RE: [Samba] UTMP duplicated entries
I know this might be a stupid question but how can I view my utmp file to see who is connected to the server via smb connection? -Original Message- From: Kaplan, Marc [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 1:56 PM To: Fabiano Caixeta Duarte; SAMBA Maillist Subject: RE: [Samba] UTMP duplicated entries Windows does allow duplicate sessions actually. If you net use * \\hostname\share and then net use \\ipaddress\share for the same server you will get two connections to the same server on your client (you can even use different users). Is it possible that this is what some users are doing? Also machines configured as terminal servers allow multiple concurrent logins from the same client. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Fabiano Caixeta Duarte Sent: Wednesday, September 21, 2005 10:40 AM To: SAMBA Maillist Subject: [Samba] UTMP duplicated entries Hi everybody! I've been noticing some strange entries in samba/utmp. I have a lot of 00:00 timed sessions. But the worst problem is that i found some conflicting information. Since windows doesn't allow concurrent login sessions, I think utmp should not have generated the following entries. liana smb/2192.168.0.207 Fri Sep 2 18:43 - 00:52 (06:08) rodrigobaso smb/25 192.168.0.207 Fri Sep 2 17:11 - 18:11 (00:59) josianealomino smb/28 192.168.0.207 Fri Sep 2 15:54 - 16:58 (01:03) liana smb/73 192.168.0.207 Fri Sep 2 14:56 - 15:54 (00:58) rodrigobaso smb/57 192.168.0.207 Fri Sep 2 14:09 - 01:00 (10:50) rodrigobaso smb/57 192.168.0.207 Fri Sep 2 14:09 - 14:09 (00:00) mcicognasmb/29 192.168.0.207 Fri Sep 2 13:05 - 13:56 (00:51) andersongalismb/29 192.168.0.207 Fri Sep 2 09:12 - 13:04 (03:51) cunha smb/2192.168.0.207 Fri Sep 2 08:53 - 08:55 (00:02) marcelomb smb/15 192.168.0.207 Fri Sep 2 08:14 - 08:21 (00:07) tesia smb/8192.168.0.207 Fri Sep 2 07:48 - 01:00 (17:11) tesia smb/8192.168.0.207 Fri Sep 2 07:48 - 07:48 (00:00) The server is a FreeBSD 5.3 with Samba 3.0.14a with 'utmp=yes'. Thanks in advance! Fabiano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] UTMP duplicated entries
You mean utmp=yes Yes I have put this line in the smb.conf and when I run the last command I don't see myself connected to the server via smb connection. But I do see myself when I telnet or ssh into the box. Do I need to be doing anything else. -Original Message- From: Fabiano Caixeta Duarte [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 3:56 PM To: SAMBA Maillist Subject: RE: [Samba] UTMP duplicated entries On Wed, 21 Sep 2005, Talwar, Puneet (NIH/NIAID) wrote: I know this might be a stupid question but how can I view my utmp file to see who is connected to the server via smb connection? I think I didn't understand your question. Is that it? Use the 'last' command :) And you must have umtp=yes in your smb.conf! Fabiano. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] UTMP duplicated entries
I would like if UTMP would be installed with the samba RPM package that comes with the Red Hat system? -Original Message- From: Talwar, Puneet (NIH/NIAID) Sent: Wednesday, September 21, 2005 4:19 PM To: 'Fabiano Caixeta Duarte' Cc: SAMBA Maillist Subject: RE: [Samba] UTMP duplicated entries You mean utmp=yes Yes I have put this line in the smb.conf and when I run the last command I don't see myself connected to the server via smb connection. But I do see myself when I telnet or ssh into the box. Do I need to be doing anything else. -Original Message- From: Fabiano Caixeta Duarte [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 3:56 PM To: SAMBA Maillist Subject: RE: [Samba] UTMP duplicated entries On Wed, 21 Sep 2005, Talwar, Puneet (NIH/NIAID) wrote: I know this might be a stupid question but how can I view my utmp file to see who is connected to the server via smb connection? I think I didn't understand your question. Is that it? Use the 'last' command :) And you must have umtp=yes in your smb.conf! Fabiano. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB User connection Log
Is there anyway I can check if any users are connected to the server via SMB connection and how long have they been connected for? Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind ?
We have an AD env at the org I work for. But the AD that is structured here is little different from a standard AD setup. We have one large domain and then child domain. In the large domain which is the top of the AD tree we have the entire user in that domain and then computer account are on each child domain. Plus, we don't have the schema extended on AD account and no SFU as well. So it kind of makes it tough for us to set group policy and permission. I was able to join the domain through setting up Kerberos and I can have the user log on using there domain credentials. But here is the tricky part I manage to setup winbind and it works fine but as far group permission to access certain folder I need to figure out a way to do that because I have limited admin right on the AD DC. I guess the management is not planning extended schema for UID and GID anytime soon. So that is why I am looking for some solution here where winbind can pull the info from the AD and set the permission and etc. So I would like to know if anybody has a similar AD structure setup at their org and are they doing fix this problem? Ps. The OS I am working on is Red Hat ES -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Restricting winbind to the default domain
I would like to know if I am able to run wbinfo -u and -g option, it works successfully. But when I try to connect from a Win XP box, it say it is not able to connect to the domain controller or access denied. Can you guys help me with this problem? Thanks, -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 11:06 AM To: samba@lists.samba.org Subject: Re: [Samba] Re: Restricting winbind to the default domain On Wednesday 18 May 2005 06:53, Etienne Goyer wrote: Michael Gasch wrote: Etienne Goyer wrote: I want to use winbind in conjunction with nsswitch in a pretty large AD. I would like winbind to only map users in the default domain. As it is, winbind map users in other trusted domain of the AD too, which is *not* what I want. [...snip...] please have a look at allow trusted domains Thank you very much sir, this is precisely what I need. It is worth noting that the smb.conf(5) man page have the following to say regarding this directive : This option only takes effect when the security option is set to server or domain. This is incorrect, as I am running with security = ads, and it apparently do the right thing. I'll try to contact the maintainer of this man page on the subject. Thanks for mentioning this. It has been fixed now. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange problem trying to connect to SMB server
I get the following error message when I try to connect from my WIN XP box. CONFIGURATION INFORMATION COULD NOT BE READ FROM THE DOMAIN CONTROLLER, EITHER BECAUSE THE MACHINE IS UNAVAILABLE, OR ACCESS HAS BEEN DENIED I successfully able join the domain using the net command with winbind config setup. Can someone please help me out here as what I might be doing wrong? Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unable to connect to the SMB server from WIN XP
I am unable to connect to the SMB server from a WIN XP system. I was able to join the DOMAIN using the net command. Here is output I got from the log file. Thanks, auth/auth_domain.c:connect_to_domain_password_server connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine PDC SERVER NAME. Error was : STATUS_BUFFER_OVERFLOW. auth/auth_domain.c:domain_client_validate domain_client_validate: Domain password server not available. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 ADS problem with %g variable
Question, do you have to setup krb5.conf file to get winbind to work properly? __ Puneet Talwar -Original Message- From: Penny Willisson [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 10, 2005 7:31 AM To: samba@lists.samba.org Subject: [Samba] Samba 3 ADS problem with %g variable Hi I have successfully configured my SuSE Linux 9.0 server to use Samba 3.0.14 and accept my Windows 2000 users through Active Directory to access the shares. However I have some shares that have paths that are made up of %g/%U variables. The %U works fine but I cannot get the %g in any format to give me just the group name I get DOMAIN/groupname sent through instead which is making the paths invalid and my share folders inaccessible by the windows clients. I have tried making a directory structure that matches the DOMAIN/groupname and it still isn't happy and I still get a message saying 'path not found' when I try and access the shares. Can anyone give me any ideas how to resolve this? Your help is greatly appreciated. Here is my smb.conf file [global] unix charset = LOCALE workgroup = DOMAIN realm = DOMAIN.COM server string = Samba 3.0.14 security = ADS username map = /etc/samba/smbusers log level = 1 syslog = 3 log file = /var/log/samba/%m max log size = 50 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template primary group = Domain Users template shell = /bin/bash template homedir = /home/%U winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = no password server = * encrypt passwords = yes os level = 2 domain logons = No preferred master = No wins support = Yes keep alive = 60 dead time = 30 [homes] comment = Private Folders (%U) path = /data/private/%U valid users = %S read only = No browseable = No hide dot files = Yes veto files = /bin/public_html/.*/ [People] comment = Users Department Files (%g/%U) path = /data/departments/people/%g/%U read only = No valid users = @%g create mask = 0664 directory mask = 6770 veto files =/*.rem/*dontrem*/ delete veto files = No [Private] comment = Users Private Files (/data/private/%U) path = /data/private/%U read only = No browseable = Yes create mask = 0700 directory mask = 6700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind issue
I am having a strange problem when I connect from a XP box to my Linux box via samba using winbind. I have setup winbind to create my home folder when I log into the Linux box, but the problem I am having is that when connect to the Linux box I see my username folder appear on the screen and when I click on it, it is asking me for my username and password. I am not sure why is that happening? If anybody has encountered a similar problem please let me know. Thanks, ___ Puneet Talwar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] wbinfo -g works, -u fails
I am having the same issue as well, but when I went back to look at the log file, I notice something that got my attention in the log file and try to see on the web if anybody got a similar message, but I didn't have any luck. Here is what I am getting in the log file, when I run the wbinfo -u -g command. [2004/09/17 09:33:08] rpc_client/cli_pipe.c:rpc_api_pipe cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds Puneet Talwar -Original Message- From: Hamish [mailto:[EMAIL PROTECTED] Sent: Friday, September 17, 2004 4:22 AM To: Matt R Cc: [EMAIL PROTECTED] Subject: Re: [Samba] wbinfo -g works, -u fails May sound stupid, but have you checked your nsswitch.conf? I made the mistake of forgetting to add winbind for group and had similar problems, also make sure nscd is not running Matt R wrote: Attempting to get Winbind to authenticate against a Windows 2000 Domain, I am having one odd issue. Running: wbinfo -t returns a successful secret wbinfo -g returns the builtin groups wbinfo -u returns Error looking up domain users None of the documentation I've found points to anything where only -g or -u fails--its always both. Anyone have any ideas? Thanks in advance -Matt __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Home Directory Winbind
I think I am encountering similar problem here. From a Windows box I am able to connect to the server and I can see my username share folder but for some reason it keeps telling me that it can't find the network path found. Could it be that it is not creating the home dir even though I have stated the same line in /etc/pam.d/system-auth file and even after looking at your smb.conf file setting, I have a similar setup. session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077 Please let if you come across similar issue while creating a home dir when the users logs onto the server? Thanks, Puneet Talwar -Original Message- From: Tim Hodgkinson [mailto:[EMAIL PROTECTED] Sent: Thursday, September 16, 2004 3:13 PM To: Ivano Cristofolini Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Home Directory Winbind Finally saw what the problem was -- on my [homes] path = /home/users/%u which should be %U for NT users. Used authconf to handle the pam.d config for winbind. Again thanks for the help! --Tim - Original Message - From: Ivano Cristofolini [EMAIL PROTECTED] To: samba [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:29 PM Subject: Re: [Samba] Home Directory Winbind I haven't tried it myself but I think samba calls the PAM stack with the logging user's privileges while pam_mkhomedir needs to be called as root to work (like telnet servers and such do). Bye, - Ivano Cristofolini Presidio Informatico Ingegneria Direzione Informatica e Telecomunicazioni Università degli Studi di Trento Via Mesiano 77, 38050 Povo(TN), Italy Tel: +39 0461/881940 Fax: +39 0461/882628 On Thu, 16 Sep 2004, samba wrote: LOL! Thanks for the second pair of eyes. Of course now it is saying that pam has rejected the session. Will continue to work on it. Thanks for your help! --Tim - Original Message - From: Ivano Cristofolini [EMAIL PROTECTED] To: Tim Hodgkinson [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 11:10 AM Subject: Re: [Samba] Home Directory Winbind Looks like it could just be homes/home mismatch. Bye, Ivano Cristofolini Presidio Informatico Ingegneria Direzione Informatica e Telecomunicazioni Università degli Studi di Trento Via Mesiano 77, 38050 Povo(TN), Italy Tel: +39 0461/881940 Fax: +39 0461/882628 On Thu, 16 Sep 2004, Tim Hodgkinson wrote: Greetings, Trying to find a solution to creating home directories by using winbind. Have this setup: /etc/pam.d/system-auth: session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077 With smb.conf: # Global parameters [global] workgroup = domain server string = Monarch Server security = DOMAIN map to guest = Bad User obey pam restrictions = Yes password server = server log level = 3 syslog = 0 log file = /var/log/samba/%m max log size = 50 name resolve order = wins lmhosts host bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap preferred master = No local master = No domain master = No dns proxy = No wins server = 172.16.1.100, idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/users/%U winbind separator = + winbind use default domain = Yes read only = No hosts allow = 172., 127. [homes] comment = %U Directories path = /homes/users/%U browseable = No Winbind creates the directory in /home/users/: drwx-- 2 thodgkinson Domain Users 4096 Sep 15 16:25 thodgkinson The problem is that I can not access the directory when browsing to it. tail /var/log/samba/blah: '/homes/users/thodgkinson' does not exist or is not a directory, when connecting to [thodgkinson] Where have I gone wrong? Ideas? Cheers, Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] auto Sync username when connecting SMB using winbind feature
I have question, if I have about 500 Active Directory users on my network and I would like them to connect to my Linux server via SMB from MS Windows box. Would there be any way where I can setup an auto mount of the users home directory on the Linux Server, so I can avoid adding 500 users to the Linux server? Thanks, Puneet Talwar Contractor/CIPS Unix Administrator 31/3B62 301-451-9971 (c) 301-252-5366 Disclaimer: The information in this e-mail and any of its attachments is confidential and may contain sensitive information. It should not be used by anyone who is not the original intended recipient. If you have received this e-mail in error please inform the sender and delete it from your mailbox or any other storage devices. The National Institute of Allergy and Infectious Diseases (NIAID) shall not accept liability for any statement made that are the sender's own and not expressly made on behalf of the NIAID by one of its representatives. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] auto Sync username when connecting SMB using winbind feature
OK, I was able connect to the server from a Windows box and I can see the user name, but when I click on it say network path not found. I assume I am able to establish a connection and the authentication succeeded, but it can't mount the folder. So I am kind a stuck at this point, and would appreciate any help on this issue. Thanks, Puneet Talwar -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 1:56 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] auto Sync username when connecting SMB using winbind feature On Wed, 2004-09-15 at 09:51, Talwar, Puneet (NIH/NIAID) wrote: I have question, if I have about 500 Active Directory users on my network and I would like them to connect to my Linux server via SMB from MS Windows box. Would there be any way where I can setup an auto mount of the users home directory on the Linux Server, so I can avoid adding 500 users to the Linux server? I always find the documentation is a good place to start... http://us1.samba.org/samba/docs/ http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ http://us1.samba.org/samba/docs/man/Samba-Guide/ Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap support error msg
HI, I am trying to install the latest version of Samba on Solaris 9 x86 platform and I am getting this error message that it needs libldap. I thought my default Solaris 9 installs Libldap. Please let me know if someone has been able solve this problem. checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: error: libldap is needed for LDAP support -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't join the Domain
I have Samba 3.0.4 running on Solaris 9 sparc platform. I would like the user use there AD login and password. I have setup similar config on Linux and it works fine. So I am not sure why is not working Solaris 9. Here is the error message I am getting. #net join -U [EMAIL PROTECTED] [2004/06/17 10:04:27] param/loadparm.c:map_parameter Unknown parameter encountered: realm [2004/06/17 10:04:27] param/loadparm.c:lp_do_parameter Ignoring unknown parameter realm Unable to find a suitable server Unable to find a suitable server -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba HOME Share
OK, the problem I am having here is that I have setup winbind, and Kerberos on my Red Hat Linux box to talk to the AD server for user authentication and everything works fine, I can even telnet into the Linux box using the AD account and password and so forth. But when it comes time for me connect to the Linux box from Windows workstation it gives me permission denied msg. I have created a local user account on the Linux box and as well the home directory for the user that has the same username which is on the AD server. If someone has experience a similar problem and have solved this issue please let me know. Thanks, - Puneet Talwar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba HOME Share
I believe it is 3.0.2. Strange thing is that I can see the share folder but when I click on my username folder then I get the permission denied msg. -- Puneet Talwar -Original Message- From: Rashid N. Achilov [mailto:[EMAIL PROTECTED] Sent: Friday, May 07, 2004 7:50 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba HOME Share On Friday 07 May 2004 18:44, Talwar, Puneet (NIH/NIAID) wrote: OK, the problem I am having here is that I have setup winbind, and Kerberos on my Red Hat Linux box to talk to the AD server for user authentication and everything works fine, I can even telnet into the Linux box using the AD account and password and so forth. But when it comes time for me connect to the Linux box from Windows workstation it gives me permission denied msg. I have created a local user account on the Linux box and as well the home directory for the user that has the same username which is on the AD server. If someone has experience a similar problem and have solved this issue please let me know. Is it Samba 3.0.2 - 3.0.3? When true, this version contains a bug working with homedirs. I have asked Carter already, but still haven't receive any answer. Try to Add network place from Windows and go thgouth it first time. Second time homedir share will be visible. -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://granch.ru/~shelton Granch Ltd. system administrator, e-mail: achilov [at] granch [dot] ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba HOME Share
Well I have created the home dir with same name for the Windows user and yes I am trying to pull the home dir from the Linux machine. Plus, I am experiencing another problem now. When I am trying to log into the Linux machine via console it is taking a long time to login. Even if I try to login with Windows user AD account or local root account. HMMM What can cause this problem? -- Puneet Talwar -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Friday, May 07, 2004 8:40 AM To: Talwar, Puneet (NIH/NIAID) Cc: 'Rashid N. Achilov'; [EMAIL PROTECTED] Subject: Re: [Samba] Samba HOME Share If you're using winbind and you can log in with the user on your linux box, it sounds like you're almost there. Have you: 1. Created a dir on the linux machine with the name of your windows user 2. Set owner of said directory to the windows user 3. made sure the [homes] section is still there 4. defined (in AD) the location of your home directory to be \\linuxbox\windowsuser This is all assuming that you were trying to pull the home directory from the linux machine. If you're trying to go the other direction (home dir on win) you need a different setup. It's been discussed here, but I don't know what to do for it. Talwar, Puneet (NIH/NIAID) wrote: I believe it is 3.0.2. Strange thing is that I can see the share folder but when I click on my username folder then I get the permission denied msg. -- Puneet Talwar -Original Message- From: Rashid N. Achilov [mailto:[EMAIL PROTECTED] Sent: Friday, May 07, 2004 7:50 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba HOME Share On Friday 07 May 2004 18:44, Talwar, Puneet (NIH/NIAID) wrote: OK, the problem I am having here is that I have setup winbind, and Kerberos on my Red Hat Linux box to talk to the AD server for user authentication and everything works fine, I can even telnet into the Linux box using the AD account and password and so forth. But when it comes time for me connect to the Linux box from Windows workstation it gives me permission denied msg. I have created a local user account on the Linux box and as well the home directory for the user that has the same username which is on the AD server. If someone has experience a similar problem and have solved this issue please let me know. Is it Samba 3.0.2 - 3.0.3? When true, this version contains a bug working with homedirs. I have asked Carter already, but still haven't receive any answer. Try to Add network place from Windows and go thgouth it first time. Second time homedir share will be visible. -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Winbind ?
I have a question about Samba and Winbind setup. I have successfully setup Samba, Winbind and Kerberos w/out any problems and I am even able to pull all the info from the AD user list running the wbinfo -u, and -g and the getent passwd as well. The question I have is when it comes time to login to the Linux box from via console using my AD account and password it for some reason fail to do so, so I was wondering do I need to create a local account the linux which has the same username in the passwd file? Thanks, Puneet -- Puneet Talwar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS Help
I have been having a hard time login into a RH AS 3.0 using my MS AD account and password. I did successfully setup winbind, krb5 and samba w/out any major complications. But when it came to login I investigate as to why I am not able to log into the linux box using my AD account and password. I used the following URL example to setup winbind and samba. http://www.wlug.org.nz/ActiveDirectorySamba http://www.wlug.org.nz/ActiveDirectorySamba As well here is my /etc/pam.d/login file. #%PAM-1.0 authrequired pam_securetty.so authsufficient pam_winbind.so authsufficient pam_unix.so use_first_pass authrequired pam_stack.so service=system-auth authrequired pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth passwordrequired pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so -- Puneet Talwar Contractor - CIPS UNIX Administrator Rockledge 6610/2058 301-451-9971 (c) 301-252-5366 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.3 installing issue
I am trying to install Samba 3.0.3 on Solaris 9 and when I execute the configure command I get the following error msg. I did install the latest version of openldap and set the env variable for the ldap lib. If anyone has encountered similar problem please let me know. #./configure --with-ads --with-krb5=/usr --with-pam --with-pam_smbpasss --with-syslog --with-libsmbclient --with-winbind .. ... .. checking for LDAP support... auto checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... yes checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.3 installing issue
Well I did do that as well and ran the crle command. HMMM What else can I be missing here? -Original Message- From: Erwin Fritz [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 4:50 PM To: Talwar, Puneet (NIH/NIAID) Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.3 installing issue You need to set your LD_LIBRARY_PATH to include the directory where your LDAP libraries are. Try that. I'm also, as I type this, wrestling with Solaris 9, Samba 3.0.3, and getting winbindd to properly store SID-uid mappings in AD. When you get to that point (if you're heading there), let me know if you run into problems. Erwin Fritz Talwar, Puneet (NIH/NIAID) wrote: I am trying to install Samba 3.0.3 on Solaris 9 and when I execute the configure command I get the following error msg. I did install the latest version of openldap and set the env variable for the ldap lib. If anyone has encountered similar problem please let me know. #./configure --with-ads --with-krb5=/usr --with-pam --with-pam_smbpasss --with-syslog --with-libsmbclient --with-winbind .. ... .. checking for LDAP support... auto checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... yes checking for ldap_init in -lldap... yes checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC
HI, I saw your e-mail on the web and I am having exactly the same problem running Red Hat AS 3.0. can you please let me know what security parameter you have changed in smb.conf to get wbinfo to work properly with -u -t -g and as well getent option. Thanks, -- Puneet Talwar Contractor - CIPS UNIX Administrator A bit of success! I've change the security parameter in smb.conf to domain and the windbind pipe is created OK and running wbinfo -u -g -t -p and getent is all good. Obviously this doesn't give me full AD support but it's better than nothing. I can only think that because we have multiple DC's for different domains on our WAN winbindd wasn't starting correctly as it was in the process of still scanning them - looking at log.winbindd at one point it didn't come back for close to 4 hours after the process was started. Does anyone know if there is any way to configure samba/winbind to only connect to the local AD domain rather than hunting down all the DC's in every domain. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: winbind/wbinfo not pulling info from W2K AD PDC
HI,
I am sorry I forgot to post the problem that I am having. It is the same
issue who posted this e-mail originally. Please let me know what should I do
to fix the problem that I am having.
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
Edit /etc/krb5.conf
[libdefaults]
default_realm = KERBEROS.REALM
[realms]
KERBEROS.REALM = {
kdc = kerberos.server - should :88 be appended to
this line?
}
[domain_realms]
.kerberos.server=KERBEROS.REALM
#net ads join -U administrator
password:
Joined 'SERVERNAME' to realm 'DOMAIN'
#kinit administrator at KERBEROS.REALM
password:
#smbclient //servername/share -k
smb //
Up to here everything is OK and the server account can be seen in AD.
#ls -l /lib | grep libnss_winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
#ldconfig -v | grep winbind
libnss_winbind.so - libnss_winbind.so.2
Edit /etc/samba/smb.conf
[global]
realm = KERBEROS.REALM
security = ADS
encrypt passwords = yes
password server = kerberos.server
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
#testparm
Load smb config file from /etc/samba/smb.conf
Loaded services file OK
'winbind separator = +' might cause problems with group membership
server role: ROLE_DOMAIN_MEMBER
#net rpc join -S PDC -U administrator
password:
Joined domain DOMAIN
#winbindd -B
# wbinfo -u
Error looking up domain
#wbinfo -g
Error looking up domain
# wbinfo -t
Checking the trust secret vi RPC calls failed
Error code was (0x0)
Could not check secret
#wbinfo -p
Ping to winbindd failed on fd-1
Could not pin winbindd!
# ps -ae | grep winbindd
PID winbind
PID winbind
This is the output from /var/log/samba/log.winbind
[2004/02/13 13:35:47, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.2 started.
Copyright The Samba Team 2000-2004
[2004/02/13 13:35:47, 0] libsmb/cliconnect.c:cli_session_setup_spnego(724)
Kinit failed: Preauthentication failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA-UK uk.informa.com
S-1-5-21-1547161642-839522115-68200333
0
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2004/02/13 13:35:47, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password HOST/data-cl2a at UK.INFORMA.COM failed:
Preauthenticati
on failed
[2004/02/13 13:35:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(65)
ads_connect for domain INFORMA-UK failed: Preauthentication failed
[2004/02/13 13:35:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find KDC
for
requested realm)
[2004/02/13 13:35:47, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA informa.com S-1-5-21-872949640-2421699758-2984176268
[2004/02/13 13:35:48, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain DEFAULT S-1-5-21-2136767079-1738235858-945835055
[2004/02/13 13:35:49, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain AGRA_UK S-1-5-21-591026277-1029915393-619646970
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain MRC_UK S-1-5-21-1670978810-1498184290-1845911597
[2004/02/13 13:35:50, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain LLP S-1-5-21-2047764551-82006601-1874078741
[2004/02/13 13:35:51, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain CODA S-1-5-21-1310659078-2099469345-1236795852
[2004/02/13 13:35:52, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain INFORMA_ASIA S-1-5-21-1008349960-465597267-314601362
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain TEST.COM S-0-0
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(516)
spnego_gen_negTokenTarg failed: Cannot find KDC for requested realm
[2004/02/13 13:35:53, 1] nsswitch/winbindd_util.c:add_trusted_domain(166)
Added domain AGRA agra.informa.com
S-1-5-21-1801674531-2139871995-1177238915
[2004/02/13 13:35:53, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for [EMAIL PROTECTED] (Cannot find
KDC for requested realm)
[2004/02/13 13:35:53, 1]
[Samba] WINBIND HELP!!!!
HI, I am trying to setup winbind on Samba 3.0.2 running on Red Hat AS 3.0. I have completed most of the steps of setting up winbind successfully but when it came for me to login in using the AD account username and password, it didn't allow me to login. the error message i am getting is incorrect password or check username. During the setup i tested the wbinfo -u command and i was successfully able to query the AD username list from the MS PDC server. if anyone is encountered similar problem i would glad to listen in on how fix this issue. thanks, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINBIND setup ?
HI, I am trying to setup WINBIND on my Red Hat Linux AS box and I have completed most of the steps but I am encountering come problem when I am joining the samba server to the PDC domain. Below is the syntax I am using: #Smbpasswd -j DOMAIN -r PDC -U Administrator See 'net join' for this functionality Thanks, -- Puneet Talwar Unix Administrator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_smb_auth ?
HI, When I add a samba user with smbpasswd -a command how do I tell I am using pam_smb_auth to authenticate against MS AD running on Red Hat Linux? Thanks, --- Puneet Talwar Unix Administrator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to connect to SAMBA SERVER
I have installed Samba 3.0 beta and when I try to connect to the samba server from Win2ksever, the error messages I see is \\hostname file:///\\hostname is not accessible. Can someone please let me know what I am doing wrong here? Thanks, - Puneet Talwar Unix Administrator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA3.0.0 ADS SETUP
HI, I would like to know some peoples experience on samba authentication against ADS and if so how was the setup procedure and did the authentication part of mechanism work that way you wanted it to? Thanks, Puneet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 beta
HI, I have a question I recently install samba 3.0.0 beta rpm on Red Hat 9 and I would like to know how can I setup that I can authenticate against AD server? Thanks, Puneet - Puneet Talwar Unix Administrator 31/3B62 (D) 301-451-9971 (C) 301-252-5366 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 beta
HI, I have a question, if I installed the rpm version of the software, but I couldn't locate the ADS-HOWTO.txt files. Can you please let me know where I might be able to get from? Thanks, Puneet - Puneet Talwar Unix Administrator -Original Message- From: Tru Pham [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 2:47 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.0 beta Last time I checked, you can do this through Kerberos. Check out the HOWTO on Kerberos and the ADS-HOWTO.txt in samba documentations. Hope this help a bit and good luck. Quoting Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED]: HI, I have a question I recently install samba 3.0.0 beta rpm on Red Hat 9 and I would like to know how can I setup that I can authenticate against AD server? Thanks, Puneet - Puneet Talwar Unix Administrator 31/3B62 (D) 301-451-9971 (C) 301-252-5366 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba - Need Web Email Account? Email [EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
