[Samba] Domain account policies
Hi. I'm using samba 3.4.3. if I set my domain account policies with pdbedit (for example: min password length 8, password history 4 and maximum password age 90 days), is it possible to change this default policies for some users ? Thanks, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Account Lock
When a certain user tries to access shared folder provided by Samba, his account is always locked. I can't figure out where the problem is. Please help. --Masahiko Detail: We're using Active Directory by Windows 2000 Servers and use it for samba's authentication. When a certain domain user, say, MYDOMAIN\user1, tries to access to the remote resource \\LINUX1\user1 on a Linux server from his Windows XP PC (PC1), a pop-up window shows up and he types his account and password, but he always fails to access due to the account lock. His account was not locked when he tried to access to the remote resource, but now his account is locked. I'm sure his account and password are correct. I look for the logs stored in /var/log/samba, but I can't find any access log from PC1. However, 1) MYDOMAIN\user1 can access to PC1 using ssh or ftp 2) MYDOMAIN\user1 can access to shared folders \\PC2\shared or etc, in Windows Servers (PC2) 3) MYDOMAIN\user1 can access \\LINUX1\user1 from another PC (PC3) 4) Another user MYDOMAIN\user2 can use remote resource from PC1. In short, it causes problem only when MYDOMAIN\user1 tries to access from PC1 to the remote resources provided by samba. Enviroment: Dc1, dc2: windows 2000 server Linux1 : Fedora Core 4 (x86_64) + kernel 2.6.17 + samba 3.0.22c PC2 : Windows 2000 Server PC1, PC3 : Windows XP SP2 = Smb.conf = [global] netbios name = LINUX1 workgroup = MYDOMAIN server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ads encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx dns proxy = no idmap uid = 1000-2000 idmap gid = 1000-2000 idmap backend = idmap_rid:MYDOMAIN=1000-2000 allow trusted domains = No template shell = /bin/bash password server = dc1 dc2 winbind use default domain = no realm = MYDOMAIN [homes] comment = Home Directories browseable = no writable = yes === /etc/krb5.conf = [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com } MYDOMAIN = { kdc = dc2 kdc = dc1 } [domain_realm] .mydomain = .MYDOMAIN mydomain.com = MYDOMAIN [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Craig Greats..!! It's works now, and I can sleep well tonight...:) Thanks for your bright explanations, it's so helpful to me. Many Thanks, Dede Nurmansyah -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 11:54 AM To: Dede NURMANSYAH Cc: [EMAIL PROTECTED] Subject:RE: [Samba] Domain account Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain account
Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain account
Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Regards, Dede Nurmansyah -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 10:49 AM To: Dede NURMANSYAH; [EMAIL PROTECTED] Subject:Re: [Samba] Domain account Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
On Tue, 2003-12-16 at 22:10, Dede NURMANSYAH wrote: Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba