[Samba] Domain account policies
Hi. I'm using samba 3.4.3. if I set my domain account policies with pdbedit (for example: min password length 8, password history 4 and maximum password age 90 days), is it possible to change this default policies for some users ? Thanks, Marcelo H. Terres mhter...@gmail.com ICQ: 6649932 MSN: mhter...@hotmail.com Jabber: mhter...@jabber.org http://twitter.com/mhterres http://identi.ca/mhterres http://mundoopensource.blogspot.com/ http://www.propus.com.br Sent from Porto Alegre, RS, Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Domain Account Lock
When a certain user tries to access shared folder provided by Samba,
his account is always locked. I can't figure out where the problem is.
Please help.
--Masahiko
Detail:
We're using Active Directory by Windows 2000 Servers and use it
for samba's authentication.
When a certain domain user, say, MYDOMAIN\user1, tries to access to
the remote resource \\LINUX1\user1 on a Linux server from his
Windows XP PC (PC1), a pop-up window shows up and he types
his account and password, but he always fails to access due to
the account lock.
His account was not locked when he tried to access to the remote resource,
but now his account is locked. I'm sure his account and password are
correct.
I look for the logs stored in /var/log/samba, but I can't find any
access log
from PC1.
However,
1) MYDOMAIN\user1 can access to PC1 using ssh or ftp
2) MYDOMAIN\user1 can access to shared folders \\PC2\shared or etc, in
Windows Servers (PC2)
3) MYDOMAIN\user1 can access \\LINUX1\user1 from another PC (PC3)
4) Another user MYDOMAIN\user2 can use remote resource from PC1.
In short, it causes problem only when MYDOMAIN\user1 tries to access
from PC1 to the remote resources
provided by samba.
Enviroment:
Dc1, dc2: windows 2000 server
Linux1 : Fedora Core 4 (x86_64) + kernel 2.6.17 + samba 3.0.22c
PC2 : Windows 2000 Server
PC1, PC3 : Windows XP SP2
=
Smb.conf
=
[global]
netbios name = LINUX1
workgroup = MYDOMAIN
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = ads
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dns proxy = no
idmap uid = 1000-2000
idmap gid = 1000-2000
idmap backend = idmap_rid:MYDOMAIN=1000-2000
allow trusted domains = No
template shell = /bin/bash
password server = dc1 dc2
winbind use default domain = no
realm = MYDOMAIN
[homes]
comment = Home Directories
browseable = no
writable = yes
===
/etc/krb5.conf
=
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
MYDOMAIN = {
kdc = dc2
kdc = dc1
}
[domain_realm]
.mydomain = .MYDOMAIN
mydomain.com = MYDOMAIN
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Craig Greats..!! It's works now, and I can sleep well tonight...:) Thanks for your bright explanations, it's so helpful to me. Many Thanks, Dede Nurmansyah -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 11:54 AM To: Dede NURMANSYAH Cc: [EMAIL PROTECTED] Subject:RE: [Samba] Domain account Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain account
Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain account
Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Regards, Dede Nurmansyah -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 10:49 AM To: Dede NURMANSYAH; [EMAIL PROTECTED] Subject:Re: [Samba] Domain account Hi Dede, Just to confirm. You are logged onto the workstation as local administrator (or a local account with admin privileges) correct? Then you try to join the domain and when it asks you for the username password you use root and the root password yes? Have you added the root user in your samba password database with smbpasswd? This usually works pretty easily and I don't understand why you would get that error. Greg On Tuesday 16 December 2003 23:35, Dede NURMANSYAH wrote: Dear All, Sorry if this question has been posted before but there's no enough answer to solved my problem and I'm going crazy because of it:( I'm currently installed Samba-2.2.8a as logon server on My FreeBSD 5.0. For Win 9.X client there's no problem at all. But when I tried to joining W2K client into samba domain it's shown an error message such as : the account used is a computer account. use your global user account or local user account to access this server I've already used root account to joining W2K client into my Samba Server and already put @wheel in domain admin group on my smb.conf too. Before that I've already added machine account using vipw into my passwd file. I hope there's anybody who could show me the missing part that I've forgot. Sorry if my English makes you confused. :) Regards, Dede Nurmansyah Here's my global part of smb.conf [global] workgroup = NIX netbios name = FreeBSD server string = Samba 2.2.8a on FreeBSD 5.0 encrypt passwords = yes domain admin group = @wheel, @smbuser domain logons = yes os level = 65 preferred master = yes domain master = yes wins proxy = yes wins support = yes -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
On Tue, 2003-12-16 at 22:10, Dede NURMANSYAH wrote: Hi Greg, Thanks for your response :) Yes, I'm logged onto workstation as local administrator and when the system asked username and password, I put root username and root password. I've also added root account into samba password database using smbpasswd -a root I don't have any idea about this problem, because I'm sure enough that all steps I made is correct and it has been my problem since 3 month ago. And now I'm really give up and little stress. Perhaps anybody could give me advise. Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
