[Samba] smb and ldap
hello what are the causes for following lines in syslog: smbd[20891]: nss_ldap: reconnecting to LDAP server... Feb 17 17:33:42 localhost smbd[20891]: nss_ldap: reconnected to LDAP server after 1 attempt(s) thanx for any pointers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net vampire accounts of Windows 2000 AD
Le vendredi 11 février 2005 à 09:09 +0200, David Wilson a écrit : Hi guys, We are looking at migrating a Windows 2000 AD domain controller to Samba. Can the same net vampire procedure be used to migrate user accounts and passwords to the new Samba domain controller ? Any other pitfalls which you can think of off hand ? yes, i have succesfully done such a migration, in a test environnment. it is almost the same as with nt4 PDC migration. i followed http://samba.idealx.org/smbldap-howto.fr.html#htoc75 most difficult part is migrating user profiles, policies and such. good luck Many thanks. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ Computers are not intelligent. They only think they are. -- Thomas Constans http://www.opendoor.fr 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] poor performances at the end of the day
hello list here is the setup: a domain controller with ldap backend. os is debian testing with custom 2.6.9 kernel samba version 3.0.10-1 openldap version 2.1.30-3 local profiles only clients are mainly nt4 sp6, some win xp pro approximately 30 win users + 1 or 2 diskless linux station for testing purpose (ltsp ). 16 directories shared by server, including homedirs, with acl support ( 20GO og data ) here is the setup: users experience network slowdown at the end of the work day ( slow transfer, slow win epxlorer operations ... ). cpu and net load on server side is insignifiant ( it is an oversized dual p4 w/ giga ethernet and 4 Gig of ram ). i dont even know if the problem is related to samba, i am just expecting some idea as to where/what to look at. relevant portion of smb.conf: netbios name = server server string = controleur du domaine workgroup = gr_travail domain logons = true domain master = true os level = 35 prefered master = yes encrypt passwords = true socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 127.0.0.1 192.168.1.2 passdb backend = ldapsam ldap ssl = No ldap admin dn = cn=admin,dc=gr_travail ldap suffix = dc=rgr_travail ldap machine suffix = ou=machines ldap user suffix = ou=utilisateurs ldap group suffix = ou=groupes log file = /var/log/samba/samba.log log level = 0 load printers = yes printing = cups printcap name = cups dos charset = cp850 unix charset = iso8859-1 relevant portions of slapd.conf: backendbdb database bdb checkpoint 1 5 cachesize 10 idletimeout 20 index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial thanks for your patience and your aswers -- Thomas Constans http://www.opendoor.fr 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC with openldap ?
Le mardi 25 janvier 2005 à 10:44 +0100, Frank Bonnet a écrit : Hi I would like to setup a _test_ samba server that will act as a PDC and that will use a OpenLDAP server to authenticate users. Infos links tricks help greatly appreciate. google idealx.org http://samba.org/samba/docs/man/ cordialement Thanks by advance. -- Cordialement/Regards Frank Bonnet -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] really needs help on compiling samba 3.0.9 with ldap
Le mardi 04 janvier 2005 à 14:04 +0700, Adi Nugraha a écrit : /usr/bin/ld: cannot find -lgssapi_krb5 collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 looks like you are missing some libs: try installing kerberos devel packages, or similar BTW, since ldap support is enabled on binary packages, why do you want to compile ? cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] active directory, ldap, accentuated character
hello i am still working on migration an active directory to samba with ldap backend i have problem migrating account with accentuated characters when net rpc vampire find such account, it warn me about: failed to add entry: cn: value #0 invalid per syntax at /usr/local/sbin//smbldap_tools.pm line 559, DATA line 283. how can i make openldap to accept dn with accentuated character ? any idea ? thanks for your answers -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profiles migration
hello i am actually working on migrating a windows 2000 active directory to samba v3, ldap backend so far i have successfully vampirized account information in my ldap tree. i am looking for a way to migrate roaming profiles. simple copy does not work ( it complains about files being in use ). moving profile from system properties is not automated enough since it is on a per user basis. are they any solution ? thanx for answering -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vampire fails because of Debian smbldap-tools problem
Le mar 23/11/2004 à 05:35, Geoff Scott a écrit : Hi people, As usual I've tried a number of different approaches to this problem and can't figure it out. I don't have enough knowledge. Every time I do net rpc vampire I get this crap spewed at me: Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, CONFIGFILE line 233. Use of uninitialized value in substitution (s///) at /usr/share/perl5/smbldap_tools.pm line 106, CONFIGFILE line 245. it looks like there is a problem in your config file ( smbldap-tools.conf ). you should double-check syntax and verify proper location don't know if it's relevant but according to my installation of smbldap-tools from tgz, configuration files should be in /etc/smbldap-tools and debian package don't create this directory. you should check /usr/share/doc/smbldap-tools/README.Debian.gz for proper install instruction erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad hostname '' apparently variable hostname is not initialized. hope this help BTW i use tgz version of smbldap-tools on debian, they are more up-to-date, and aparently better packaged. -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] solaris 5 and samba
hello i have to setup a bunch of sun solaris 2.5.1 to authenticate to a win 2000 Active Directory server. my understanding is that i have to have all the stations to be member server, each with samba / winbind running i guess that i need to use samba 3, is it installable on these old solaris ? thanx for answering. -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
hello i have finally set up the following configuration: debian testing / samba-3.07 member of a w2k Active Directory, security =ads now i am able to: - list users and group with wbinfo -u | -g - authenticate domain users via pam_winbind - list and connect to share on AD server with kerberos ( smbclient -k ) - list and connect to share on SAMBA server _from_samba_server_ ( smbclient -k //SAMBA_SERVER/ _BUT_ trying to connect to samba share from AD server (net use * \\SAMBA_SERVER\share ) prompt me for a password and log gives me the famous failed to verify incoming ticket : [2004/10/20 09:24:42, 3] smbd/server.c:exit_server(614) Server exit (process_smb: send_smb failed.) [2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(193) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2004/10/20 09:24:42, 3] libads/kerberos_verify.c:ads_verify_ticket(307) ads_verify_ticket: krb5_rd_req with auth failed (Success) [2004/10/20 09:24:42, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/10/20 09:24:42, 3] smbd/error.c:error_packet(129) error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE i have try to play with enc-type in krb5.conf to no avail. here is my krb5.conf: [libdefaults] default_realm = OPENDOOR.NET [realms] OPENDOOR.NET = { kdc = nicotine.opendoor.net:88 } output of klist -5e : Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/20/04 11:40:14 10/20/04 21:40:14 krbtgt/[EMAIL PROTECTED] Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 11:40:33 10/20/04 21:40:14 [EMAIL PROTECTED] ( samba server ) Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 10/20/04 11:40:49 10/20/04 21:40:14 [EMAIL PROTECTED] ( AD server ) Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 installed package: debian testing samba 3.0.7-1 samba-common3.0.7-1 libkrb531.3.4-4 krb5-user 1.3.4-4 any idea ? -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
Sorry for bothering you afet upgrading the AD server to SP4, i am finally able to browse and connect to samba-member shares sorry for wasting your time Le sam 16/10/2004 à 14:05, thomas constans a écrit : hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans [EMAIL PROTECTED] openDoor.fr -- -- Thomas Constans -- http://www.opendoor.fr [EMAIL PROTECTED] 04 78 68 17 34 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] member server and kerberos
hello well i compiled kerberos 1.3.5 from sources, and i got the same results as before. what procedure did you follow ? i understand that you also compiled samba from sources. can you give me a quick porcedure : in what order have you compiled samba kerberos ? with what options passed to configure ? thanx for answering -- thomas constans [EMAIL PROTECTED] openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] member server and kerberos
hello i have been struggling for to long trying to setup the following configuration: debian samba 3 member server of a win 2000 AD here is my configuration: ## smb.conf ## [global] log level = 4 interfaces = 192.168.10.11/255.255.255.0 workgroup = datom realm = datom.dyndns.org server string = samba membre security = ads netbios name = cafeine log file = /var/log/samba/samba.log max log size = 50 idmap uid = 1-2 idmap gid = 1-2 password server = nicotine.datom.dyndns.org socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no dns proxy = no obey pam restrictions = Yes winbind separator = / inherit acls = yes inherit permissions = yes admin users = DATOM.DYNDNS.ORG/administrateur winbind enum users = yes winbind enum groups = yes [share] comment = partage path = /home/samba browseable = yes ## krb5.conf ## [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] #ticket_lifetime = 24000 default_realm = DATOM.DYNDNS.ORG dns_lookup_realm = false dns_lookup_kdc = false [realms] DATOM.DYNDNS.ORG = { kdc = NICOTINE.DATOM.DYNDNS.ORG:88 admin_server = DATOM.DYNDNS.ORG:749 default_domain = DATOM.DYNDNS.ORG } [domain_realm] .datom.dyndns.org = DATOM.DYNDNS.ORG datom.dyndns.org = DATOM.DYNDNS.ORG [kdc] profile = /var/kerberos/krb5kdc/kdc.conf ## nsswitch.conf ## passwd:files winbind #ldap group: files winbind #ldap shadow:files #ldap tests effectués: # kinit administrateur + mdp - ok # net ads join [2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283) ads_add_machine_acct: Host account for cafeine already exists - modifying old account Using short domain name -- DATOM Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG' # klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/15/04 13:50:20 10/15/04 23:50:20 krbtgt/[EMAIL PROTECTED] 10/15/04 13:50:54 10/15/04 23:50:20 [EMAIL PROTECTED] 10/15/04 13:50:55 10/15/04 23:50:20 kadmin/[EMAIL PROTECTED] # wbinfo -D datom Name : DATOM Alt_Name : datom.dyndns.org SID : S-1-5-21-1214440339-616249376-839522115 Active Directory : Yes Native: No Primary : Yes Sequence : -1 # wbinfo -g BUILTIN/System Operators BUILTIN/Replicators BUILTIN/Guests BUILTIN/Power Users BUILTIN/Print Operators BUILTIN/Administrators BUILTIN/Account Operators BUILTIN/Backup Operators BUILTIN/Users BUT # wbinfo -u Error looking up domain users i suspect a kerberos configuration issue because reverting to a security = domain model, and everything works perfectly can anybody shed a light on this ??? thanx in advance -- thomas constans [EMAIL PROTECTED] openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba