subject:"\[Samba\] Member Server in Active Directory"

[Samba] Member Server in Active Directory

2004-06-17 Thread M Maki

Getting closer. Thank you Daniel Ramaley for your advice below, I now get 

# net ads join -U myadminaccount PWR\Mediterranean  Coast 
Network\SAMO\Computers
myadminaccount's password:
[2004/06/17 12:36:22, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for inpsamo-debian already exists - modifying old account

and then it hangs. Watching with ethereal it hangs when my host transmits a 
kpasswd Request (port 464 Kerberos password changing protocol) to one of the 
domain controllers. kinit still seems to grant a valid ticket for the realm.

Any other ideas?

 Well, there has been no response to this problem yet. However, i have 
 stumbled upon the solution myself. I am posting it in the hope that the 
 solution is archived so others may see it.
 
 As previously posted, this command gives an error:
 # /usr/local/samba/bin/net ads join -U Cowles-Admin
 Cowles-Admin's password: 
 [2004/06/16 09:49:33, 0] libads/ldap.c:ads_add_machine_acct(1006)
   Host account for cowl-backup already exists - modifying old
 account
 [2004/06/16 09:49:33, 0] libads/ldap.c:ads_join_realm(1336)
   ads_add_machine_acct: No such object
 ads_join_realm: No such object
 
 However, if the OU that the pre-existing machine account is appended to 
 the command line, it works:
 # /usr/local/samba/bin/net ads join -U Cowles-Admin \
 Cowles Library\Computers\testing
 Cowles-Admin's password: 
 [2004/06/16 09:51:21, 0] libads/ldap.c:ads_add_machine_acct(1006)
   Host account for cowl-backup already exists - modifying old
 account
 Using short domain name -- DRAKE
 Joined 'COWL-BACKUP' to realm 'DRAKE.EDU'
 
 I haven't done any testing yet, but so far it looks OK.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Member Server in Active Directory

2004-06-16 Thread Daniel Ramaley

Well, there has been no response to this problem yet. However, i have 
stumbled upon the solution myself. I am posting it in the hope that the 
solution is archived so others may see it.

As previously posted, this command gives an error:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password: 
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for cowl-backup already exists - modifying old
account
[2004/06/16 09:49:33, 0] libads/ldap.c:ads_join_realm(1336)
  ads_add_machine_acct: No such object
ads_join_realm: No such object

However, if the OU that the pre-existing machine account is appended to 
the command line, it works:
# /usr/local/samba/bin/net ads join -U Cowles-Admin \
Cowles Library\Computers\testing
Cowles-Admin's password: 
[2004/06/16 09:51:21, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for cowl-backup already exists - modifying old
account
Using short domain name -- DRAKE
Joined 'COWL-BACKUP' to realm 'DRAKE.EDU'

I haven't done any testing yet, but so far it looks OK.

On Tuesday 15 June 2004 09:31 am, Daniel Ramaley wrote:
I have a very similar problem. I just joined the list yesterday with
 the intent of asking about it, after failure to find a solution via
 Google. Here's the info on the problem:

I have Samba 3.0.4 compiled from source running on OpenBSD 3.5.
Cowles-Admin is the name of a user that has administrative access to
 an OU. I do not have administrator access to the entire Active
 Directory tree. I created a computer account in Active Directory
 called cowl-backup that the Samba server should use.

For now i've been working with a fairly simple smb.conf:
[global]
workgroup = DRAKE
realm = DRAKE.EDU
netbios name = cowl-backup
security = ads
password server = *
encrypt passwords = yes
private dir = /etc/samba/private

I believe i have Kerberos set up correctly since the command
# /usr/local/kerberos/bin/kinit [EMAIL PROTECTED]
runs just fine and after running it i can use smbclient to browse
 shares without bring prompted for a password. For example, this
 command to connect to Cowles-Admin's profile share works correctly:
# /usr/local/samba/bin/smbclient '\\Cowles-Library\Cowles-Admin' \
  -U Cowles-Admin -k

I've created an account for the computer (cowl-backup) in AD. When i
 try to join i get an error. Here's what happens:
# /usr/local/samba/bin/net ads join -U Cowles-Admin
Cowles-Admin's password:
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_add_machine_acct(1006)
  Host account for cowl-backup already exists - modifying old
account
[2004/06/14 09:56:02, 0] libads/ldap.c:ads_join_realm(1336)
  ads_add_machine_acct: No such object
ads_join_realm: No such object
Using Google i was able to find a few others who had this problem, but
no solution. If anyone here knows how to fix this, i would appreciate
knowing about it. Thanks in advance.

On Monday 14 June 2004 05:50 pm, M Maki wrote:
I'm trying to join a  Samba 3.0.4 (compiled from source on Debian) to
 an Active Directory as a member server. I believe Kerberos is
 configured correctly as kinit creates a ticket for the realm.
 Executables appear to have support for Kerberos and LDAP (smbd -b |
 grep KRB and grep LDAP) return OK.

When I try to join the AD with
   net ads join -U myadminusername
I'm prompted for my password but then get:
   libads/ldap.c:ads_add_machine_acct(1006)
   Host account for inpsamo-debian already exists - modifying old
 account libads/ldap.c:ads_join_realm(1336)
   ads_add_machine_acct: No such object
   ads_join_realm: No such object

I only have admin rights for an ou of the Active Directory. Here is a
 Windows LDP search of my ou:

ldap_search_s(ld, DC=pwr,DC=int,DC=edited,DC=com, 2, (ou=SAMO),
 attrList, 0, msg)
Result 0: (null)
Matched DNs:

Getting 1 entries:
 Dn: OU=SAMO,OU=Mediterranean Coast

Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com
  2 objectClass: top; organizationalUnit;
  1 ou: SAMO;
  1 description: SAMO;
  1 distinguishedName: OU=SAMO,OU=Mediterranean Coast
Network,OU=PWR,DC=pwr,DC=int,DC=edited,DC=com;
  1 name: SAMO;
  1 canonicalName: pwr.int.edited.com/PWR/Mediterranean Coast
 Network/SAMO;

I guess my question is could it be how my realm is configured
(PWR.INT.EDITED.COM) or what else could keep me from joining the
 directory?

Current smb.conf:
[global]
   unix charset = LOCALE
   workgroup = PWR
   realm = PWR.INT.EDITED.COM
   server string = Samba 3.0.2
   security = ADS
   username map = /etc/samba/smbusers
   log level = 1
   syslog = 0
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = CUPS
   ldap ssl = no
   idmap uid = 1-2
   idmap gid = 1-2
   template primary group = Domain Users
   template shell = /bin/bash
   winbind separator = +
   printing = cups

[homes]
   comment = Home Directories
   valid users

[Samba] Problem with Linux clients of Samba member server in Active Directory environment

2004-04-18 Thread Kalin Krustev

Hello Everyone,
I've started Samba server, that is joined to Active Directory structure
in my office. I'm not starting winbind yet, and now I have some unix
accounts, which are mapped to their corresponding Windows Active
Directory accounts via /etc/samba/smbusers file. I use Kerberos client
for authentication of Windows AD users. On Windows clients, I have no
problems with logging to this samba server and providing access to
shares. But I meet problems with authentication and access to samba from
Linux boxes and, specially, access with Konqueror via smb:// protocol.
When I try to access with smb://salso002/ (salso002 is host name of my
samba server), I can see all shares, but when I click on one of them,
and write the user and password in login window, Konqueror do not accept
user/password pair and show the login windows again. I've tried various
ways of writing user name, such as [EMAIL PROTECTED],
MYREALM/username, MYREALM\username, when MYREALM is full name of KDC
in Active Directory, but Konqueror answers with messages like Access
denied or The file or directory ... does not exist. The same is
happen even I try access samba with Konqueror on the same machine, samba
is installed. When I use smbclient with -k option on the same machine
where is samba server, I can accessed resources, but via Konqueror, I
can not.
 
I'm asking for your help to solve this problem. 
And, I wondered is it possible Linux machines, that are NOT joined to
Active Directory domain to access the samba server, that is member
server in that domain?

Thank you in advance!
 

My smb.conf file is:

# Global parameters
[global]
unix charset = LOCALE
workgroup = TVGRP.HQ
realm = TVGRP.HQ
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
security = ADS
password server = 192.168.100.50
username map = /etc/samba/smbusers
printcap name = cups
preferred master = No
local master = No
domain master = No
wins server = 192.168.100.50
ldap ssl = no
printing = cups

[ReadOnly]
path = /share/ReadOnly
admin users = kalin
read only = No

[ReadWrite]
path = /share/ReadWrite
read only = No
create mask = 0774
directory mask = 0774

[OwnerRWXGroupRX]
path = /share/OwnerRWXGroupRX
read only = No
create mask = 0754
directory mask = 07755
directory security mask = 0
hide unreadable = Yes




Best regards,
Kalin Krustev
[EMAIL PROTECTED]
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Member Server in Active Directory

Re: [Samba] Member Server in Active Directory

[Samba] Problem with Linux clients of Samba member server in Active Directory environment

3 matches

Site Navigation

Mail list logo

Footer information