[Samba] smb and ldap
hello what are the causes for following lines in syslog: smbd[20891]: nss_ldap: reconnecting to LDAP server... Feb 17 17:33:42 localhost smbd[20891]: nss_ldap: reconnected to LDAP server after 1 attempt(s) thanx for any pointers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net vampire accounts of Windows 2000 AD
Le vendredi 11 février 2005 à 09:09 +0200, David Wilson a écrit : Hi guys, We are looking at migrating a Windows 2000 AD domain controller to Samba. Can the same net vampire procedure be used to migrate user accounts and passwords to the new Samba domain controller ? Any other pitfalls which you can think of off hand ? yes, i have succesfully done such a migration, in a test environnment. it is almost the same as with nt4 PDC migration. i followed http://samba.idealx.org/smbldap-howto.fr.html#htoc75 most difficult part is migrating user profiles, policies and such. good luck Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- Thomas Constans http://www.opendoor.fr 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] poor performances at the end of the day
hello list here is the setup: a domain controller with ldap backend. os is debian testing with custom 2.6.9 kernel samba version 3.0.10-1 openldap version 2.1.30-3 local profiles only clients are mainly nt4 sp6, some win xp pro approximately 30 win users + 1 or 2 diskless linux station for testing purpose (ltsp ). 16 directories shared by server, including homedirs, with acl support ( 20GO og data ) here is the setup: users experience network slowdown at the end of the work day ( slow transfer, slow win epxlorer operations ... ). cpu and net load on server side is insignifiant ( it is an oversized dual p4 w/ giga ethernet and 4 Gig of ram ). i dont even know if the problem is related to samba, i am just expecting some idea as to where/what to look at. relevant portion of smb.conf: netbios name = server server string = controleur du domaine workgroup = gr_travail domain logons = true domain master = true os level = 35 prefered master = yes encrypt passwords = true socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 127.0.0.1 192.168.1.2 passdb backend = ldapsam ldap ssl = No ldap admin dn = cn=admin,dc=gr_travail ldap suffix = dc=rgr_travail ldap machine suffix = ou=machines ldap user suffix = ou=utilisateurs ldap group suffix = ou=groupes log file = /var/log/samba/samba.log log level = 0 load printers = yes printing = cups printcap name = cups dos charset = cp850 unix charset = iso8859-1 relevant portions of slapd.conf: backendbdb database bdb checkpoint 1 5 cachesize 10 idletimeout 20 index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial thanks for your patience and your aswers -- Thomas Constans http://www.opendoor.fr 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC with openldap ?
Le mardi 25 janvier 2005 à 10:44 +0100, Frank Bonnet a écrit : Hi I would like to setup a _test_ samba server that will act as a PDC and that will use a OpenLDAP server to authenticate users. Infos links tricks help greatly appreciate. google idealx.org http://samba.org/samba/docs/man/ cordialement Thanks by advance. -- Cordialement/Regards Frank Bonnet -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] really needs help on compiling samba 3.0.9 with ldap
Le mardi 04 janvier 2005 à 14:04 +0700, Adi Nugraha a écrit : /usr/bin/ld: cannot find -lgssapi_krb5 collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 looks like you are missing some libs: try installing kerberos devel packages, or similar BTW, since ldap support is enabled on binary packages, why do you want to compile ? cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] active directory, ldap, accentuated character
hello i am still working on migration an active directory to samba with ldap backend i have problem migrating account with accentuated characters when net rpc vampire find such account, it warn me about: failed to add entry: cn: value #0 invalid per syntax at /usr/local/sbin//smbldap_tools.pm line 559, DATA line 283. how can i make openldap to accept dn with accentuated character ? any idea ? thanks for your answers -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profiles migration
hello i am actually working on migrating a windows 2000 active directory to samba v3, ldap backend so far i have successfully vampirized account information in my ldap tree. i am looking for a way to migrate roaming profiles. simple copy does not work ( it complains about files being in use ). moving profile from system properties is not automated enough since it is on a per user basis. are they any solution ? thanx for answering -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vampire fails because of Debian smbldap-tools problem
Le mar 23/11/2004 à 05:35, Geoff Scott a écrit : Hi people, As usual I've tried a number of different approaches to this problem and can't figure it out. I don't have enough knowledge. Every time I do net rpc vampire I get this crap spewed at me: Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, CONFIGFILE line 233. Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, CONFIGFILE line 245. it looks like there is a problem in your config file ( smbldap-tools.conf ). you should double-check syntax and verify proper location don't know if it's relevant but according to my installation of smbldap-tools from tgz, configuration files should be in /etc/smbldap-tools and debian package don't create this directory. you should check /usr/share/doc/smbldap-tools/README.Debian.gz for proper install instruction erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad hostname '' apparently variable hostname is not initialized. hope this help BTW i use tgz version of smbldap-tools on debian, they are more up-to-date, and aparently better packaged. -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] solaris 5 and samba
hello i have to setup a bunch of sun solaris 2.5.1 to authenticate to a win 2000 Active Directory server. my understanding is that i have to have all the stations to be member server, each with samba / winbind running i guess that i need to use samba 3, is it installable on these old solaris ? thanx for answering. -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
hello
i have finally set up the following configuration:
debian testing / samba-3.07 member of a w2k Active Directory, security
=ads
now i am able to:
- list users and group with wbinfo -u | -g
- authenticate domain users via pam_winbind
- list and connect to share on AD server with kerberos ( smbclient -k )
- list and connect to share on SAMBA server _from_samba_server_ (
smbclient -k //SAMBA_SERVER/
_BUT_ trying to connect to samba share from AD server (net use *
\\SAMBA_SERVER\share ) prompt me for a password and log gives me the
famous failed to verify incoming ticket :
[2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614)
Server exit (process_smb: send_smb failed.)
[2004/10/20 09:24:42, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
i have try to play with enc-type in krb5.conf to no avail.
here is my krb5.conf:
[libdefaults]
default_realm = OPENDOOR.NET
[realms]
OPENDOOR.NET = {
kdc = nicotine.opendoor.net:88
}
output of klist -5e :
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
10/20/04 11:40:14 10/20/04 21:40:14 krbtgt/[EMAIL PROTECTED]
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:33 10/20/04 21:40:14 [EMAIL PROTECTED] (
samba server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
10/20/04 11:40:49 10/20/04 21:40:14 [EMAIL PROTECTED]
( AD server )
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
installed package:
debian testing
samba 3.0.7-1
samba-common3.0.7-1
libkrb531.3.4-4
krb5-user 1.3.4-4
any idea ?
--
-- Thomas Constans --
http://www.opendoor.fr
[EMAIL PROTECTED]
04 78 68 17 34
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
Sorry for bothering you afet upgrading the AD server to SP4, i am finally able to browse and connect to samba-member shares sorry for wasting your time Le sam 16/10/2004 à 14:05, thomas constans a écrit : hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans [EMAIL PROTECTED] openDoor.fr -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans [EMAIL PROTECTED] openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] member server and kerberos
hello
i have been struggling for to long trying to setup the following
configuration:
debian samba 3 member server of a win 2000 AD
here is my configuration:
## smb.conf ##
[global]
log level = 4
interfaces = 192.168.10.11/255.255.255.0
workgroup = datom
realm = datom.dyndns.org
server string = samba membre
security = ads
netbios name = cafeine
log file = /var/log/samba/samba.log
max log size = 50
idmap uid = 1-2
idmap gid = 1-2
password server = nicotine.datom.dyndns.org
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
domain logons = no
dns proxy = no
obey pam restrictions = Yes
winbind separator = /
inherit acls = yes
inherit permissions = yes
admin users = DATOM.DYNDNS.ORG/administrateur
winbind enum users = yes
winbind enum groups = yes
[share]
comment = partage
path = /home/samba
browseable = yes
## krb5.conf ##
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
#ticket_lifetime = 24000
default_realm = DATOM.DYNDNS.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DATOM.DYNDNS.ORG = {
kdc = NICOTINE.DATOM.DYNDNS.ORG:88
admin_server = DATOM.DYNDNS.ORG:749
default_domain = DATOM.DYNDNS.ORG
}
[domain_realm]
.datom.dyndns.org = DATOM.DYNDNS.ORG
datom.dyndns.org = DATOM.DYNDNS.ORG
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
## nsswitch.conf ##
passwd:files winbind #ldap
group: files winbind #ldap
shadow:files #ldap
tests effectués:
# kinit administrateur + mdp - ok
# net ads join
[2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283)
ads_add_machine_acct: Host account for cafeine already exists -
modifying old account
Using short domain name -- DATOM
Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG'
# klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
10/15/04 13:50:20 10/15/04 23:50:20
krbtgt/[EMAIL PROTECTED]
10/15/04 13:50:54 10/15/04 23:50:20 [EMAIL PROTECTED]
10/15/04 13:50:55 10/15/04 23:50:20 kadmin/[EMAIL PROTECTED]
# wbinfo -D datom
Name : DATOM
Alt_Name : datom.dyndns.org
SID : S-1-5-21-1214440339-616249376-839522115
Active Directory : Yes
Native: No
Primary : Yes
Sequence : -1
# wbinfo -g
BUILTIN/System Operators
BUILTIN/Replicators
BUILTIN/Guests
BUILTIN/Power Users
BUILTIN/Print Operators
BUILTIN/Administrators
BUILTIN/Account Operators
BUILTIN/Backup Operators
BUILTIN/Users
BUT
# wbinfo -u
Error looking up domain users
i suspect a kerberos configuration issue because reverting to a security
= domain model, and everything works perfectly
can anybody shed a light on this ???
thanx in advance
--
thomas constans [EMAIL PROTECTED]
openDoor.fr
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
