now i'm trying to add my samba server to that domain but when users log in with their old accounts (ie. Enterprise\username) the Samba server does not authenticate that user against the DC. How do i let samba know that my CorporateD.net and Enterprise domain users should be authenticated against the same DC? Thanks in advance, R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mixed domain types - ADS.
The message i'm getting in my windbind log is Could not fetch sid for our domain Enterprise - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 2:03 PM Subject: [Samba] Mixed domain types - ADS. Hi all, I have a question that seems to be an issue when authenticating users for ADS. Before we went to AD we had a 2k domain called Enterprise. Since then we created a domain called Corporated.net and all went well. Now i'm trying to add my samba server to that domain but when users log in with their old accounts (ie. Enterprise\username) the Samba server does not authenticate that user against the DC. How do i let samba know that my CorporateD.net and Enterprise domain users should be authenticated against the same DC? Thanks in advance, R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] kinit(v5) Error
Hi all, I did a search throught the archive and wasnt able to come up with an exact mactch to this error surprisingly. Have any of you experienced: kinit(v5): KDC reply did not match expectations while getting initial credentials error message. If so please point me in the direction of resolving this. Thanks much, R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] General Questions: Regards ADS
Hi all, I have been playing with getting my samba server to participate in an Acive Directory domain for some time and have noticed a couple things about when i get the machine working (or so i think). One is that when the machine joins the domian it always show up as a domain controller. I dont want this to happen. I simply wish for it to be able to authenticate users to its share based on the domain users. Therefore, only users on the domain should be able to get to the samba shares! Up to this point in have been doing the following: 1. relam = MY.REALM 2. security = ADS 3. encrypt passwords = yes and configuring my winbind file. Is this all i have to do? Do i have the wrong impression as to what ADS security provides? Again, all i want to do is avoid having to create a user for EVERYone on my domain and two allow domain users to authenticate to the samba shares. Thanks for your help, R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General Questions: Regards ADS
Thanks Sharif, I'll give that a go. - Original Message - From: sharif islam [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, November 12, 2004 3:20 PM Subject: Re: [Samba] General Questions: Regards ADS On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman [EMAIL PROTECTED] wrote: I have been playing with getting my samba server to participate in an Acive Directory domain for some time and have noticed a couple things about when i get the machine working (or so i think). One is that when the machine joins the domian it always show up as a domain controller. I dont want this to happen. I simply wish for it to be able to authenticate users to its share based on the domain users. Therefore, only users on the domain should be able to get to the samba shares! Up to this point in have been doing the following: 1. relam = MY.REALM 2. security = ADS 3. encrypt passwords = yes and configuring my winbind file. Is this all i have to do? Do i have the wrong impression as to what ADS security provides? Again, all i want to do is avoid having to create a user for EVERYone on my domain and two allow domain users to authenticate to the samba shares. That is right. AFAIK, if you don't tell the samba machine to be a domain controller it won' t be one. It will act like a member server. The user should be able to authenticate via the ADS, no need to create local accounts. Here's my samba setting for ADS: [global] workgroup = REALM realm = REALM.ORG server string = Samba Server security = ADS password server = your domain controller log file = /var/log/samba/samba.log name resolve order = wins lmhosts host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = if you are wins server idmap uid = 1-60 idmap gid = 1-60 winbind cache time = 600 winbind use default domain = Yes strict allocate = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General Questions: Regards ADS
Do you have any idea as to why when I search for the machine in the domain it comes up with a description of domain controller in Actice Directory? If i click on the machine itself it says that its a workstation or server but the main fact that it shows up as domain controller when searched troubles me. Here is what i have in my smb.conf file: [global] workgroup = MYDOMAIN realm = MYDOMAIN.NET server string = Samba Server de Me netbios name = delshare security = ADS password server =addc01 name resolve order = wins lmohosts host bcast preferred master = No local master = No dns proxy = No [public] guest ok = yes public = yes path = /usr/share/public comment = share on machine [homes] guest ok = no read only = no - Original Message - From: sharif islam [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, November 12, 2004 3:20 PM Subject: Re: [Samba] General Questions: Regards ADS On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman [EMAIL PROTECTED] wrote: I have been playing with getting my samba server to participate in an Acive Directory domain for some time and have noticed a couple things about when i get the machine working (or so i think). One is that when the machine joins the domian it always show up as a domain controller. I dont want this to happen. I simply wish for it to be able to authenticate users to its share based on the domain users. Therefore, only users on the domain should be able to get to the samba shares! Up to this point in have been doing the following: 1. relam = MY.REALM 2. security = ADS 3. encrypt passwords = yes and configuring my winbind file. Is this all i have to do? Do i have the wrong impression as to what ADS security provides? Again, all i want to do is avoid having to create a user for EVERYone on my domain and two allow domain users to authenticate to the samba shares. That is right. AFAIK, if you don't tell the samba machine to be a domain controller it won' t be one. It will act like a member server. The user should be able to authenticate via the ADS, no need to create local accounts. Here's my samba setting for ADS: [global] workgroup = REALM realm = REALM.ORG server string = Samba Server security = ADS password server = your domain controller log file = /var/log/samba/samba.log name resolve order = wins lmhosts host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = if you are wins server idmap uid = 1-60 idmap gid = 1-60 winbind cache time = 600 winbind use default domain = Yes strict allocate = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC = Expire passwords
Hi all, I have a Samba PDC setup and i was wondering if anyone knows how i can force the users to change passwords ever x days. My network consists of windows type machines as was as linux based machines. Any help would greatly be apprecitated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ADS
HErE arE my ConF file SMB.conf-- #=== Global Settings === [global] netbios name = smbserver_name realm = MYREALM.NET workgroup = mydomain server string = %h server (Samba %v) password server = addc01.MYREALM.NET security = ADS wins support = yes include = /etc/samba/dhcp.conf dns proxy = no name resolve order = lmhosts host wins bcast Debugging/Accounting log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ### Authentication ### encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes guest account = guest invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . #=== Share Definitions === [homes] comment = Home Directories browseable = yes writable = yes preserver case = yes short preserve case = yes [public] comment = Software and tool downloads browseable = yes path = /usr/share/public writable = no public = yes writable = no create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no === --krb5.conf-- == [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] default_realm = MYREALM.NET [relams] MYREALM.NET= { kdc = addc01.MYREALM.NET } [domain_realms] .addc01.myrealm.net = MYREALM.NET == These are the only files that i have editted to get to this point. I really appreciate your help. - Original Message - From: Tom Skeren To: Rashaad S. Hyndman Sent: Thursday, July 22, 2004 7:25 PM Subject: Re: [Samba] security = ADS Rashaad S. Hyndman wrote: That seems to be an interesting concept but does work in this case for some reason. Here is what i did: C:\Documents and Settings\rshyndmannet use * \\10.55.222.82\public\ System error 67 has occurred. The network name cannot be found.Try right clicking on My Computer and use map-network-drive function. C:\Documents and Settings\rshyndmanping 10.55.222.82 Pinging 10.55.222.82 with 32 bytes of data: Reply from 10.55.222.82: bytes=32 time10ms TTL=64 Reply from 10.55.222.82: bytes=32 time10ms TTL=64 Interesting thing here is that is says name not found but i can ping both by name and ip. You think mapping name to ip in the hosts file will help? Hmmm :-( - Original Message - From: Tom Skeren [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:07 PM Subject: Re: [Samba] security = ADS Yes I've seen this behavior a LOT. I've replied to it. For some reason, the Samba when joined to ads needs to contacted for shares by IP addy. The XP shares then authenticate properly. Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an on the samba server. You'll see the XP box connected to port 445. I suspect that in an ads environment, the XP boxes default to connecting to shares on 445. I suspect smbd, or nmbd are mishandling this when netbios names are used. Rashaad S. Hyndman wrote: Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with klist - list window shares without being prompted with smbclient -k -L windows_servername I can NOT: - use net use * \\smb_servername\share from window based machine. (this resultes in The password or user name is invalid for \\delshare\public (delshare being my samba server name) I have no clue what to do from here. I've looked over my smb.conf file 20 times likewise my krb5.conf file Any suggestions would be greatly appreciated. I've arn out of tests. R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ADS - IT WORKS!!!!!!!!!
sorry about that last email that did not contain the resource i used. I think it was because i copied the contents of a website which could have been considered advertisement because of some of images. In either case enjoy: http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED]; Tom Skeren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:18 PM Subject: Re: [Samba] security = ADS - IT WORKS! Halleluiah! It works. With all the documentation I've read including the official samba-3 howto for setting up ADS none of them mentioned what happened to be the most critical piece of information, winbind! Now I've seen a couple post that mentioned this daemon but it was not included in the official howto's so I skipped over it. In Either case I've included the article that I used to get my samba ADS implementation working. If you have followed other howto's you have probably got 99% of the work done. If you happen to have more questions please feel free to email me and I'll dictate exactly what I have in my environment. Thanks for your input, R. Howto Samba 3 And Active Directory G o o g l e users: We have detected that you were searching for howto samba ads. The Waikato Linux Users Group hope that this page answers your questions, but, if it doesn't, we politely request that if/when you find the answer to your question you contibute your information back into this Wiki (via the Edit button at the bottom of the page) so that others can also find this information easier. We also suggest that if this page doesn't answer your question, try Searching the wiki, or, to find pages similar to this one, try or . What's this? It's a near-copy of ActiveDirectorySamba, but not linked from anywhere and with a lot of stuff deleted? Please don't DisagreeByDeleting. Can someone who has Samba3 experience shed light on the changes between this page and the other? --AristotlePagaltzis ActiveDirectorySamba is a correct howto for setting up Samba 3 with ActiveDirectory. So it's basically a copy paste from there to here and delete the other. -- GerwinVanDeSteeg -- This simple guide is a mostly accurate way to set up a Samba machine as a DomainMember in a Windows 2000 or Windows 2003 ActiveDirectory Domain. The following setup is used: 192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 192.168.0.209 mail.thinclient.test.org (samba3 machine) The Samba system is based upon a stock standard RedHat 9 system with the samba software upgraded to Samba3 (using RPM) The following steps are needed to get the system functioning: 1.. configure name resolution using either dns or a hosts file 2.. configure samba and winbindd 3.. configure kerberos 4.. testing the kerberos configuration 5.. good luck Configure name resolution ActiveDirectory relies HEAVILY on DNS to resolve not only host names but services they provide as well. To set up DNS on the linux box, see the DNSHowTo, otherwise consult necessary Windows documentation on setting up forward AND reverse DNS zones. As a temporarily solution, you can use hosts based authentication, this is ugly and hacky, and should be avoided at all costs. -- JamesSpooner The first step is to configure name resolution for our systems. The kerberos authentication system, which we will configure later on, requires us to be able to do a reverse lookup on an IP address to get a fully qualified domain name (FQDN). There are two ways to do this, the cheap and nasty method is to use a hosts file on both systems, which will have entries similar to the following. Samba machine /etc/hosts 127.0.0.1 mailmail.thinclient.test.org localhost.localdomain localhost 192.168.0.1 test1 test1.thinclient.test.org 192.168.0.209 mailmail.thinclient.test.org Surely it would be better to put the FQDN first, and not alias localhost to a name other than localhost? -- PerryLorier Windows Active Directory server %Systemroot%\System32\drivers\etc\hosts[1] 127.0.0.1 test1 test1.thinclient.test.org localhost.localdomain localhost 192.168.0.1 test1 test1.thinclient.test.org 192.168.0.209 mailmail.thinclient.test.org The correct method is to setup DNS on the server which can be done through the DNS console in the AdministrativeTools section of Windows 2000/2003 Server. We won't go into the details of setting this up here, but we will specify the linux side of that here. /etc/resolv.conf search thinclient.test.org
Re: [Samba] security = ADS - IT WORKS!!!!!!!!!
For sure. I'll do that on the weekend! - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 3:05 PM Subject: Re: [Samba] security = ADS - IT WORKS! Rashaad, While all this is fresh in your mind, and you are still and expert, would you please send me patches for the Samba-HOWTO-Collection and for Samba-Guide so that we can update the documentation. By fixing the documentation others may avoid the pain you went through. - John T. On Friday 23 July 2004 12:40, Rashaad S. Hyndman wrote: sorry about that last email that did not contain the resource i used. I think it was because i copied the contents of a website which could have been considered advertisement because of some of images. In either case enjoy: http://www.wlug.org.nz/HowtoSamba3AndActiveDirectory - Original Message - From: Rashaad S. Hyndman [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED]; Tom Skeren [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:18 PM Subject: Re: [Samba] security = ADS - IT WORKS! Halleluiah! It works. With all the documentation I've read including the official samba-3 howto for setting up ADS none of them mentioned what happened to be the most critical piece of information, winbind! Now I've seen a couple post that mentioned this daemon but it was not included in the official howto's so I skipped over it. In Either case I've included the article that I used to get my samba ADS implementation working. If you have followed other howto's you have probably got 99% of the work done. If you happen to have more questions please feel free to email me and I'll dictate exactly what I have in my environment. Thanks for your input, R. Howto Samba 3 And Active Directory G o o g l e users: We have detected that you were searching for howto samba ads. The Waikato Linux Users Group hope that this page answers your questions, but, if it doesn't, we politely request that if/when you find the answer to your question you contibute your information back into this Wiki (via the Edit button at the bottom of the page) so that others can also find this information easier. We also suggest that if this page doesn't answer your question, try Searching the wiki, or, to find pages similar to this one, try or . What's this? It's a near-copy of ActiveDirectorySamba, but not linked from anywhere and with a lot of stuff deleted? Please don't DisagreeByDeleting. Can someone who has Samba3 experience shed light on the changes between this page and the other? --AristotlePagaltzis ActiveDirectorySamba is a correct howto for setting up Samba 3 with ActiveDirectory. So it's basically a copy paste from there to here and delete the other. -- GerwinVanDeSteeg - - This simple guide is a mostly accurate way to set up a Samba machine as a DomainMember in a Windows 2000 or Windows 2003 ActiveDirectory Domain. The following setup is used: 192.168.0.1 test1.thinclient.test.org (the AD server, hereafter known as the server) 192.168.0.209 mail.thinclient.test.org (samba3 machine) The Samba system is based upon a stock standard RedHat 9 system with the samba software upgraded to Samba3 (using RPM) The following steps are needed to get the system functioning: 1.. configure name resolution using either dns or a hosts file 2.. configure samba and winbindd 3.. configure kerberos 4.. testing the kerberos configuration 5.. good luck Configure name resolution ActiveDirectory relies HEAVILY on DNS to resolve not only host names but services they provide as well. To set up DNS on the linux box, see the DNSHowTo, otherwise consult necessary Windows documentation on setting up forward AND reverse DNS zones. As a temporarily solution, you can use hosts based authentication, this is ugly and hacky, and should be avoided at all costs. -- JamesSpooner The first step is to configure name resolution for our systems. The kerberos authentication system, which we will configure later on, requires us to be able to do a reverse lookup on an IP address to get a fully qualified domain name (FQDN). There are two ways to do this, the cheap and nasty method is to use a hosts file on both systems, which will have entries similar to the following. Samba machine /etc/hosts 127.0.0.1 mailmail.thinclient.test.org localhost.localdomain localhost
[Samba] security = ADS
Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with klist - list window shares without being prompted with smbclient -k -L windows_servername I can NOT: - use net use * \\smb_servername\share from window based machine. (this resultes in The password or user name is invalid for \\delshare\public (delshare being my samba server name) I have no clue what to do from here. I've looked over my smb.conf file 20 times likewise my krb5.conf file Any suggestions would be greatly appreciated. I've arn out of tests. R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ADS
That seems to be an interesting concept but does work in this case for some reason. Here is what i did: C:\Documents and Settings\rshyndmannet use * \\10.55.222.82\public\ System error 67 has occurred. The network name cannot be found. C:\Documents and Settings\rshyndmanping 10.55.222.82 Pinging 10.55.222.82 with 32 bytes of data: Reply from 10.55.222.82: bytes=32 time10ms TTL=64 Reply from 10.55.222.82: bytes=32 time10ms TTL=64 Interesting thing here is that is says name not found but i can ping both by name and ip. You think mapping name to ip in the hosts file will help? Hmmm :-( - Original Message - From: Tom Skeren [EMAIL PROTECTED] To: Rashaad S. Hyndman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 4:07 PM Subject: Re: [Samba] security = ADS Yes I've seen this behavior a LOT. I've replied to it. For some reason, the Samba when joined to ads needs to contacted for shares by IP addy. The XP shares then authenticate properly. Try \\ipaddy-samba-server\share-name. If you connect, do a netstat -an on the samba server. You'll see the XP box connected to port 445. I suspect that in an ads environment, the XP boxes default to connecting to shares on 445. I suspect smbd, or nmbd are mishandling this when netbios names are used. Rashaad S. Hyndman wrote: Hi all, I've been fighting with joining my samba server (debian) to my active directory domain for 4 days now. The problem here is that users in my active directory domain on windows machines are not able to browse my samba shares without being prompted for authentication. I can: - Join the domain from samba server using net ads - View list of tickets when brownsing window shares with klist - list window shares without being prompted with smbclient -k -L windows_servername I can NOT: - use net use * \\smb_servername\share from window based machine. (this resultes in The password or user name is invalid for \\delshare\public (delshare being my samba server name) I have no clue what to do from here. I've looked over my smb.conf file 20 times likewise my krb5.conf file Any suggestions would be greatly appreciated. I've arn out of tests. R. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba