Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 17/01/2011 12:31 p.m., Andrew Bartlett wrote: On Sat, 2011-01-15 at 14:22 +1300, Wei-Tsun Sun wrote: On 15/01/2011 1:50 p.m., Taylor, Jonn wrote: On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named abcde (uid = 1000), under group abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account abcde with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the abcde created under samba to link with the abcde in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn I did, that is why I am bringing this up. In the Testing section: #id Administrator uid=0(root) gid=100(users) groupes=0(root),100(users),304(Group Policy Creator Owners),308(Domain Admins) ID Administrator is not duplicated with the user name in the system. However, abcde, which is already in my system with uid 1000, and the one created by the samba-tool is with uid 300018. When I $id abcde , I get abcde from the system but not from the samba4. Furthermore, files created via samba by the uid 300018 is not deletable by user uid 1000. Correct. Samba4 uses it's own uid and gid space, and manages all aspects of the user. You could edit the idmap.ldb I suppose. Eventually we will get this back into the directory to make this easier to administer. Andrew Bartlett Thank you very much Andrew, this really gives me an idea how to do it: From Samba4 HowTo, the last part of Step 1: Adding user into Samba 4 Active Directory : http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Adding_user_into_Samba_4_Active_Directory Since uid/gid spaces are different from the local system and samba, therefore one can change the samba user's uid/gid to the local system's ones, without conflicting (that I suppose). uid and gid are stored in idmap.ldb (thanks Andrew!) and can be edited by using ldbedit. So the steps are as follows, based on user name abcde with gid = 1000 and uid = 1000 on the local system: 1. If the user does not exist in samba4, create it : samba-tool newuser abcde 2. SID of abcde can be found from wbinfo -n abcde (say it turns S-1-5-21-3374259721-1964127243-1665914219-1106 SID_USER (1) ) 3. Edit the UID with the SID we just got ldbedit -e emacs -H path_to_/idmap.ldb objectsid=S-1-5-21-3374259721-1964127243-1665914219-1106 Change the xidNumber to 1000 4. Each normal users belongs at least two groups, one is user itself and another one is user, to find the user group, one can: wbinfo --user-sids=S-1-5-21-3374259721-1964127243-1665914219-1106 It will gets S-1-5-21-3374259721-1964127243-1665914219-1106 S-1-5-21-3374259721-1964127243-1665914219-513 And the S-1-5-21-3374259721-1964127243-1665914219-513 is the identifier of the user group. 5. Use ldbedit to do the trick again ldbedit -e emacs -H path_to_/idmap.ldb objectsid=S-1-5-21-3374259721-1964127243-1665914219-513 Change xidNumber to 1000 as well 6. Then restart the samba4 service. Done! Cheers, Wei-Tsun Sun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Some direction of Samba4 Sid to Uid/Gid ?
Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named abcde (uid = 1000), under group abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account abcde with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the abcde created under samba to link with the abcde in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Some direction of Samba4 Sid to Uid/Gid ?
On 15/01/2011 1:50 p.m., Taylor, Jonn wrote: On 01/14/2011 02:04 PM, Wei-Tsun Sun wrote: Did a git-pull and built samba4, up and running with winbind. I have a file server, which will be access by windows. Say I have a user named abcde (uid = 1000), under group abcde) (gid = 1000). When I created a user with samba-too (samba-tool newuser abcde x), it creates an account abcde with mapped uid 300018 under group user users. I am really wondering if there is anyway to make the abcde created under samba to link with the abcde in my local linux. I have : idmap config SAMDOM: default = yes idmap config SAMDOM: backend = tdb idmap config SAMDOM: range = 1000-2 in my smb.conf But it seems the uid goes anywhere not near 1000. Cheers. Have a look at http://wiki.samba.org/index.php/Samba4/Winbind Jonn I did, that is why I am bringing this up. In the Testing section: #id Administrator uid=0(root) gid=100(users) groupes=0(root),100(users),304(Group Policy Creator Owners),308(Domain Admins) ID Administrator is not duplicated with the user name in the system. However, abcde, which is already in my system with uid 1000, and the one created by the samba-tool is with uid 300018. When I $id abcde , I get abcde from the system but not from the samba4. Furthermore, files created via samba by the uid 300018 is not deletable by user uid 1000. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can non-root users set their own create mask?
Hi, I'm a non-root user of a server on which I can access my home directory. But every file I upload became executable. If I have the root privilege on a machine, I usually set the create mask to 0600 so that everything uploaded seems to be normal file. Is there any way I can set my own create mask? Thanks!! Sun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win XP logon issues
Jeffrey D. Means wrote: when trying to log on to my samba server (3.0a24 with LDAP) I get a message about the domain not being available or the machine account is not available. In the event log this is what the Netlogon service reports about the error. --- The domain of this computer, MEANSPC has been downgraded from Windows 2000 or newer to Windows NT4 or older. The computer cannot function properly in this case for authentication purposes. This computer needs to rejoin the domain. The following error occurred: There are currently no logon servers available to service the logon request. --- Did you ever solve your problem? I have exactly the same message. But my problem occur when I migrated XP clients from a Win2K/AD to a Samba/PDC of the same domain name. This is a correct message because the domain did downgraded to NT4 stile. The question is how does it find the Logon Servers, what registry parameter to twist to make it locate NT4 style LOGON Servicers? Please send me mail directly at [EMAIL PROTECTED] -- Kang Sun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP Client: Domain Downgraded from Win2K+ to NT4-
Greetings! I am currently running Win2K/AD domain with compatible mode. I managed to run the vampie procedure to migrate all credentials (SIDs and passwords) to Samba/PDC with OpenLDAP backend. The existing XP clients logon to the under the Samb/PDC domain without re-join the domain because they expect to locate the domain in Win2K/AD way. Here is the Event View message from NetLOGON The domainof this computer, AB has been downgraded from Windows 2000 or newer to Windows NT4 or older. This computer cannot funtion prpoerly in this case for authetication purposes. This computer needs to rejoin the domain. The following error occurred: There are currently no logon servers available to service the logon request. logon server is avaialbe (the same Samba/PDC) because a new XP client can join and logon to the domain with no problem. The question is how to twist the registry parameter(s) so the existing XP clients will look for a NT4 or orlder style domain? According to MS Q314861. NT4 uses discovery to find its domain ... Any information and suggestion are appreciated. Please response to [EMAIL PROTECTED] -- Kang Sun -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: migrating a windows NT domain to samba on redhat linux
Samba-3 by Example by John H. Terpstra Kashif Awan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello Gurus!!! I am running a windows NT domain with a PDC and a BDC. I want to migrate this domain to samba on redhat linux . Somebody please tell me some goods docs about how to migrate NT domain. Thanks in advance. Regards __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP Can't Join Domain
Paul Gienger [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I found the problem! It turned out to be an ldap problem after all. I had added the machine account to ou=Computers as detailed in most of the Samba/LDAP documentation. However, Samba was looking for the machine account in ou=People. This is actually a well known (to people that read this list for more than a couple weeks) bug in the design of samba. I could swear I got it working once on a linux box without reconfiguring pam_nss, but I could be wrong. This error has been corrected on one of later release, say 3.0.6, am I right? -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2K and WNT work but not WXP after migration
Greetings! As suggested, I tried the samba-3.0.6. After migration, I got user's passwords work and groups properly populated I have three VM machines running NT, 2000, and XP respectively, after migration, NT and 2000 are still in the domain and authenticate users properly. However, the XP machine complains it cannot find the domain: The system cannot log you on now because the domain domainname is not available. Apparently, the domain is working properly because the other two VM machines find the domain promptly and the XP mahince can sign-off and rejoin the domain without problem. What I can think of are 1. XP machine password is not migrated properly. 2. XP requres more than NT and 2000 to recognize the domain. 3. Something simple was not set properly for XP. I disjoin the XP from the domain and rejoin it to domain again. I notice the some difference other than the obvious sambaNTPassword. Notes that start with ## are my comments. Could you please suggest what I should try next? Thanks! diff from pdbedit -Lw wxp$ 41c43 WXP$:1989::46680F1DBC75618E481BC846807B98AD:[W ]:LCT-41349858: --- WXP$:1989:WXP$## TOTALLY different format == diff from smbldap-usershow wxp$ 13,14d12 sambaNTPassword: 46680F1DBC75618E481BC846807B98AD sambaPwdLastSet: 1093965912 17a16,19 sambaPwdCanChange: 1093978279 ## Added field sambaPwdMustChange: 2147483647 ## Added field sambaNTPassword: E51265172C0B33B6ADF9F2B8A9AE5070 sambaPwdLastSet: 1093978279 diff from pdbedit -Lv wxp$ === 35,36c37,38 Password last set:Tue, 31 Aug 2004 11:25:12 GMT Password can change: 0 --- Password last set:Tue, 31 Aug 2004 14:51:19 GMT Password can change: Tue, 31 Aug 2004 14:51:19 GMT ## different format --- Kang Sun On Fri, 08/13/2004 05:19 PM, Andrew Bartlett wrote: I would look at issues such as the domain sid, and machine's sid for it's machine account. Samba does not read the LM password. (Except in a buggy case solved by Samba 3.0.4). I always suggest trying with the current code, so grab current SVN and retry. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Why both LMPass and NTPass: Migration Issue
Greetings! I am back to work the vampire migration issues. It looks like the computers sambaNTPasswords where migrated correctly but the sambaLMPasswords were not! And it seems to be Windows 2000 system only uses sambaNTPasswords while Windows XP systems using more than NTPassword. For Windows 2000 client, any domain user can login into the system without any problem. With Windows XPs and I got he Domain is not Availabe error. However, they can sign off the domain and rejoin the domain without problems. Does Windows XP systems need sambaLMPassword? Did I narrorwed down the problem a little? -- Kang Eric J Bennett [EMAIL PROTECTED] 07/26/2004 08:41 PM To Paul Gienger [EMAIL PROTECTED] cc Kang Sun [EMAIL PROTECTED], [EMAIL PROTECTED] Subject Re: [Samba] Samba/LDAP/PDC Questions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Attempting vampire here when everything else works results in user accounts being created in the LDAP directory (and with a slight ugly hackish modification to the idealx smbldap-useradd script, posix accounts being created) and NTLM password hashes being set in the LDAP tree, and computer accounts being created *but* here is the catch, the NTLM password hashes for computer accounts are not created. So if we think of it as a four step process; 1. Create user accounts *OK* 2. Set user account password hashes *OK* 3. Create Machine accounts *OK* 4. Set Machine account password hashes *FAIL* Of course I'm not bothering to mention the other stuff that it does cause it's all a bit of black magic to me, but you get the general idea, it creates user groups as well and associates the appropriate accounts with the appropriate groups and handles the Unix UID / GID mapping to the NT equivalent security information. I'm trying to get more information on the entire process to provide debug logs to the samba team et al, but I've just been flat out on other stuff in the meantime which unfortunately has a higher priority than this at the moment, but I'll endeavour to get the diagnostic info asap, if someone else wanted to do it before me though, I assume the interesting stuff would be; smbd -d 10 -i smbd.log 21 tcpdump packet capture of traffic between NT PDC and Linux vampire process strace -f net rpc vampire -S pdc -U administrator%password vampire.log 21 And try to make sure you're not broadcasting your password hashes in potentially public bug logs. ^^ What I can tell you from looking at the process so far, is that the NT PDC is *definitely* providing machine account password hashes, it just appears that whatever samba should be doing with them, it is not. Best of luck Regards Eric J Bennett Paul Gienger wrote: | I'm not at all experienced with the vampire command, but I believe it is | supposed to bring passwords over. Perhaps someone can interject here | who does know what they're talking about??? | | (note: bringing back on list from an accidental, i suspect, pm) | | Kang Sun wrote: | | | Hello Paul, | | I have questions on migration. Some other people like Eric | Bennet and Mike Brodbelt posted the similar questions. But I cannot | find a definite answer to this question: would vampiring using | samba/ldap/smbldap-tools actually migrates passwords at all? | | If the add user/machine script from smb.conf is the only | tool vampiring process is calling, it certainly won't create password. | Below are the conversation between me and Mike. I hope you can help us. | | -- Kang | | Kang Sun wrote: | Hello Mike, | | I did similar things and have similar problems. | I looked at the ldap database, the migration did nothing but get all | the | names of users and machines. | If the smbldap-* scripts are the only things vampire process is | calling, I | don't see how would it would get anything else. | | Agreed, although when migrating with a tdbsam backend, the vampire | process will populate the tdbsam with NT passwords and suchlike, but | also runs the useradd scripts to add the posix users, so I thought that | there may be some other data that Samba puts into LDAP directly, not via | invoking the scripts. | | The documentation from John Terpstra's book (available online at | http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828 ) | suggests that the process should work with an LDAP backend, but I'm | currently at a loss to see howm and I'm unable to replicate this, even | on a test network, with various versions of the Idealx smbldap-tools. It | doesn't appear to work as advertised at the moment. | | After vampiring, | | 1. All the computer accounts and user accounts (posixAccount as | well) are | created just like being created by by smbldap-useradd, with the default | parameters as defined in the smbldap.conf or smbldap_config.pm, eg, | profiles, logon scripts, etc, user name, etc. | | Yes, this seems to work when run from the command line. Vampiring seems
[Samba] LDAP-based NIS server .vs. NIS migration to LDAP?
Greetings! I tried to post this question to openldap group but somehow my post never showed up there. Anyway, I built PDC using Samba3 and OPENLDAP and now like to integrade NIS service to it. I searched the net there are quite a few guides on how to replace NIS with LDAP. However, in our environment, we have almost all sorts of Unix platforms, e.g. Linux (mainly Redhat), Solaris, HPUX, AIX, IRIS, and plus some pretty old OS versions. They are all NIS clients now but I don't expect they can all be easily converted to to be authenticated against LDAP. For instance, I don't think all of them have pam and nss ready. I thought it would be easier if I can somehow build the NIS Server using LDAP and maintain all NIS slaves and clients as they are, I would have an easy mirgration path while achieving the goal of centralizing authentication/administration of the enterprise-wide accounts on LDAP server. Any comments, suggestions, guidances are deeply appreciated. Sincerely yours, --- Kang Sun -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Joining Domain
I think with Samba2 you still need to turn off one of the paramenters in the registery. I don't remember the name exactly something about sign or seal. -- Kang [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] tware.com... [EMAIL PROTECTED] (gbengadada) Sent by: [EMAIL PROTECTED] 29.07.2004 11:42 To: [EMAIL PROTECTED] cc: Subject:[Samba] Joining Domain Good Day, I downloaded samba-2.2.9, installed and configuted it on a Solaris 5.7 system. I have configured it as a PDC, however whenever i try to join the domain i have created, Windows ask that i enter a username and password authorized to join systems to the domain. Normally with a Windows 2000 server entering the administrators username and password will do it, however I get this error message: The following error occured attempting to join the domain sambadomain.net: Logon failure:unknown user name or bad password. How can i correct this error. If you try to use Administrator for joining machine to domain you should have a User Administrator on Unix-side with uid=0. And don't forget to add Administrator to smbpasswd if you use this file as backend. Then it should work. Thanks for your anticipated co-operation No problem. Christian --- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: explain me exactly about ldap
I don't how much you know about Samba or LDAP. Any way, Use samba to be an authenticator for Windows and Window Users, you need a Unix accounts for each machine and user. In the old day, these are store in /etc/password and some other flat files. With ldap as a backend, you store everything (Unix account and windows account) in a directory and there are tools like smdldap-tools to synchronize the creations of both types of accounts and mapping between them. LDAP also make samba-BDC possible because you can have a second LDAP server that BDC associate with. Hope this helps. -- Kang Cristhian Nunez [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi i wanna know exactly the principal functions of ldap, if is posible send me a example because im not very clear about this protocol with samba. thanks in advance Cristhian Dominican Republic -- No basta saber, se debe también aplicar. No es suficiente querer, se debe también hacer(Goethe, Johann Wolfgang von). Saludos Cristhian Nunez AGB-CDI Dominicana Abraham Lincoln #154 Edf. Comarno 1er Piso, Mata Hambre Santo Domingo, Rep. Dom. AGB Cambio, Cambia tu a AGB Nuevos numeros : (809)620- y (809)947-2727 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDC Problem
If you tried different configurations for testing, it might ends up with inconsistent SIDs. net getlocalsid will show what SID samba thinks and see if it is the consistent with your users accounts' SID or administrators SID in LDAP server. If not, then you know where your problem is. If all your accounts in ldap has consistent SID but the samba SID is different, the easist fix is net setlocalsid domain part of SID from LDAP Another consideration, have you join your PDC server into your domain? I know it is wired but your PDC will not be in your LDAP unless you join it into the domain. I don't know if this has anything to do with your problem. The last one is well-documented: on XP you need to set certain registry parameter, which I don't rember now, to zero. Hope this helps. -- Kang Kiryl Hakhovich [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hey Michael, thanks for a quick response. When i try to use BCHECKUP\Administrator it says The parameter is incorrect and does not work with ldap at all. (BCHECKUP is my domain name) I guess something wacky about my configs? Thanks. Michael Wray wrote: Sounds like Samba SID doesn't match SID being sent by XP workstation, which btw is what is being sent, not USERNAME Administrator. TO make sure it works for Admin's user name send sambamachinename\Administrator as the username...then the sid's should match. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kiryl Hakhovich Sent: Monday, July 26, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba PDC Problem Hello guys, I have a Samba 3.0.4 on FC2, it has LDAP backend. Machine authenticate users with no problem. However when i try to add XP client to domain, from that workstation, it asking for Administrator password to join to the Domain and them says Login failure: unknown user name or bad password. And at the same time record does inserts into the LDAP!? I can see it right after i got message on the screen about error. Now here is a part from server log: -- Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1587) Jul 26 11:34:13 fileserver smbd[27897]: ldapsam_add_sam_account: SID 'S-1-5-21-299320441-2527492060-3102699668-3000' already in the base, with samba attributes Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2267) Jul 26 11:34:13 fileserver smbd[27897]: could not add user/computer kiryha$ to passdb. Check permissions? -- Note: i can login to linux server with name 'Administrator' and have root's privileges, since ldap has uid 0 for Administrator. smb.conf has line admin users = Administrator What do i missing? Any ideas? Thank you! Sincerely, Kiryl Hakhovich. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba3 - LDAP - USRMGR.EXE
Just a hunch, I didnot test myself. In your smb.conf, did you set the add user script to add posix account as well as Windows account? If so, there might be a problem. From what I read and understand, the script suppose to add Posix account only, and samba will add the Windows account. If the Windows account is added by the add user script, then Samba has to delete it or modify it, which it might not have the previlege or some error comes up that does not mean what it says. Hope this helps! -- Kang Sun [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] tware.com... Hello, have some little problems adding user to domain with USRMGR.EXE My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, smbldap-tools-0.8.5, openldap2-2.2.6 If I try to add a new user with USRMGR.EXE I get an error Access denied, but if I look into LDAP the new user was correctly added to LDAP. If I confirm the error-message and then cancel the NEW USER Window and typing F5 for refreshing the USRMGR. I can see the new user. By doubble-clicking the new User I am able to make any modification to the User without any error. What could be the problem ? Here is a part of /var/log/messages that Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1573) Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User 'i1' already in the base, with samba attributes Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2267) Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i1 to passdb. Check permissions? if you need more logs or sambalog with special loglevel just tell me. The same problem exists when joining a machine to DOMAIN. On first try = Access denied but correctly added to LDAP On second try = Welcome to DOMAIN Thanks for any help. Christian Wittmer - Büro/Office: +49 (0) 6227/385-120 Email: [EMAIL PROTECTED] InterComponentWare AG Otto-Hahn-Strasse 3 69190 Walldorf Zentrale/Main: +49 (6227) 385-100 http://www.intercomponentware.com http://www.lifesensor.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migration, which password?
Greetings!
It is premature for me to send out a success procedure for migration
yesterday. I overlooked things and I appologize for to this group.
Anyway, after migration, computers, users, groups are all created and
filled up with the correct membership. However, I still have the same
problem with machine password and user password. Further looking into the
detail, it looks like samba/ldap does not use LM/NT password for
authentication but expect userPassword, which I assume is posix account
password and did not exist on the original NT4 server.
Here is my account entry after the migration:
==
dn: uid=ksun,ou=Users,dc=ab,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ksun
sn: ksun
uid: ksun
uidNumber: 1870
gidNumber: 513
homeDirectory: /u/ksun
loginShell: /bin/tcsh
gecos: System User
description: System User
userPassword: {crypt}x
sambaSID: S-1-5-21-72881033-379349262-1855928443-5162
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513
sambaLogonTime: 1090859130
sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E
sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A
sambaPwdLastSet: 1069686468
sambaAcctFlags: [NU ]
===
It looks like the migration does create LM password and NT password.
However, I cannot log in to my account unless I change my password.
This is how my account look like after smbldap-passwd ksun to the
original password:
-
dn: uid=ksun,ou=Users,dc=ab,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ksun
sn: ksun
uid: ksun
uidNumber: 1870
gidNumber: 513
homeDirectory: /u/ksun
loginShell: /bin/tcsh
gecos: System User
description: System User
sambaSID: S-1-5-21-72881033-379349262-1855928443-5162
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513
sambaLogonTime: 1090859130
sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E
sambaAcctFlags: [U]
sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A
sambaPwdLastSet: 1090946249
sambaPwdMustChange: 1094834249
userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q==
--
Look at the difference of these two outputs:
+++
12d11
userPassword: {crypt}x
16a16
sambaAcctFlags: [U]
18,19c18,20
sambaPwdLastSet: 1069686468
sambaAcctFlags: [NU ]
---
sambaPwdLastSet: 1090946249
sambaPwdMustChange: 1094834249
userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q==
+++
Surprisingly, the neither NT nor LM passwords changed. The different is
the userPassword, which I assume is the Posix account password, which does
not exist in the old NT PDC at all! Of course the migration won't have the
right password.
I do have ldap passwd sync = Yes in my smb.conf file, questions are:
1. Why samba/ldap authenticate using posix password instead of LM/NT
passwords?
2. Does it synchronize the userPassord password to the NT/LM password or
the otherway around?
3. When does the synchronization happens or being triggered?
4. Is there a way of manually copy the LM/NT password to userPassword
field?
The other difference is the change of the sambaAcctFlag: [U] instead
of [NU ]. I wonder if that changes anything.
Thanks!
-- Kang
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Migration, which password?
Woa! I actually did the migration correct, it is just a matter of enabling
login ON!!!
I enabled the Administrator login and the my login, and I can acutally login
into the domain! Thank you very much!!! But I wonder why it is not turned on
during and/or after the vampiring process by default.
Further more, I manually copied the shadow password field and insert into
the userPassword field prefixed with {Crypt} and I can also login to the
Unix account!!!
The only obstacle left is the the vampiring process did not seem to set
Machine account password hashes correctly. It is an known problem but no
solution yet according to Eric Bennett. I wonder if there is a way to get
the Machine account password hashes directly from NT PDC and just stick into
the sambaNTpassword fiel, like what I did with the userPassword field.
-- Kang Sun
Umberto Zanatta [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Il mar, 2004-07-27 alle 19:22, Kang Sun ha scritto:
Greetings!
It is premature for me to send out a success procedure for
migration
yesterday. I overlooked things and I appologize for to this group.
Anyway, after migration, computers, users, groups are all created
and
filled up with the correct membership. However, I still have the same
problem with machine password and user password. Further looking into
the
detail, it looks like samba/ldap does not use LM/NT password for
authentication but expect userPassword, which I assume is posix account
password and did not exist on the original NT4 server.
No, it doesn't.
Your account was disabled by [NU]; When you had modify it by smbldap,
your account flags
changed in [U].
LDAP backend doesn't require unix account, but smbldap-tools does samba
and posix account together.
NT Password is managed by different way; you can't do unixpass-ntpass
and viceversa.
You should do:
# smbpasswd -e userid
and userid will be enable.
# smbpasswd -d userid
and userid will be disable.
regards.
Here is my account entry after the migration:
==
dn: uid=ksun,ou=Users,dc=ab,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ksun
sn: ksun
uid: ksun
uidNumber: 1870
gidNumber: 513
homeDirectory: /u/ksun
loginShell: /bin/tcsh
gecos: System User
description: System User
userPassword: {crypt}x
sambaSID: S-1-5-21-72881033-379349262-1855928443-5162
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513
sambaLogonTime: 1090859130
sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E
sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A
sambaPwdLastSet: 1069686468
sambaAcctFlags: [NU ]
===
It looks like the migration does create LM password and NT password.
However, I cannot log in to my account unless I change my password.
This is how my account look like after smbldap-passwd ksun to the
original password:
--
--
-
dn: uid=ksun,ou=Users,dc=ab,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: ksun
sn: ksun
uid: ksun
uidNumber: 1870
gidNumber: 513
homeDirectory: /u/ksun
loginShell: /bin/tcsh
gecos: System User
description: System User
sambaSID: S-1-5-21-72881033-379349262-1855928443-5162
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-513
sambaLogonTime: 1090859130
sambaLMPassword: D2C0998710B6D0D260086A4D2CF0CF0E
sambaAcctFlags: [U]
sambaNTPassword: 0457C29D84903BB202DDD57B9958F67A
sambaPwdLastSet: 1090946249
sambaPwdMustChange: 1094834249
userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q==
--
--
--
Look at the difference of these two outputs:
+++
12d11
userPassword: {crypt}x
16a16
sambaAcctFlags: [U]
18,19c18,20
sambaPwdLastSet: 1069686468
sambaAcctFlags: [NU ]
---
sambaPwdLastSet: 1090946249
sambaPwdMustChange: 1094834249
userPassword: {MD5}oL1Na14I3VPzA6/fq8Wx5Q==
+++
Surprisingly, the neither NT nor LM passwords changed. The different
is
the userPassword, which I assume is the Posix account password, which
does
not exist in the old NT PDC at all! Of course the migration won't have
the
right password.
I do have ldap passwd sync = Yes in my smb.conf file, questions
are:
1. Why samba/ldap authenticate using posix password instead of LM/NT
passwords?
2. Does it synchronize the userPassord password to the NT/LM
password or
the otherway around?
3. When does the synchronization happens or being triggered?
4. Is there a way of manually copy the LM/NT password to
userPassword
field?
The other difference is the change of the sambaAcctFlag
Re: [Samba] Samba/LDAP/PDC Questions
Hello Eric,
I just want to make sure we are on the same page.
After vampiring, I got all the user accounts, computer accounts,
groups, and membership created correctly.
For somereason, the login is disabled. Once I do smbpasswd -e
userid, I am able to login to that account with the right password. So
the NT password migratted OK.
smbPassword field only contains '{Crypt}x' but once I copied the
hashed password from NIS map to that field prefixed with {Crypt}, I
can also login to the Unix account.
All together it means that I have ways to make sure the user
authentication will work fine with Windows and Unix login. But at what
point and in what way the password synchronization work and in what
direction?
The only remaining obatacle is that the computer authentication failed.
The comptuer cannot loginto the doamin unless I rejoin it to the domain. I
think this is where you failed also.
I wonder if there is anyway to get all the computer account hash in text
format from the original NT PDC and just write script to stick the hash to
the corresponding smbNTPassword field, just like what I did with the
userPassword field. Any suggestion.
Finally, I did get some kind of smbNTPassword during vampiring, does it
at least look right? Is there anyway I can compare it to the original on
the NT Server? Here is my machine account looks like:
Thanks!
--- Kang Sun
dn: uid=KSUN$,ou=People,dc=ab,dc=com
objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount
cn: KSUN$
sn: KSUN$
uid: KSUN$
uidNumber: 1801
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
sambaSID: S-1-5-21-72881033-379349262-1855928443-4737
displayName: KSUN$
sambaLogonTime: 1090863161
sambaNTPassword: BCE2D22F8B6638F72008CA16CDEA1F4D
sambaPwdLastSet: 1089841247
sambaAcctFlags: [W ]
gidNumber: 1000
sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-515
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attempting vampire here when everything else works results in user
accounts being created in the LDAP directory (and with a slight ugly
hackish modification to the idealx smbldap-useradd script, posix
accounts being created) and NTLM password hashes being set in the LDAP
tree, and computer accounts being created *but* here is the catch, the
NTLM password hashes for computer accounts are not created.
So if we think of it as a four step process;
1. Create user accounts *OK*
2. Set user account password hashes *OK*
3. Create Machine accounts *OK*
4. Set Machine account password hashes *FAIL*
Of course I'm not bothering to mention the other stuff that it does
cause it's all a bit of black magic to me, but you get the general idea,
it creates user groups as well and associates the appropriate accounts
with the appropriate groups and handles the Unix UID / GID mapping to
the NT equivalent security information.
I'm trying to get more information on the entire process to provide
debug logs to the samba team et al, but I've just been flat out on other
stuff in the meantime which unfortunately has a higher priority than
this at the moment, but I'll endeavour to get the diagnostic info asap,
if someone else wanted to do it before me though, I assume the
interesting stuff would be;
smbd -d 10 -i smbd.log 21
tcpdump packet capture of traffic between NT PDC and Linux vampire process
strace -f net rpc vampire -S pdc -U administrator%password vampire.log
21
And try to make sure you're not broadcasting your password hashes in
potentially public bug logs. ^^
What I can tell you from looking at the process so far, is that the NT
PDC is *definitely* providing machine account password hashes, it just
appears that whatever samba should be doing with them, it is not.
Best of luck
Regards
Eric J Bennett
Paul Gienger wrote:
| I'm not at all experienced with the vampire command, but I believe it is
| supposed to bring passwords over. Perhaps someone can interject here
| who does know what they're talking about???
|
| (note: bringing back on list from an accidental, i suspect, pm)
|
| Kang Sun wrote:
|
|
| Hello Paul,
|
| I have questions on migration. Some other people like Eric
| Bennet and Mike Brodbelt posted the similar questions. But I cannot
| find a definite answer to this question: would vampiring using
| samba/ldap/smbldap-tools actually migrates passwords at all?
|
| If the add user/machine script from smb.conf is the only
| tool vampiring process is calling, it certainly won't create password.
| Below are the conversation between me and Mike. I hope you can help us.
|
| -- Kang
|
| Kang Sun wrote:
| Hello Mike,
|
| I did similar things and have similar problems.
| I looked at the ldap database, the migration did nothing but get all
| the
| names of users and machines.
| If the smbldap-* scripts are the only things vampire process is
| calling, I
| don't see how would it would get anything else.
|
| Agreed, although when migrating
[Samba] Re: NT domain migration to LDAP/SAMBA (password migration)
Previous question was regarding the passwords was not migrated ...
Well, I find one error, at least that was what happened to me.
In the smb.conf file, I had
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m %u
while it should have been
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -m %u
The add user script only suppose to add a posix account. The windows account
is migrated and mapped to that posix account.
with -a option on, a windows account is also created together with the
Posix account. The migration failed because a windows account, with all the
default atrributes from smbldap.conf, already exists.
I hope this helps to others with similar problems.
-- Kang
Mike Brodbelt [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Kang Sun wrote:
Hello Mike,
I did similar things and have similar problems.
I looked at the ldap database, the migration did nothing but get all
the names of users and machines.
If the smbldap-* scripts are the only things vampire process is
calling, I don't see how would it would get anything else.
Agreed, although when migrating with a tdbsam backend, the vampire
process will populate the tdbsam with NT passwords and suchlike, but
also runs the useradd scripts to add the posix users, so I thought that
there may be some other data that Samba puts into LDAP directly, not via
invoking the scripts.
The documentation from John Terpstra's book (available online at
http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828)
suggests that the process should work with an LDAP backend, but I'm
currently at a loss to see howm and I'm unable to replicate this, even
on a test network, with various versions of the Idealx smbldap-tools. It
doesn't appear to work as advertised at the moment.
After vampiring,
1. All the computer accounts and user accounts (posixAccount as well)
Kang Sun wrote:
Hello Mike,
I did similar things and have similar problems.
I looked at the ldap database, the migration did nothing but get all
the
names of users and machines.
If the smbldap-* scripts are the only things vampire process is
calling, I
don't see how would it would get anything else.
Agreed, although when migrating with a tdbsam backend, the vampire
process will populate the tdbsam with NT passwords and suchlike, but
also runs the useradd scripts to add the posix users, so I thought that
there may be some other data that Samba puts into LDAP directly, not via
invoking the scripts.
The documentation from John Terpstra's book (available online at
http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828)
suggests that the process should work with an LDAP backend, but I'm
currently at a loss to see howm and I'm unable to replicate this, even
on a test network, with various versions of the Idealx smbldap-tools. It
doesn't appear to work as advertised at the moment.
After vampiring,
1. All the computer accounts and user accounts (posixAccount as well)
are created just like being created by by smbldap-useradd, with the
default parameters as defined in the smbldap.conf or
smbldap_config.pm, eg, profiles, logon scripts, etc, user name, etc.
Yes, this seems to work when run from the command line. Vampiring seems
to throw up some errors that I've not tracked down yet though.
2. Users lost its domain membership. Every user accounts are now
belonging to Domain Users group. No one in Domain Admins group
except Administrator.
The migration process must have done more than just calling these
smbldap-tools scripts, but I just don't see the effect.
What do you see if you do
smbldap-usershow userid or machinename$ ?
# smbldap-usershow detritus
dn: uid=rwind,ou=People,dc=acu,dc=ac,dc=uk
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount
cn: rwind
sn: rwind
uid: rwind
uidNumber: 1006
gidNumber: 513
homeDirectory: /home/rwind
loginShell: /bin/bash
gecos: System User
description: System User
userPassword: {crypt}x
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
displayName: System User
sambaAcctFlags: [UX]
sambaSID: S-1-5-21-2704678572-2069052080-1039482078-3012
sambaLMPassword: XXX
sambaPrimaryGroupSID: S-1-5-21-2704678572-2069052080-1039482078-513
sambaProfilePath: \\TALITHA\profiles\rwind
sambaHomePath: \\TALITHA\home\rwind
sambaHomeDrive: M:
sambaNTPassword: XXX
# smbldap-usershow quirm$
dn: uid=quirm$,ou=Computers,dc=acu,dc=ac,dc=uk
objectClass: top,inetOrgPerson,posixAccount
cn: quirm$
sn: quirm$
uid: quirm$
uidNumber: 1013
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
or smbldap-groupshow groupid ?
# smbldap-groupshow Domain Admins
dn: cn=Domain Admins,ou=Groups,dc=acu,dc=ac,dc=uk
objectClass: posixGroup,sambaGroupMapping
gidNumber: 512
cn
[Samba] Migration NT4 PDC to Smb3/LDAP/TOOLS: A Success Procedure
will not be migrated. 3. Clean up all the previous ldap and samba entries. rm -rf /var/lib/ldap/*# clean up the ldap database rm -f /var/cache/samba/*# clean up the cached samba entries. rm -f /etc/samb/*.tdb# clean up the all exiting tdb Note: ** Cleaning up is needed whenever you change your configuration, otherwise you will have unexpected result. ** 4. Get your Domain SID as instructed net rpc getsid -S PDC server -W Real domain Also run smbpasswd -w not24get Run tdbdump /etc/samba/secrets.tdb to see what is in this tdb. 5. Preload the database Refer to Example 8.3.1 With several trial I realized that I need to reploaded a few more entries to make the migration work! In addtion to the entries suggested, I made additional entries. *** replace the domain part of SID with the SID you obtain from above step *** dn: ou=Users,dc=ab,dc=com objectClass: top objectClass: organizationalUnit ou: Users structuralObjectClass: organizationalUnit Note: This is needed since we hold all users in Users group dn: cn=Domain Admins,ou=Groups,dc=ab,dc=com objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Admins gidNumber: 512 structuralObjectClass: posixGroup entryUUID: d5c6a642-736b-1028-828a-f4f139c67fb5 sambaSID: S-1-5-21-72881033-379349262-1855928443-512 sambaGroupType: 2 displayName: Domain Admins description: Designated administrators of the domain entryCSN: 2004072616:23:12Z#0x0002#0# Note: smbtools assuming the Domain Admins group is mapped to GID 512. Without this entry, the migration will create a Domain Admins group with a random GID dn: cn=Domain Users,ou=Groups,dc=ab,dc=com objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Users gidNumber: 513 structuralObjectClass: posixGroup entryUUID: d792f890-736b-1028-828b-f4f139c67fb5 sambaSID: S-1-5-21-72881033-379349262-1855928443-513 sambaGroupType: 2 displayName: Domain Users description: All domain users entryCSN: 2004072616:23:15Z#0x0002#0# Note: smbldap-tools expected all Domain Users being mapped to GID 513. ** This entry is important, or you will get Group 513 does not exist error during migration. ** dn: cn=Domain Guests,ou=Groups,dc=ab,dc=com objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Guests gidNumber: 514 structuralObjectClass: posixGroup entryUUID: d95eacaa-736b-1028-828c-f4f139c67fb5 creatorsName: cn=Manager,dc=ab,dc=com createTimestamp: 20040726162318Z sambaSID: S-1-5-21-72881033-379349262-1855928443-514 sambaGroupType: 2 displayName: Domain Guests description: All domain guests entryCSN: 2004072616:23:18Z#0x0002#0# Note: I am not sure how important this is. dn: uid=Administrator,ou=Users,dc=ab,dc=com objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount cn: Administrator sn: Administrator uid: Administrator uidNumber: 0 gidNumber: 512 homeDirectory: /u/Administrator loginShell: /bin/tcsh gecos: System User structuralObjectClass: inetOrgPerson entryUUID: eb4d3030-736b-1028-8296-f4f139c67fb5 sambaSID: S-1-5-21-72881033-379349262-1855928443-500 sambaPrimaryGroupSID: S-1-5-21-72881033-379349262-1855928443-512 description: Built-in account for administering the computer/domain sambaLogonTime: 1090857052 sambaLogoffTime: 981830074 sambaLMPassword: A97D5AFE0D3EF79944CBCFC86460DB9E sambaNTPassword: 015B5326F969E4741241A45F1C734BAD sambaPwdLastSet: 1052497723 sambaAcctFlags: [UX ] entryCSN: 2004072616:23:49Z#0x0001#0# Note: smbldap-tools expects Administrator account has UID 0 and GID 512. Without this entry, the migration process will create an unprivileged Administrator account. 6. Now run the preload slapadd -v -l preload.LDIF Note: ldap daemon should be up at this point. chown ldap:ldap /var/lib/ldap/* Note: This chnage the owner and group to ldap. /etc/init.d/ldap start 7. Join your server into domain net rpc join BDC -S PDC Server -W REAL domain -U Administratoradmin passwd Note, samba should not run at this time. Otherwise you will get Cannot Set Creds error. 8. Vampiring net rpc vampire -S PDC server -U administrator%admin passwd Note, samba should not run at this time. Otherwise you will get Cannot Set Creds error. Let me know if I missed any step. Good luck! --- Kang Sun -- To unsubscribe from this list go to the following URL
[Samba] Re: samba PDC
something like net rpc join -W domainname -U Administrator%password -- KS my diva [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hi...mailers i have s PDC server. and i have two client using windows and Linux. In windows client no problem but in Linux client i have the problem. so...how to join linux client in my PDC server? i need help because this is my project. thanks.. regards Rian - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: NT domain migration to LDAP/SAMBA
Hello Mike, I did similar things and have similar problems. I looked at the ldap database, the migration did nothing but get all the names of users and machines. If the smbldap-* scripts are the only things vampire process is calling, I don't see how would it would get anything else. After vampiring, 1. All the computer accounts and user accounts (posixAccount as well) are created just like being created by by smbldap-useradd, with the default parameters as defined in the smbldap.conf or smbldap_config.pm, eg, profiles, logon scripts, etc, user name, etc. 2. Users lost its domain membership. Every user accounts are now belonging to Domain Users group. No one in Domain Admins group except Administrator. The migration process must have done more than just calling these smbldap-tools scripts, but I just don't see the effect. What do you see if you do smbldap-usershow userid or machinename$ ? or smbldap-groupshow groupid ? -- Kang Sun Mike Brodbelt [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I'm attempting to migrate an NT4 domain to Samba3, and getting quite frustrated with stuff that seems not to work as advertised. I'd appreciate any help. I've set up an OpenLDAP server, and Samba 3, configured it as a BDC, and tried running net rpc vampire. This all works, and Samba does the appropriate stuff to try and populate the LDAP database. The scripts I've got configured are:- add user script = /usr/local/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' All the scripts are from the IdealX tools, version 0.8.5. I've set up the directory, and run smbldap-populate against it first, to check all is OK. When I symlink all the smbldap scripts to a test rig that just prints how it was called to a log file, and then run vampire, I get this:- Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Admins Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Users Command line: /usr/local/sbin/smbldap-groupadd.pl -p Domain Guests Command line: /usr/local/sbin/smbldap-groupadd.pl -p Wizards Command line: /usr/local/sbin/smbldap-groupadd.pl -p Watchmen Command line: /usr/local/sbin/smbldap-useradd.pl -a -m Administrator Command line: /usr/local/sbin/smbldap-useradd.pl -a -m Guest Command line: /usr/local/sbin/smbldap-useradd.pl -w WYRMBERG$ Command line: /usr/local/sbin/smbldap-useradd.pl -a -m rwind Command line: /usr/local/sbin/smbldap-useradd.pl -a -m nogg Command line: /usr/local/sbin/smbldap-useradd.pl -a -m gwax Command line: /usr/local/sbin/smbldap-useradd.pl -a -m carrott Command line: /usr/local/sbin/smbldap-useradd.pl -a -m detritus Command line: /usr/local/sbin/smbldap-useradd.pl -a -m tfairy Command line: /usr/local/sbin/smbldap-useradd.pl -w UBERWALD$ Command line: /usr/local/sbin/smbldap-useradd.pl -w quirm$ Command line: /usr/local/sbin/smbldap-useradd.pl -w TALITHA$ Command line: /usr/local/sbin/smbldap-groupadd.pl -p Account Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Administrators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Backup Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Guests Command line: /usr/local/sbin/smbldap-groupadd.pl -p Print Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Replicator Command line: /usr/local/sbin/smbldap-groupadd.pl -p Server Operators Command line: /usr/local/sbin/smbldap-groupadd.pl -p Users This is all being done on a test domain, with fake users at the moment, before I try a real environment. From the command line, I can add users and groups using the commands above, and all seems to work. Yet, when I actually try the vampire with the real scripts in place, I get errors like this:- Creating unix group: 'Wizards' Creating unix group: 'Watchmen' Creating account: Administrator /usr/local/sbin/smbldap-useradd: user Administrator exists Could not create posix account info for 'Administrator' Creating account: Guest Could not create posix account info for 'Guest' Creating account: WYRMBERG$ Could not create posix account info for 'WYRMBERG$' Creating account: rwind Could not create posix account info for 'rwind' Why do I get this Could not create posix account info message, and what does it mean? Also, running pdbedit -Lw after vampiring generates:- Administrator:4294967295::XX XX:[U ]:LCT-: nobody:65534:NO PASSWORDX:NO PASSWORDX:[NU
[Samba] Re: Samba Multiple Subnets
smb.conf can have the following statements that might help you. interfaces = eth0, lo bind interfaces only = Yes -- Kang Honey Bajaj [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have installed Samba 3.0.5 pre1 as PDC and two domain member servers with winbind which is catering to two subnets containing only windows 9x clients, the samba PDC is also configured as Wins server. The PDC and the member servers are in the same subnet i.e. 192.168.1.0/24, and the other subnet 192.168.2.0/24 is seperated by a linux router, now how can I make the windows 9x clients to domain logon from the second subnet (192.168.2.0/24) which only contains windows 9x clients, I have added the wins server address on all the clients in both the sunbets, but from the second subnet my windows 9x clients are unable to logon to domain. Please suggest me some solution. Thanks, Honey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with Authnication from NT
I have the same problem. The log file said: # [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) # ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) # [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) # ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add Add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method get_value on an undefined value at /usr/sbin/smbldap-useradd line 152, DATA line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. Please help somebody. -- Kang Hi Samba Guru's... I have a problem connecting from a windows NT workstation to Samba server. It is working fine for Windows XP and Windows 2000. Samba not logging any information about that Windows NT m/c. Here i am giving the smb.conf file. Please try to help me to work it for Win NT also. Here is my Configuration file. Thanks in advance for any help. # Global Parameters [global] netbios name = avengr03 workgroup = avengr03 map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password %n\n *passwd:*all*authentication*tokens*updated*sucessfully* # Debug Logging Information Log Level = 2 max log size = 1000 # log file = /var/log/samba/samba.log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY wins support = yes # Networking configuration Options Hosts Allow = *.*.*.* [Proj1] comment = Proj1 directory path = /engr/proj1 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins [Proj2] comment = Proj2 directory path = /engr/proj2 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Samba/LDAP/PDC Questions
Hello Paul, Thank you for the help. Now I am back to my original question: I cannot add NT4 machine to the samba domain! I tried to use the Identification changes from NT4 system to sign into the domain, it said The machine account for this computer does not exist or is anaccessible. The log file said: [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method get_value on an undefined value at /usr/sbin/smbldap-useradd line 152, DATA line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with Authnication from NT
OK, I just figured out how to do it. My NT4 workstation is called king. Use 'smbldap-useradd -w king' to add the posixAccount: king$. Then use 'smbpasswd -a -m king' to add the samba account. You will have # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: king$ sn: king$ uid: king$ uidNumber: 1025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer sambaSID: S-1-5-21-1242048156-3479289135-3828126537-3050 sambaPrimaryGroupSID: S-1-5-21-1242048156-3479289135-3828126537-2031 displayName: king$ sambaPwdCanChange: 1090385089 sambaPwdMustChange: 2147483647 sambaLMPassword: FE250117FB90641FAAD3B435B51404EE sambaNTPassword: 0FBD58B776542B3CB589E0D8F686A3A7 sambaPwdLastSet: 1090385089 sambaAcctFlags: [W ] Then loginto NT4 and change its identification from workgroup to domain, without creating new account. Hope this works for you guys, too! --- Kang Kang Sun [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have the same problem. The log file said: # [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) # ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) # [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) # ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add Add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method get_value on an undefined value at /usr/sbin/smbldap-useradd line 152, DATA line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. Please help somebody. -- Kang Hi Samba Guru's... I have a problem connecting from a windows NT workstation to Samba server. It is working fine for Windows XP and Windows 2000. Samba not logging any information about that Windows NT m/c. Here i am giving the smb.conf file. Please try to help me to work it for Win NT also. Here is my Configuration file. Thanks in advance for any help. # Global Parameters [global] netbios name = avengr03 workgroup = avengr03 map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password %n\n *passwd:*all*authentication*tokens*updated*sucessfully* # Debug Logging Information Log Level = 2 max log size = 1000 # log file = /var/log/samba/samba.log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY wins support = yes # Networking configuration Options Hosts Allow = *.*.*.* [Proj1] comment = Proj1 directory path = /engr/proj1 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins [Proj2] comment = Proj2 directory path = /engr/proj2 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Samba/LDAP/PDC Questions
OK, I just figured out how to do it. My NT4 workstation is called king. Use 'smbldap-useradd -w king' to add the posixAccount: king$. Then use 'smbpasswd -a -m king' to add the samba account. You will have # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: king$ sn: king$ uid: king$ uidNumber: 1025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer sambaSID: S-1-5-21-1242048156-3479289135-3828126537-3050 sambaPrimaryGroupSID: S-1-5-21-1242048156-3479289135-3828126537-2031 displayName: king$ sambaPwdCanChange: 1090385089 sambaPwdMustChange: 2147483647 sambaLMPassword: FE250117FB90641FAAD3B435B51404EE sambaNTPassword: 0FBD58B776542B3CB589E0D8F686A3A7 sambaPwdLastSet: 1090385089 sambaAcctFlags: [W ] Then loginto NT4 and change its identification from workgroup to domain, without creating new account. Thanks anyway! == Kang Sun [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello Paul, Thank you for the help. Now I am back to my original question: I cannot add NT4 machine to the samba domain! I tried to use the Identification changes from NT4 system to sign into the domain, it said The machine account for this computer does not exist or is anaccessible. The log file said: [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method get_value on an undefined value at /usr/sbin/smbldap-useradd line 152, DATA line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Profiles
In the smb.conf there should be a session called [profiles], it specifies the paht=/var/samba/profiles/%U or something similar and I read somewhere the mode to that directory has to be 1777. Hope this helps. -- Kang B.Rumsey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I have just installed Suse 9.1 and samba 3.02a. I have set samba up as a PDC. I am able to log into it but windows complains about not being able to find the profile. I have created the dir /var/lib/samba/profiles/ and the users folders. 1: Where can I find the windows default profile? 2: Can this be edited (default win profile )? Thanks in advance Barry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Message (The distribution of your message dated Mon, 26...)
The distribution of your message dated Mon, 26 Apr 2004 16:25:09 -0300 with subject Your information has been postponed because the JAVA-AWT list is held. No action is required from you; your message will be reprocessed automatically once the list owner releases the list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 W2K Joing domain error - the user name couldnot be found
Hi, Thanks for your information. Now I was not able to login as domain user. I am getting following error message. The system cannot log you on now because domain TECHGROUP is not available. Here is my ldap log message:- Dec 28 00:31:08 rishi slapd[1753]: conn=93 fd=17 ACCEPT from IP=::1 1230 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 BIND dn=cn=Manager,dc=sfgroup,dc=com method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 AUTHZ dn=cn=Manager,dc=sfgroup,dc=com mech=simple ssf=0 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=TECHGROUP)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SRCH base=dc=sfgroup,dc=com scope=2 filter=((sambaSID=S-1-5-21-554143600-2037058611-3511194912-501)(objectClass=sambaSamAccount)) Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[1753]: conn=94 fd=23 ACCEPT from IP=127.0.0.1:1231 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 BIND dn= method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=(uid=nobody) Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=sfgroup,dc=com))) Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65533)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65534)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=546)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= samba log message:- [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 2 of length 202 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(591) wct=12 flg2=0xc807 [2003/12/28 00:32:05, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(471) Doing spnego session setup [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(383) Got secblob of size 32 [2003/12/28 00:32:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe0088297 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 3 of length 234 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx
[Samba] Samba 3.0.1 W2K Joing domain error - the user name could not be found
Hi,
I am trying to add Windows 2000 (newly installed with service pack 4)
machine to suse linux 8.2 samba 3.0.1 + LDAP PDC. Its giving me user could
not be found error message.
When I join it automatically creates account for machine (sales$) under
Computers tree,
Ldap log file it searching under People tree.
Dec 27 13:54:20 rishi slapd[4581]: conn=409 op=1 SRCH
base=ou=People,dc=sfgroup,dc=com scope=2 filter=((objectClass=posix
Account)(uid=sales$))
Dec 27 13:54:20 rishi slapd[4581]: conn=409 op=1 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec 27 13:54:20 rishi slapd[5270]: conn=409 op=2 SRCH
base=ou=People,dc=sfgroup,dc=com scope=2 filter=((objectClass=posix
Account)(uid=SALES$))
Dec 27 13:54:20 rishi slapd[5270]: conn=409 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
Here is some more information.
rishi:/usr/local/sbin # rpm -qa | grep -i samba
samba3-3.0.1-14
samba3-client-3.0.1-14
samba3-winbind-3.0.1-14
samba3-doc-3.0.1-14
rishi:/usr/local/sbin # rpm -qa | grep -i openldap
openldap2-client-2.1.12-50
openldap2-2.1.12-50
openldap-lib-1.2.13-285
testparm command output:-
# Global parameters
[global]
workgroup = TECHGROUP
server string = rishi Samba Server
null passwords = Yes
passdb backend = ldapsam
passwd program = /usr/local/bin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
passwd chat debug = Yes
log level = 3
log file = /var/log/samba/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u
add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g
delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g
add user to group script = /usr/local/sbin/smbldap-useradd.pl -j
-u %u -g %g
delete user from group script = /usr/local/sbin/smbldap-useradd.pl
-j -u %u -g %g
set primary group script = /usr/local/sbin/smbldap-useradd.pl -m
-u %u -gid %g
add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m
domain logons = Yes
os level = 22
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap suffix = dc=sfgroup,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = cn=Manager,dc=sfgroup,dc=com
ldap ssl = no
printing = cups
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
rishi:/var/log/samba # id Administrator
uid=0(Administrator) gid=512(Domain Admins) groups=512(Domain Admins)
rishi:/usr/local/sbin # ./smbldap-usershow.pl Administrator
dn: uid=Administrator,ou=People,dc=sfgroup,dc=com
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson,sambaSAMAccount,posixAccount
uid: Administrator
homeDirectory: /home
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\_PDCNAME_\homes
sambaHomeDrive: _HOMEDRIVE_
sambaProfilePath: \\_PDCNAME_\profiles\
loginShell: /bin/false
gecos: Netbios Domain Administrator
gidNumber: 512
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-1000
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-512
uidNumber: 0
sambaLMPassword: 78BCCAEE08C90E29AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: F9E37E83B83C47A93C2F09F66408631B
sambaPwdLastSet: 1072465723
sambaPwdMustChange: 1076353723
userPassword: {SSHA}dboB3GxKxhYDDZqacEuJ5aUnf1Oya8O2
ldap log file output
=
Dec 27 13:54:17 rishi slapd[4494]: conn=401 fd=20 ACCEPT from IP=::1 2998
(IP=:: 389)
Dec 27 13:54:17 rishi slapd[4580]: conn=401 op=0 BIND
dn=cn=Manager,dc=sfgroup,dc=com method=128
Dec 27 13:54:17 rishi slapd[4580]: conn=401 op=0 AUTHZ
dn=cn=Manager,dc=sfgroup,dc=com mech=simple ssf=0
Dec 27 13:54:17 rishi slapd[4580]: conn=401 op=0 RESULT tag=97 err=0 text=
Dec 27 13:54:17 rishi slapd[5265]: conn=401 op=1 SRCH
base=dc=sfgroup,dc=com scope=2
filter=((objectClass=sambaDomain)(sambaDomainName=TECHGROUP))
Dec 27 13:54:17 rishi slapd[5265]: conn=401 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 27 13:54:17 rishi slapd[7378]: conn=401 op=2 SRCH
base=dc=sfgroup,dc=com scope=2
filter=((uid=Administrator)(objectClass=sambaSamAccount))
Dec 27 13:54:17 rishi slapd[7378]: conn=401 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 27 13:54:17 rishi slapd[4581]: conn=380 op=3 SRCH
base=ou=People,dc=sfgroup,dc=com scope=2
filter=((objectClass=posixAccount)(uid=Administrator))
Dec 27 13:54:17 rishi slapd[4581]: conn=380 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 27 13:54:17 rishi
[Fwd: Re: [Samba] Samba 3.0.1 W2K Joing domain error - the user name couldnot be found]
Hi, Thanks for your information. Now I was not able to login as domain user. I am getting following error message. The system cannot log you on now because domain TECHGROUP is not available. Here is my ldap log message:- Dec 28 00:31:08 rishi slapd[1753]: conn=93 fd=17 ACCEPT from IP=::1 1230 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 BIND dn=cn=Manager,dc=sfgroup,dc=com method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 AUTHZ dn=cn=Manager,dc=sfgroup,dc=com mech=simple ssf=0 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=TECHGROUP)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SRCH base=dc=sfgroup,dc=com scope=2 filter=((sambaSID=S-1-5-21-554143600-2037058611-3511194912-501)(objectClass=sambaSamAccount)) Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[1753]: conn=94 fd=23 ACCEPT from IP=127.0.0.1:1231 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 BIND dn= method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=(uid=nobody) Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=sfgroup,dc=com))) Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65533)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65534)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=546)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= samba log message:- [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 2 of length 202 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(591) wct=12 flg2=0xc807 [2003/12/28 00:32:05, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(471) Doing spnego session setup [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(383) Got secblob of size 32 [2003/12/28 00:32:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0xe0088297 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 3 of length 234 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx
Re: [Fwd: Re: [Samba] Samba 3.0.1 W2K Joing domain error - the user name couldnot be found]
FYI: Hi, There will be a bug fix for 3.0.1 within a few days. Looks like we have a bug in NTLMSSP code in 3.0.1. This does prevent domain logons. Domain joins when done as 'root' do work, but subsequent logons do not. A patch was posted on samba-technical yesterday and should be in 3.0.2pre CVS within 24 hours. - John T. Hi, Thanks for your information. Now I was not able to login as domain user. I am getting following error message. The system cannot log you on now because domain TECHGROUP is not available. Here is my ldap log message:- Dec 28 00:31:08 rishi slapd[1753]: conn=93 fd=17 ACCEPT from IP=::1 1230 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 BIND dn=cn=Manager,dc=sfgroup,dc=com method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 AUTHZ dn=cn=Manager,dc=sfgroup,dc=com mech=simple ssf=0 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=TECHGROUP)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SRCH base=dc=sfgroup,dc=com scope=2 filter=((sambaSID=S-1-5-21-554143600-2037058611-3511194912-501)(objectClass=sambaSamAccount)) Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[1753]: conn=94 fd=23 ACCEPT from IP=127.0.0.1:1231 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 BIND dn= method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=(uid=nobody) Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=sfgroup,dc=com))) Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65533)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65534)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=546)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= samba log message:- [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 2 of length 202 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(591) wct=12 flg2=0xc807 [2003/12/28 00:32:05, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(471) Doing spnego session setup [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/12/28 00:32:05, 3]
Re: [Fwd: Re: [Samba] Samba 3.0.1 W2K Joing domain error - the user name couldnot be found]
FYI: Hi, There will be a bug fix for 3.0.1 within a few days. Looks like we have a bug in NTLMSSP code in 3.0.1. This does prevent domain logons. Domain joins when done as 'root' do work, but subsequent logons do not. A patch was posted on samba-technical yesterday and should be in 3.0.2pre CVS within 24 hours. - John T. Hi, Thanks for your information. Now I was not able to login as domain user. I am getting following error message. The system cannot log you on now because domain TECHGROUP is not available. Here is my ldap log message:- Dec 28 00:31:08 rishi slapd[1753]: conn=93 fd=17 ACCEPT from IP=::1 1230 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 BIND dn=cn=Manager,dc=sfgroup,dc=com method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 AUTHZ dn=cn=Manager,dc=sfgroup,dc=com mech=simple ssf=0 Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaDomain)(sambaDomainName=TECHGROUP)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SRCH base=dc=sfgroup,dc=com scope=2 filter=((sambaSID=S-1-5-21-554143600-2037058611-3511194912-501)(objectClass=sambaSamAccount)) Dec 28 00:31:08 rishi slapd[2340]: conn=93 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[1753]: conn=94 fd=23 ACCEPT from IP=127.0.0.1:1231 (IP=:: 389) Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 BIND dn= method=128 Dec 28 00:31:08 rishi slapd[2166]: conn=94 op=0 RESULT tag=97 err=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SRCH base=dc=sfgroup,dc=com scope=2 filter=(uid=nobody) Dec 28 00:31:08 rishi slapd[2167]: conn=94 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=sfgroup,dc=com))) Dec 28 00:31:08 rishi slapd[2340]: conn=94 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65533)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=65534)) Dec 28 00:31:08 rishi slapd[2167]: conn=93 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SRCH base=ou=Groups,dc=sfgroup,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(gidNumber=546)) Dec 28 00:31:08 rishi slapd[2166]: conn=93 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= samba log message:- [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/12/28 00:32:05, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/12/28 00:32:05, 3] smbd/process.c:process_smb(890) Transaction 2 of length 202 [2003/12/28 00:32:05, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 2677) [2003/12/28 00:32:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X(591) wct=12 flg2=0xc807 [2003/12/28 00:32:05, 2] smbd/sesssetup.c:setup_new_vc_session(544) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(471) Doing spnego session setup [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2003/12/28 00:32:05, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/12/28 00:32:05, 3]
Re: [Samba] Password Asking in XP
can you try with this option. security = shared -SR I'm using samba 3.0.1 as a file server, with no domain. All my users are exacly the same (even case preserving) as windows logon users. So I think that when they try to access a share the windows should first try to send the loged user and pwd, right? For some reason it is working in some machines and in some is not. When the user tries to access the share it is asked for login/password even if it is the same as his login. The clients are WindowsXP Pro/Home. Any tips? regards thiago lima. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.1 not listing workgroup and host name
Hi all, I am using samba 3.0.1 LDAP PDC on suse 8.2. smbclinet command is not listing domain ( work group name). Here is the output smbclient command. rishi:/var/log/samba # smbclient -L localhost Password: Anonymous login successful Sharename Type Comment - --- IPC$ IPC IPC Service (rishi Samba Server) ADMIN$ IPC IPC Service (rishi Samba Server) Anonymous login successful Server Comment ---- WorkgroupMaster ---- rishi:/var/log/samba # smbclient -L localhost -U Administrator Password: Sharename Type Comment - --- IPC$ IPC IPC Service (rishi Samba Server) ADMIN$ IPC IPC Service (rishi Samba Server) Administrator Disk Home Directories Server Comment ---- WorkgroupMaster ---- Here is my smb.conf file === rishi:/var/log/samba # cat /etc/samba/smb.conf | grep -v ^[#;] | grep -v ^$ [global] passdb backend = ldapsam ldap suffix = dc=sfgroup,dc=com ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap admin dn = cn=Manager,dc=sfgroup,dc=com ldap ssl = no passwd chat debug = Yes passwd program =/usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g workgroup = TECHGROUP server string = rishi Samba Server netbios name = rishi printcap name = cups load printers = yes printing = cups log file = /var/log/samba/%m.log log level = 3 max log size = 5000 security = user null passwords = yes encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 22 domain master = yes preferred master = yes domain logons = yes wins support = yes dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes my ldap data output: # extended LDIF # # LDAPv3 # base with scope sub # filter: (objectclass=*) # requesting: ALL # # sfgroup.com dn: dc=sfgroup,dc=com objectClass: dcObject objectClass: organization dc: sfgroup o: sfgroup # People, sfgroup.com dn: ou=People,dc=sfgroup,dc=com objectClass: organizationalUnit ou: People # Groups, sfgroup.com dn: ou=Groups,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Groups # Computers, sfgroup.com dn: ou=Computers,dc=sfgroup,dc=com objectClass: organizationalUnit ou: Computers # Administrator, People, sfgroup.com dn: uid=Administrator,ou=People,dc=sfgroup,dc=com cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount uid: Administrator homeDirectory: /home sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\_PDCNAME_\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ loginShell: /bin/false gecos: Netbios Domain Administrator gidNumber: 512 sambaSID: S-1-5-21-3516781642-1962875130-3438800523-1000 sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-512 uidNumber: 0 sambaLMPassword: 78BCCAEE08C90E29AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: F9E37E83B83C47A93C2F09F66408631B sambaPwdLastSet: 1072410384 sambaPwdMustChange: 1076298384 userPassword:: e1NTSEF9SjYzTUdRZFlCK3FJMEhFTHVCTmg1RWhmTUF5aVl3bXo= # nobody, People, sfgroup.com dn: uid=nobody,ou=People,dc=sfgroup,dc=com cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\_PDCNAME_\homes sambaHomeDrive: _HOMEDRIVE_ sambaProfilePath: \\_PDCNAME_\profiles\ sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514 sambaLMPassword: NO PASSWORDX
Re: [Samba] Samba 3.0.1 not listing workgroup and host name
you right nmbd is not runnig # smbclient -L localhost Password: Anonymous login successful Sharename Type Comment - --- IPC$ IPC IPC Service (rishi Samba Server) ADMIN$ IPC IPC Service (rishi Samba Server) Anonymous login successful Server Comment ---- RISHIrishi Samba Server WorkgroupMaster ---- TECHGROUP Thanks for your help -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you given it time for the WINS cache to activate (Can take up to 15 mins)? Is nmbd running? - -Tom [EMAIL PROTECTED] wrote: | Hi all, | | | I am using samba 3.0.1 LDAP PDC on suse 8.2. smbclinet command is not | listing domain ( work group name). Here is the output smbclient command. | | rishi:/var/log/samba # smbclient -L localhost | Password: | Anonymous login successful | | Sharename Type Comment | - --- | IPC$ IPC IPC Service (rishi Samba Server) | ADMIN$ IPC IPC Service (rishi Samba Server) | Anonymous login successful | | Server Comment | ---- | | WorkgroupMaster | ---- | rishi:/var/log/samba # smbclient -L localhost -U Administrator | Password: | | Sharename Type Comment | - --- | IPC$ IPC IPC Service (rishi Samba Server) | ADMIN$ IPC IPC Service (rishi Samba Server) | Administrator Disk Home Directories | | Server Comment | ---- | | WorkgroupMaster | ---- | | | Here is my smb.conf file | === | rishi:/var/log/samba # cat /etc/samba/smb.conf | grep -v ^[#;] | grep -v | ^$ | [global] | passdb backend = ldapsam | ldap suffix = dc=sfgroup,dc=com | ldap user suffix = ou=People | ldap group suffix = ou=Groups | ldap machine suffix = ou=Computers | ldap admin dn = cn=Manager,dc=sfgroup,dc=com | ldap ssl = no | passwd chat debug = Yes | passwd program =/usr/local/bin/smbldap-passwd.pl -o %u | passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* | socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 | add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m | add user script = /usr/local/sbin/smbldap-useradd.pl -a %u | delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u | add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g | delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g | add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u | -g %g | delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u | %u -g %g | set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u | -gid %g |workgroup = TECHGROUP |server string = rishi Samba Server |netbios name = rishi |printcap name = cups |load printers = yes |printing = cups |log file = /var/log/samba/%m.log | log level = 3 |max log size = 5000 |security = user | null passwords = yes | encrypt passwords = yes |socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 |local master = yes |os level = 22 |domain master = yes |preferred master = yes |domain logons = yes |wins support = yes |dns proxy = no | [homes] |comment = Home Directories |browseable = no |writable = yes | [printers] |comment = All Printers |path = /var/spool/samba |browseable = no |guest ok = no |writable = no |printable = yes | | my ldap data output: | # extended LDIF | # | # LDAPv3 | # base with scope sub | # filter: (objectclass=*) | # requesting: ALL | # | | # sfgroup.com | dn: dc=sfgroup,dc=com | objectClass: dcObject | objectClass: organization | dc: sfgroup | o: sfgroup | | # People, sfgroup.com | dn: ou=People,dc=sfgroup,dc=com | objectClass: organizationalUnit | ou: People | | # Groups, sfgroup.com | dn: ou=Groups,dc=sfgroup,dc=com | objectClass: organizationalUnit | ou: Groups | | # Computers, sfgroup.com | dn: ou=Computers,dc=sfgroup,dc=com | objectClass: organizationalUnit | ou: Computers | | # Administrator, People, sfgroup.com | dn: uid=Administrator,ou=People,dc=sfgroup,dc=com | cn: Administrator | sn: Administrator | objectClass: inetOrgPerson | objectClass: sambaSAMAccount | objectClass: posixAccount | uid: Administrator | homeDirectory: /home | sambaLogonTime: 0 | sambaLogoffTime: 2147483647 | sambaKickoffTime: 2147483647 | sambaPwdCanChange: 0 | sambaHomePath:
[Samba] Samba 3.0.1 Fedora Linux compilation error
Hi, I am getting following error message, when compiling samba 3.0.1 source rpm on fedora Linux. I was able to compile samba 3.0.0 successfully. Error message: rpmbuild -ba samba.spec Compiling rpc_parse/parse_misc.c with -fPIC Compiling libsmb/unexpected.c with -fPIC_wins.so debug2html Compiling libsmb/namecache.c with -fPIC Compiling libsmb/nmblib.c with -fPIC Compiling libsmb/namequery.c with -fPIC Compiling libsmb/conncache.c with -fPIC Compiling libads/kerberos.c with -fPIC libads/kerberos.c: In function `kerberos_kinit_password': libads/kerberos.c:84: warning: passing arg 6 of `krb5_get_init_creds_password' iscards qualifiers from pointer target type Linking nsswitch/libnss_wins.so collect2: ld returned 1 exit status make: *** [nsswitch/libnss_wins.so] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.18912 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.18912 (%build) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 Adding domain info for GLOBE failed with NT_STATUS_UNSUCCESSFUL
Hi all, I am getting following error message when I start the samba process ( LDAP samba 3 PDC). I was able to add a new computer and login to domain without any problem. How will i fix this error message. # cat smbd.log [2003/12/21 09:05:25, 0] smbd/server.c:main(747) smbd version 3.0.0-15 started. Copyright Andrew Tridgell and the Samba Team 1992-2003 [2003/12/21 09:05:31, 0] lib/smbldap.c:smbldap_search_domain_info(1314) Adding domain info for GLOBE failed with NT_STATUS_UNSUCCESSFUL # testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = GLOBE netbios name = SPAIS server string = spais Samba Server null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m domain logons = Yes os level = 22 preferred master = Yes local master = No domain master = Yes dns proxy = No wins support = Yes ldap suffix = dc=percomsolutions,dc=com ldap machine suffix = ou=Computers,dc=percomsolutions,dc=com ldap user suffix = ou=People,dc=percomsolutions,dc=com ldap group suffix = dc=percomsolutions,dc=com ldap idmap suffix = dc=percomsolutions,dc=com ldap admin dn = cn=Manager,dc=percomsolutions,dc=com ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sun Developer Feedback
Hello, Thank you for your interest in Sun products and technologies and for taking the time to write. If you are seeking technical support or coding help, please see the options listed here: http://www.sun.com/developers/support/ This email alias is no longer being monitored. We are now using a central feedback form to gather your comments and questions about the website. http://wwws.sun.com/contact/developer_feedback.jsp Your comments are important to us and help us improve our website and other services. However, due to the amount of mail that we receive, we will not be able to send individual responses to each email. Sincerely, Sun Developer Web Team -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Email alias no longer in use
Thanks for taking the time to write us. In order to eliminate the copious amounts of spam these aliases have received (in addition to your valuable comments) we are switching to form based input. Please submit your comments using our feedback form at http://java.sun.com/docs/forms/awt-sendusmail.html We will read each and every report that is submitted through this form. We appreciate you taking the time to fill out this form and look forward to reading your comments. Thank you, The AWT Team -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Repeated Smb Log Messages
Hi, Does anyone know what the following repeated smb log messages mean? or know how to check it? I got these messages repeated from time to time in my log.smb file. 2002/11/02 14:28:19, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 14:43:24, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 14:44:05, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 14:53:22, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 14:53:58, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 16:09:30, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 16:17:08, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close [2002/11/02 17:42:44, 0] smbd/dir.c:dptr_close(280) Invalid key 0 given to dptr_close I would appreciate any help. Thanks. Will Sun -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
