[Samba] net ads leave failed.
Hello all, I have the latest version of Samba (samba-3.0.21c) installed on a SLES9 linux server, with all the related Suse packages. I had link the server correctly to the domain, but discovered a pb with a workstation acting as mster browser. Since it is down, i have a bad result with wbinfo -t, althought net ads testjoin succeed. I beleived that either wbinfo -t result or net ads testjoin result tell if the server is correctly joined to the domain. Is there any explanation about the differences? I think there is a problem with domain link. when i do wbinfo -u winbindd daemon crash with the error in log : INTERNAL ERROR: Signal 11 in pid 20631 (3.0.21c-3.1.4-SUSE-SLES9) [...] PANIC: internal error To try to correct the problem, i wanted to leave the domain, and to rejoin it. Is it a bad idea? The problem is that net ads leave failed as well, with ldap_delete_ext_s failed with error code 50. Is it an authentification problem? I can only get from LDAP source #define LDAP_OTHER 0x50, so no help from there. Here are some step i did : # net ads testjoin Join is OK # wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret # net ads status - seems correct, got correct information # net rpc trustdom list -Uuser1 - Also correct, give the SID of trusted domains. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2x with trusted domains.
Hello all, we have a samba server on a SLES9 linux box. It is connected to an active directory with multiple trusted domains. With this server, we have strange problems with users/groups in others domains. The users/groups listed in smb.conf that are part of trusted domains are not take in account to access the shares. We cannot as well set ACL correctly on filesystem. This is not an architectrure problem, since another samba box (3.0.2), connected to the same domain, with the same config file, work perfectly. So here is a summary of troubles. Note that after thoses checks, i've upgraded to 3.0.21c (suse rpm packages) without any amelioration on following points : masters# rpm -qa | grep -i samba yast2-samba-server-2.9.33-0.3 samba-client-3.0.20b-3.4 samba-3.0.20b-3.4 samba-doc-3.0.20b-3.4 kdebase3-samba-3.2.1-68.46 yast2-samba-client-2.9.17-1.3 samba-winbind-3.0.20b-3.4 Said that the samba server is linked to Domain1, and there are trusted Domain2, Domain3, etc masters# wbinfo -t checking the trust secret via RPC calls succeeded masters# wbinfo -m Domain1 Domain2 Domain3 masters# wbinfo -n Domain1+user1 S-1-5-21-1220945662-796845957-725345543-21380 User (1) masters# wbinfo -s S-1-5-21-1220945662-796845957-725345543-21380 Domain1+user1 1 masters# wbinfo -r Domain1+user1 1 1 10001 10002 10003 masters# wbinfo -n Domain2+user2 S-1-5-21-2035491313-1038499582-81669161-1396 User (1) masters# wbinfo -s S-1-5-21-2035491313-1038499582-81669161-1396 Domain2+user2 masters# wbinfo -S S-1-5-21-2035491313-1038499582-81669161-1396 10002 masters# wbinfo -r Domain2+user2 Could not get groups for user Domain2+user2 In addition in the log.winbindd i get the following strange record - no SID lookup for trusted domains : [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain1 S-1-5-21-1220945662-796845957-725345543 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain2 S-0-0 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain3 S-0-0 [2006/02/28 11:15:02, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain Domain4 S-0-0 Other strange behaviour, is that on a working share, with a domain account which work (primary domain), i can setup ACL on files with users from other computer via windows. The getfacl will show the corresponding unix gid. However, I really don't understand what kind of problem it may come from, so any suggestions are welcome. I repeat that with a 3.0.2 compiled manually a couple of years ago (Feb 2004), is correctly working on a debian server. Best Regard's. Vincent Badier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active directory and trusted domains
I setup Samba a while ago in an active directory environment. There are many trusted domains (with a very lot lot of users and computer account), but i (my users) used only one, and all worked just fine Actually, some from others domains needs to connect to my shares. And even if i do not setupe any users, they cannot. So here are some few questions : I've this in my winbindd log file : [2004/07/20 16:29:48, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid [2004/07/20 16:33:21, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437) Could not convert gid 65534 to sid [2004/07/20 16:40:55, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid [2004/07/20 16:40:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for [EMAIL PROTECTED] (KDC can't fulfill requested option) - Is 65534 a limitation? - credentials seems to fail, however MYAD is the only domain where there is no problems for accessing shares. - Is there any limitation in the idmap uid and idmap gid? A few minutes before, in the log, i've line that said others domains are correctly added. Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba mount point and dirent.h
Hello all, Currently trying to make a small code, i've some problems with the struct dirent returned on a mount point. The host runing the program is a linux debian runing a 2.6.1 kernel and a localy compiled samba 3.0.2 Remote server are Windows NT/2000 Mounting them work quite well The program simply try to get information of the content of a given directory #include stdio.h #include dirent.h #include sys/types.h int main (int argc, char **argv){ DIR * directory; struct dirent *entree; directory = opendir(argv[1]); while ((entree = readdir(directory)) != NULL) fprintf(stdout, %s : %d\n, entree-d_name, entree-d_type); closedir(directory); return(0); } The problem is i don't have the same result on locally mounted drive than on smbfs. On a local drive, the d_type = 4, on a remote one via smbfs, d_type = 0. I guess this is normal, but would like to know why? Best Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind, AD login problem
I am trying to get about 40 workstations to join a windows server 2003 active directory domain. The network has about 7 domains. It is a fairly large WAN. I can view the domain users with wbinfo, getent shows the users in unix format. When I try to login it asks me for a password but wont accept anything. I have a PDC server and an LDAP server. Does ldap have to be configured on the client end? My smb.conf, nsswitch.conf, /etc/pam.d/login and /etc/pam.d/samba are below. I appreciate any help you can give me. I start smb daemons in this order smbd nmbd winbindd I had quite the same problem since 3.x. I never success this working. I noticed this happened only when declaring any valid user in my share declaration. When commenting them, this no more happen. However, everybody can connect to the share, and this is not recommended :( I'm quite interesting, since i search since samab 3 beta 1 and never found any solution. -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf not in sysconfdir? [samba-3.0.1pre1]
I compiled samba-3.0.1pre1with the following options, expecting to find smb.conf under /etc/samba directory. However, all binaries programs attempt to find it under /usr/lib one. mysrv:/mnt# ./configure --prefix=/usr --sysconfdir=/etc --with-privatedir=/etc/samba --localstatedir=/var --with-smbmount --with-syslog --with-utmp --with-readlin --with-libsmbclient --with-winbind --with-acl-support --with-quotas --with-ads --with-ldap mysrv:/mnt# testparm --version Version 3.0.1pre1 mysrv:/mnt# testparm Load smb config files from /usr/lib/smb.conf params.c:OpenConfFile() - Unable to open configuration file /usr/lib/smb.conf: No such file or directory Error loading services. -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot start samba
Does the /usr/local/samba-3.0.0rc4/var/locks/ directory exists? Witch account do you use to launch you init script? in case this is not root, does it have suffisent permission? Also, how about starting nmbd and smbd manually, with -D option? yes i'm using init.d (redhat style). samba is installed in /usr/local/samba-3.0.0rc4/. I've got a symbolic link to /usr/local/samba which is used by the init.d script. Le Mercredi 24 Septembre 2003 19:22, Matias Silva a écrit : It looks like you are still trying to access the 3.0 version pid file /usr/local/samba-3.0.0rc4/var/locks/nmbd.pid failed. Error was Invalid argument How are you starting and stopping samba? Are you using init.d? Matias Bruno Pinaud wrote: Hi, I currently have an old samba 2.2.2 on my network. It's working, but it's quite old... I tried version 3.0.0rc4 but it doesn't want to start. Here are the errors : [2003/09/23 18:27:45, 8] lib/util.c:fcntl_lock(1621) fcntl_lock 6 13 0 1 1 [2003/09/23 18:27:45, 3] lib/util.c:fcntl_lock(1632) fcntl_lock: fcntl lock gave errno 22 (Invalid argument) [2003/09/23 18:27:45, 3] lib/util.c:fcntl_lock(1651) fcntl_lock: lock failed at offset 0 count 1 op 13 type 1 (Invalid argument) [2003/09/23 18:27:45, 0] lib/pidfile.c:pidfile_create(97) ERROR: nmbd : fcntl lock of file /usr/local/samba-3.0.0rc4/var/locks/nmbd.pid failed. Error was Invalid argument -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot start samba
Does the /usr/local/samba-3.0.0rc4/var/locks/ directory exists? Witch yes it does. Sorry, i didn't read the code enought. The error would not be the same. same problem with both... This is normal, since pid files are handle by samba itself Perhaps it's related to my kernel but actually samba 2.2.2 is working... I don't think so, since the error tell us that pid files can not be locked. [2003/09/23 18:27:45, 8] lib/util.c:fcntl_lock(1621) fcntl_lock 6 13 0 1 1 [2003/09/23 18:27:45, 3] lib/util.c:fcntl_lock(1632) fcntl_lock: fcntl lock gave errno 22 (Invalid argument) [2003/09/23 18:27:45, 3] lib/util.c:fcntl_lock(1651) fcntl_lock: lock failed at offset 0 count 1 op 13 type 1 (Invalid argument) [2003/09/23 18:27:45, 0] lib/pidfile.c:pidfile_create(97) ERROR: nmbd : fcntl lock of file /usr/local/samba-3.0.0rc4/var/locks/nmbd.pid failed. Error was Invalid argument I think the error is reported by the fcntl() system call. I don't know about the reason. Invalid argument seems not to be related to a problem on the file system, nor the kernel ressources. However, i never saw this error on my own servers, so this sould not be a bad argument passing to the function. This error thus astonishes me much and i'm also insterested by the real reason. -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RC4 valid users problem
First, many thanks for all who have already help me. I finally success to connect to a share from another computer after searching a lot. Arg isn't this marvellous? ;-) However, i succeed this while removing my account from the valid user in the share declaration. In the following example, authentification for mylogon success in both case. But i can only connect on myshare, while having a NT_STATUS_ACCESS_DENIED in the other case (secondshare). I hope i didn't made any trivial mistake, if so let me know please. In other case, any help or idea would be great Vincent. PS : the windind separator warn about possible problem. Which would be the best one to allow recursive search in group membership (ie user in one group which is part of another, and this another declared in the share declaration?) # /usr/local/samba/bin/testparm /usr/local/samba/etc/samba/smb.conf Load smb config files from /usr/local/samba/etc/samba/smb.conf Processing section [myshare] Processing section [secondshare] Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MYAD realm = MYAD.AD.MYDOMAIN.COM netbios name = servername server string = %h server (Samba %v) security = ADS update encrypted = Yes password server = ip.of.my.dc passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client lanman auth = No client plaintext auth = No log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 8000 preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + invalid users = root [myshare] path = /mnt/share read only = No [secondshare] path = /mnt/share valid users = MYAD+mylogon read only = No What i tried : wks01:/home# smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: smb: \ quit wks01:/home# smbclient //172.26.123.121/masters -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD authentication problem
# Try to authenticate a user % wbinfo -a [EMAIL PROTECTED] plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user [EMAIL PROTECTED] with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user [EMAIL PROTECTED] with challenge/response # smb.conf workgroup = S-RES.UVA.NL netbios name = gnowee server string = %h server (Samba %v) log file = /var/log/samba/log.%m log level = 3 passdb:5 auth:10 winbind:10 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d realm = S-RES.UVA.NL encrypt passwords = true password server = s-lorentz.s-res.uva.nl security = ADS socket options = TCP_NODELAY idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes Your message is No logon servers, and there is no such declaration in your smb.conf. How about setting a password server (for example any DC)? -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [TYPO] [Samba] RC4 valid users problem
Sorry, there was a typo in my percedent mail on the second connect attempt: What i tried : wks01:/home# smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: smb: \ quit wks01:/home# smbclient //172.26.123.121/secondshare -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED The problem remain the same -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple configuration and not working.
I would expect this to be 'security = ads' since you've specified a realm. Yes you're right, i did it now. Does this apply to you? (From WHATSNEW): Changes in Behavior - --- The following issues are known changes in behavior between Samba 2.2 and Samba 3.0 that may affect certain installations of Samba. 1) When operating as a member of a Windows domain, Samba 2.2 would map any users authenticated by the remote DC to the 'guest account' if a uid could not be obtained via the getpwnam() call. Samba 3.0 rejects the connection as NT_STATUS_LOGON_FAILURE. There is no current work around to re-establish the 2.2 behavior. I don't think so since i tried 2 remote connection attempts and auth seems to success: one from a remote linux client, and a log part : # /usr/bin/smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED [2003/09/11 11:09:38, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [mylogon] - [mylogon] - ] succeeded [2003/09/11 11:09:38, 5] auth/auth_util.c:free_user_info(1185) attempting to free (and zero) a user_info structure [2003/09/11 11:09:38, 10] auth/auth_util.c:free_user_info(1188) structure was created for mylogon [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(207) User name:Real name: [2003/09/11 11:09:38, 3] smbd/password.c:register_vuid(225) UNIX uid 0 is UNIX user, and will be vuid 100 [2003/09/11 11:09:38, 3] smbd/process.c:process_smb(890) Transaction 3 of length 104 [2003/09/11 11:09:38, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 9247) [2003/09/11 11:09:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/11 11:09:38, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (myshare) [2003/09/11 11:09:38, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(274) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED Well, what i understand is that authentication succeeded, a free structure was created, but it seems to be not populate (user name and real name empty), so this is normal that user ' is not allowed to access to the share. Am I wrong in my reasoning? Another attempt, from a windows client now. thing are quite weird to me : First, there is Ticket name is [EMAIL PROTECTED] and after another Ticket with the username. While i don't see any authentifiaction success nor deny, i see that it attempt to see if the username is in the group. Does the failure related to the bad username entry in the struct? [2003/09/11 11:45:40, 3] smbd/password.c:register_vuid(207) User name:^IReal name: ... [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+SEC_ANOTHER_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 0] lib/username.c:user_in_winbind_group_list(339) user_in_winbind_group_list: nametogid for group MYAD+THIRD_GLOBAL_GROUP failed. [2003/09/11 11:45:40, 2] smbd/service.c:make_connection_snum(384) user ' (from session setup) not permitted to access this share (secondshare) I obviously checked that permissions are set on the filesystem as well as the user account membership to global groups. Doing thoses test seem to tell me that auth is working, but there is still a small thing that don't work in my case. If needed, i can provide complete log for each of theses test. Thank's again for your help Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple configuration and not working.
I expect that getpwnam() failed for the user. does getent passwd MYAD+mylogon succeed? Sorry, i didn't answer to this question : no this command didn't show anything to me : #getent passwd MYAD+mylogon # Regard's vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple configuration and not working.
Can you retest against RC3. There was a change in the NTLMv2 behavior that might help. Thank you for your response!! I checked with rc3, and now this work with such a smb.conf. I tried to join AD domain, as this will our final use, with a modified smb.conf. Somme error occured when attempting to join, but it succeded. I can list domain users and groups. Then i can't connect with my domain account. With a windows client, it ask me to enter a username and password again and again. I increase the log verbose and saw that auth suceeded, and just after, a new auth attemp with empty domain/username so i don't understand why this happen. I noticed that this didn't occured when i was with 2.2.x. I can provide the log connection attemp if needed Thank for your help and for your excellent work!! Vincent smb.conf [global] workgroup = MYAD realm = MYAD.AD.MYDOMAIN.COM netbios name = FRMASSMEP03 server string = %h server (Samba %v) security = DOMAIN update encrypted = Yes password server = ip.of.my.dc passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client lanman auth = No client plaintext auth = No log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 8000 preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + invalid users = root [myshare] path = /mnt/alcanet/mastw2k valid users = MYAD+mylogon admin users = MYAD+mylogon read only = No Somes lines of the log : [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[mylogon] domain=[MYAD] workstation=[MYHOSTNAME] len1=24 len2=24 [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user [MYAD]\[mylogon] from workstation [MYHOSTNAME] [2003/09/10 16:18:26, 3] auth/auth.c:check_ntlm_password(265) check_ntlm_password: winbind authentication for user [mylogon] succeeded [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/09/10 16:18:26, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/10 16:18:26, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[] domain=[] workstation=[MYHOSTNAME] len1=1 len2=0 [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info_map(216) make_user_info_map: Mapping user []\[] from workstation [MYHOSTNAME] [2003/09/10 16:18:26, 5] auth/auth_util.c:make_user_info(132) attempting to make a user_info for () -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Simple configuration and not working.
First, i'm sorry to be so silly that i don't even to success a basic samba configuration simply working. Compilation of the rc2 had no errors. testparm against my smb.conf said ok, and i can start nmbd and smbd. I also add a new unix user, said toto, and added it in samba. The problem is that i can't connect to any share, via Windows or via GNU/Linux. The result from Windows is a new windows requiring a valid username/password and from linux, a deny message. However, share seems to be well exported. I read as many doc as i could and know that auth is made before all attempt to connect to any share. So i think this is not any bad right on share, but an account problem. Please help since there is a couple of week i'm searching. Thank's in advance. Here are my smb.conf file and my entries Here is my smb.conf : [global] workgroup = MYGROUP netbios name = DATA preferred master = No local master = No domain master = No [homes] read only = No [myshare] path = /mnt/mypath valid users = toto read only = No on the server : data:/usr/local/samba# ./bin/smbpasswd -a toto New SMB password: Retype new SMB password: Added user toto. data:/usr/local/samba# On the client ~# /usr/bin/smbclient //172.26.123.9/myshare -U toto added interface ip=139.54.25.234 bcast=139.54.27.255 nmask=255.255.252.0 Password: session setup failed: NT_STATUS_LOGON_FAILURE -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AFS option
Hello, I was wondering what this option allow me to do. From the confiure help : Include AFS clear-text auth support Does this mean this is only for AFS system suport? What about enabling clear text password from a dos client? Does the only thing i have to configure is the smb.conf to allow such a thing? Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 on production server
Does anybody here using samba 3 (b3) on production server (with at least 500 client)? --beast I tried, but had too issues joining domain (beta2), and with logging via lanmanager. However from samba.org : While significantly closer to the final release, it should still be considered a non-production release provided for testing purposes only. Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbee need help !!!
Thanks to stop on my problem few minutes... I am trying to make register a Samba Server (installed on a FreeBSD 4.4.1) in a NT Domain. But this is more complicated because, the Samba server is installed in a DMZ area and IPs from this area are nated before entering into the area where NT4-Server is running. Currently, I just implement a public service and from the workstation from the NT4-Server area, I can access to the service into the DMZ area. But, the problems are: First, the NT4-Server does not recognize the Samba Server and show always it as offlined. Second, nmbd, when it is launched, print some lines on screen and after print two lines : blahblahblah looping etc... Finally, when I try to make Samba Server join the NT domain with the command smbpasswd -j ... -r , it prints : request rejected blah blah blah *SMBSERVER blah blah blah... It sounds like smbpasswd uses not the correct name written in smb.conf and nmbd does not run correctly... Can you help me ? Thanks How do you nat your ip? with netfilter? netbios doesn't like to be natted. Sometimes this work sometimes this doesn't. If you're using netfilter, a nat module should be developped to use this. Since this is not actually the case you will have an undefined behaviour. Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vijay - samba box not seen in browse list.
Hi, I initially tried a RedHAt Linux 9.0 box to join in multiple domains, but couldnt get it right. Now I have two Win2K Domains A and B. If I configure samba to be in Dmain A, I am able to see and browse the linux box without any problems. But if I change the workgroup to Domain B I am not able to see the machine in that lbrowse list and nor am I able to acces it using the Domain Controller of Domain B. I am able to access it from machine which are not there in Domain B. Actually DOmian B just conatins the domain controller and nothing else. Below is output of testparm. This is driving me crazy. I just need to access a folder from this domain Controller B for some backup issues. Please help. [global] ... wins proxy = No wins server = wins support = No Why not using wins? Declaring a wins server should help, shouldn't it? And why joining a domain while using security = USER? Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vijay - samba box not seen in browse list.
Hi, Thnx for thr response. I donot have a Wins server in my network. Do you mean that I should make the Linux box act as Wins Server ? Can you please tell me what to change exactly so that I can check the same ? Regards, Vijay. Why not using wins? Declaring a wins server should help, shouldn't it? And why joining a domain while using security = USER? Sorry, i didn't understood that you haven't any wins server on your network. So, to be sure to well understand : You don't have any PDC nor Domain Controler, have you? I such a case, i recommend to configure samba to act as a wins server and domain controler. As this, all client will be able to log on the domain and browse it. So you will have to enable such things as wins support = Yes domain master = Yes ect... Take a look to the smb.conf man page since it explain quite well all options. Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vijay - samba box not seen in browse list.
Hi, We have a PDC ( Win2K Domain Controller) without a Wins server. But I still get he point, why other machines are able tosee it and not only the domain controller itself. Will enabling Wins solve the problem ? Regards, Vijay. Well, i don't think i well understand exactly what is your problem. Firstly, you joined DomainA and all was working quite well. 1. What was your domain controler? w2K? wins server? Secondly, you changed the workgroup in you smb.conf. Did you joined explicitly the DomainB? This Domain controler is exactly configured as the first one? When you wrtie other machines are able tosee it and not only the domain controller itself. Do you mean windows client? What domain do you browse? Is there any trust between domains? Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vijay - samba box not seen in browse list.
Hi when you not understand security modes of samba i can not help you... but i try first remove errors from smb.conf replace: interfaces = 192.168.0.229/24 ; not needed remote announce = 192.168.0.255 local master = yes second create samba users and passwords if not have this in shell useradd user1 smbpasswd -a user1 ... userX If you need connect from w2k then try use connect as and type user1 and user1pass in dialog or logon w2k as user1 with identic password as on linux smbpasswd entered. Bye. Shouldn't he configure also security = domain ? Doing this he doesn't have to identify himself as a diffrent user. Also, what look like logs when trying to connect? -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.0beta2 - cannot connect to share
Samba 3.0beta2 with ADS support. Said my domain is named MD in an Active Directory environment I joined MD, and tested my smb.conf with testparm : # /usr/local/samba/bin/testparm /usr/local/samba/lib/smb.conf Load smb config files from /usr/local/samba/lib/smb.conf Processing section [oneshare] Processing section [secshare] Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MD netbios name = MYHOSTNAME server string = SambaPFT security = DOMAIN update encrypted = Yes allow trusted domains = No password server = ip.of.my.dc client plaintext auth = No syslog = 0 log file = /var/log/samba/beta/log.%m max log size = 8000 announce version = 4.5 show add printer wizard = No preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + invalid users = root [oneshare] path = /mnt/alcanet/share1 valid users = MD+SEC_GROUP read only = No [secshare] path = /mnt/alcanet/share2 valid users = MD+SEC_GROUP read only = No I run 3 daemons, and try to see if i can fetch domain accounts : # /usr/local/samba/bin/wbinfo -u | grep myaccount MD+myaccount Well, this looks like good. In addition, no error founded in the winbindd log file # cat log.winbindd [2003/07/15 16:50:21, 1] nsswitch/winbindd_util.c:add_trusted_domain(139) Added domain MD I then try to connect to my share via a windows client (whitchever it is), and a dialog box appear prompting to enter another account/password. The log.winbindd looks like this at this time : [2003/07/15 16:50:21, 1] nsswitch/winbindd_util.c:add_trusted_domain(139) Added domain AD2 [2003/07/15 16:53:01, 0] nsswitch/winbindd.c:process_loop(692) process_loop: Invalid request size from pid 1818845549: 4 bytes sent, should be 1312 [2003/07/15 16:53:52, 0] nsswitch/winbindd_sid.c:winbindd_lookupname(103) could not find domain entry for domain [2003/07/15 16:53:52, 0] nsswitch/winbindd_sid.c:winbindd_lookupname(103) could not find domain entry for domain [2003/07/15 16:53:52, 0] nsswitch/winbindd_sid.c:winbindd_lookupname(103) could not find domain entry for domain [...] I don't understand what's happen. I had some messages when i joined the domain, but if it has failed, i couldn't fetch any account, could i? I addition, i tried to change the security = DOMAIN in security = ADS, without any success. If anyone could point me on one direction, it would be greet. Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SWAT on 3.0.0beta2
Maybe others options were set the same as default one? I can verify this problem. Here is my before and after size on the smb.conf file: 10459 Jul 14 10:42 smb.conf 1666 Jul 14 10:43 smb.conf wayne I tried that. It wrote out a partial smb.conf, omitting my wins server parameter. I'll try it some more. On Fri, 11 Jul 2003, Hall, Ken (IDS ECCS) wrote: How do you get to the GLOBALS/Advanced list? The radio buttons don't seem to do anything, and nothing I tried refreshes the page with Advanced instead of Basic. Click on 'Avanced' then 'Commit' - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- Regard's -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DOS client connection
I have a problem login on a samba share using a DOS client, whereas using NT/2000/XP, i connect correctly The context: Active directory arch. All NT/2000/XP are in the domain. samba version 2.2.3a-12.3 for Debian (from debian stable package). I can directly connect to my samba shares from my current xp login session. When i boot from a dos boot disk (made from 95), i log in my domain with my login/pass. However when i try to connect to my share (net use), it is refused. Here is le log on the server : [2003/07/11 12:07:32, 0] smbd/password.c:domain_client_validate(1572) domain_client_validate: unable to validate password for user MYLOGON in domain to Domain controller ip.of.my.dc. Error was NT_STATUS_WRONG_PASSWORD. however, a net use to a w2k share server work fine. I've also the default configuration for protocol level : protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE Any idea to help me please? Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] DOS client connection
Ok, so what do you mean i need to change in the conf? When i try to change the encrypt passwords setting to No, it doesn't work with xp/2k. Hi, DOS client and win95 client send password in clear text password, XP, w2k, win98 sent encrypted password. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS client connection
Your Win2k DC is probably set to refuse 'LANMAN' encrypted passwords, as used by DOS and Win9X. Can you connect to the DC directly with this client? I didn't tried to connect directly to the DC since all share i have to connect to are not here. I tried to connect to a Win2k member server and this work fine with this client -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS client connection
If it is not too much trouble, you might want to try Samba 3.0 (in beata) - it tries much harder to get this stuff right. Andrew Bartlett I tried this just before and have trouble to join the active directory domain : #/usr/local/samba/bin/net join MEMBER -s /usr/local/samba/lib/smb.conf -U MyOperatorAccount -S ip.of.my.dc [2003/07/11 14:49:35, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(249) cli_nt_setup_creds: request challenge failed [2003/07/11 14:49:35, 1] utils/net_rpc.c:run_rpc_command(154) rpc command function failed! (NT_STATUS_INVALID_COMPUTER_NAME) Password: [2003/07/11 14:50:45, 1] libsmb/cliconnect.c:cli_full_connection(1311) failed session setup with NT_STATUS_LOGON_FAILURE [2003/07/11 14:50:45, 1] utils/net.c:connect_to_ipc(148) Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE The username or password was not correct. In previous message, Someone said i need to have Kerberos and LDAP compiled. I have Kerberos but not ldap. config.h : /* Whether KRB5 is available */ #define HAVE_KRB5 1 /* Whether ldap is available */ /* #undef HAVE_LDAP */ So, does i need to spend time to really try to install the beta version or does the previous version normaly work with DOs lan manager V2.1? Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3beta2 [was DOS client connection]
If it is not too much trouble, you might want to try Samba 3.0 (in beata) - it tries much harder to get this stuff right. ok, i re compiled the beta2 version with ADS support. I have a first issue : when starting winbindd, i saw this in the log file : [2003/07/11 18:15:06, 0] nsswitch/winbindd_util.c:winbindd_param_init(383) winbindd: idmap uid range missing or invalid I then added in the smb.conf winbind uid = 1-2 winbind gid = 1-2 winbind separator = + The testparm just said about possible problem with the + separator. But in the log.client [2003/07/11 18:19:51, 1] param/loadparm.c:lp_do_parameter(3106) WARNING: The winbind uid option is deprecated [2003/07/11 18:19:51, 1] param/loadparm.c:lp_do_parameter(3106) WARNING: The winbind gid option is deprecated I don't understant why in one case it complain about the missing range and in the second, about its presence. However, the main problem is that it display the samba server as a domain controler in the microsoft mmc after joining the AD domain. Bellow is an extract from my smb.conf preferred master = No local master = No domain master = No This is a big problem for me since active directory administrator doesn't accept such behaviour. Any idea is very welcome -- Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.0beta2
Hello all, First, i present myself since this is the first time i post here. My name is Vincent Badier, and i'm a samba beginner. I tried to compil and install samba-3.0.0beta2. I configured it with the --with-acl-support and no error occured. The problem appear when i tried to join an active directory domain. firstly : # /usr/local/samba/bin/net ADS JOIN MEMBER -S mydc -Umyname ADS support not compiled in However the configure --help said on Optional Packages: [...] --with-ads Active Directory support (default yes) ok, let's try without ADS option : # /usr/local/samba/bin/net JOIN MEMBER -S ip.of.my.dc -Umyname [2003/07/08 11:38:29, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(249) cli_nt_setup_creds: request challenge failed [2003/07/08 11:38:29, 1] utils/net_rpc.c:run_rpc_command(154) rpc command function failed! (NT_STATUS_INVALID_COMPUTER_NAME) Password: Create of workstation account failed Unable to join domain MYDOM. Arg, this is not good for me. Any idea? PS : this is my smb.conf : (I also tried to deal with lient lanman auth = Yes but without success) # Samba config file created using SWAT # from my.desktop.ip.addr (my.desktop.ip.addr) # Date: 2003/07/08 10:37:38 # Global parameters [global] workgroup = MYDOM netbios name = MYSRV server string = Samba 3.0.0beta2 interfaces = eth0 security = DOMAIN password server = ip.of.my.dc client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.smbd max log size = 8000 show add printer wizard = No preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no invalid users = root [data] path = /mnt/homes valid users = AD2+domain_users admin users = AD2+mynamevi /etc/sam read only = No -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba