RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
The machine accounts will show with the users they will be suffixed with a $. In the LDAP backend I have an SID for the domain name and an SID for the server itself which is not contained in LDAP. Then each computer and each user had two SID's (sambaSID and sambaPrimaryGroupSID) and the groups only have one SID (sambaSID). My discrepancy was in the domain name SID which was different than the servers SID. The groups and users matched the servers SID but the computers matched both the servers SID (sambaPrimaryGroupSID) and the wrong domain name SID from the LDAP entry (sambaSID). When I made all match the servers SID everything started working. I haven't worked with the smbpasswd as a PDC so I'm not sure where all the SID's are stored. -Original Message- From: Stumpfl Markus [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 11:30 PM To: 'Scott Gross' Cc: MailingList_Samba Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Oh, so you are using ldap..., well I'm still working with smbpasswd as backend :-( Anyway, I tried 'net getlocalsid' for the domain-sid - ok Next 'net usersidlist' which should show me the user-sids - didn't work: [2004/03/04 06:40:05, 0, pid=31232, effective(0, 0), real(0, 0)] utils/net_rpc.c:net_usersidlist(2158) Could not get the user/sid list So used 'net user' instead, which then gave me the user list!? What am I missing here? And is there a way to see the machine sids too? Or are they included in the users? Thanks in advance, Markus -Ursprüngliche Nachricht- Von: Scott Gross [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 03. März 2004 18:29 An: Stumpfl Markus Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Wichtigkeit: Hoch I use a little windows gui program called LDAP browser to look at my LDAP entries and I was just looking through the entries at the SID's since someone suggested it might be an SID problem and noticed the discrepancy on the domain name entry. I changed it to match all the others just to see if it would have any effect and wallah it worked. -Original Message- From: Stumpfl Markus [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 10:52 PM To: 'Scott Gross' Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Thx, but how did you find out? With what commands? Sry for the stupid questions, but I'm kinda knew to samba. Thanks in advance, Stumpfl Markus -Ursprüngliche Nachricht- Von: Scott Gross [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 02. März 2004 18:14 An: Stumpfl Markus; Scott Gross Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble I got mine working it was SID mismatch. The Domain name SID was different from the server and the users. -Original Message- From: Stumpfl Markus [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 11:22 PM To: 'Scott Gross' Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Do you get the problem (when trying domain logon): invalid password or domain? I've got the same prob... I'll tell you, when it's working and vice versa, hopefully ;-) Stumpfl Markus -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Scott Gross Gesendet: Freitag, 27. Februar 2004 18:25 An: [EMAIL PROTECTED] Betreff: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log
AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
Oh, so you are using ldap..., well I'm still working with smbpasswd as backend :-( Anyway, I tried 'net getlocalsid' for the domain-sid - ok Next 'net usersidlist' which should show me the user-sids - didn't work: [2004/03/04 06:40:05, 0, pid=31232, effective(0, 0), real(0, 0)] utils/net_rpc.c:net_usersidlist(2158) Could not get the user/sid list So used 'net user' instead, which then gave me the user list!? What am I missing here? And is there a way to see the machine sids too? Or are they included in the users? Thanks in advance, Markus -Ursprüngliche Nachricht- Von: Scott Gross [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 03. März 2004 18:29 An: Stumpfl Markus Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Wichtigkeit: Hoch I use a little windows gui program called LDAP browser to look at my LDAP entries and I was just looking through the entries at the SID's since someone suggested it might be an SID problem and noticed the discrepancy on the domain name entry. I changed it to match all the others just to see if it would have any effect and wallah it worked. -Original Message- From: Stumpfl Markus [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 10:52 PM To: 'Scott Gross' Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Thx, but how did you find out? With what commands? Sry for the stupid questions, but I'm kinda knew to samba. Thanks in advance, Stumpfl Markus -Ursprüngliche Nachricht- Von: Scott Gross [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 02. März 2004 18:14 An: Stumpfl Markus; Scott Gross Betreff: RE: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble I got mine working it was SID mismatch. The Domain name SID was different from the server and the users. -Original Message- From: Stumpfl Markus [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 11:22 PM To: 'Scott Gross' Subject: AW: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble Do you get the problem (when trying domain logon): invalid password or domain? I've got the same prob... I'll tell you, when it's working and vice versa, hopefully ;-) Stumpfl Markus -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Scott Gross Gesendet: Freitag, 27. Februar 2004 18:25 An: [EMAIL PROTECTED] Betreff: [Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g% delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j - u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m - u %u -gid %g add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m logon script = logon.bat logon path = logon drive = domain logons = Yes os level = 22 preferred master = Yes domain master = Yes wins support = Yes
[Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g% delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m logon script = logon.bat logon path = logon drive = domain logons = Yes os level = 22 preferred master = Yes domain master = Yes wins support = Yes wins proxy = No ldap suffix = dc=test,dc=com ldap machine suffix = ou=_COMPUTERS_ ldap user suffix = ou=_USERS_ ldap group suffix = ou=_GROUPS_ ldap admin dn = cn=Manager,dc=test,dc=com ldap ssl = No ldap passwd sync = yes comment = Samba-PDC Server public = No browseable = Yes writable = No client schannel = No server schannel = No client signing = No server signing = No [netlogon] path = /usr/local/samba/lib/netlogon read only = Yes write list = ntadmin locking = No [tmp] path = /tmp guest ok = Yes read only = Yes [profiles] path = /profiles read only = No writable = Yes create mask = 0600 directory mask = 0700 [homes] comment = Home Directories browsable = no writeable = yes valid users = %S create mask = 0700 directory mask = 0700 hide dot files = yes testparm -v (output) # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = FIFEDEV realm = afs username map = netbios name = DEV netbios aliases = netbios scope = server string = Samba 3.0.1 interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = No server schannel = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = Yes obey pam restrictions = No password server = * smb passwd file = /usr/local/samba/private/smbpasswd private dir = /usr/local/samba/private passdb backend = ldapsam algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes passwd chat timeout = 2 username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1
[Samba] SAMBA 3 as PDC - W2K/WXP Pro logon trouble
I have a Samba 3 PDC running with an LDAP backend on Red Hat 8. All authentication appears to be working correctly but I can't login to the domain from a W2K or WXP Pro workstation after I have successfully joined them to the domain. If I login locally to the workstation I can browse the Samba shares just fine. I have checked the schannel and sign or seal settings on both the workstations and the server and made sure they were set to disable but still no luck. Can anyone give me any ideas on how to solve this problem. TIA Scott Smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/25 10:42:04 # Global parameters [global] workgroup = FIFEDEV netbios name = Dev null passwords = Yes passdb backend = ldapsam passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* passwd chat debug = Yes log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g% delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m logon script = logon.bat logon path = logon drive = domain logons = Yes os level = 22 preferred master = Yes domain master = Yes wins support = Yes wins proxy = No ldap suffix = dc=test,dc=com ldap machine suffix = ou=_COMPUTERS_ ldap user suffix = ou=_USERS_ ldap group suffix = ou=_GROUPS_ ldap admin dn = cn=Manager,dc=test,dc=com ldap ssl = No ldap passwd sync = yes comment = Samba-PDC Server public = No browseable = Yes writable = No client schannel = No server schannel = No client signing = No server signing = No [netlogon] path = /usr/local/samba/lib/netlogon read only = Yes write list = ntadmin locking = No [tmp] path = /tmp guest ok = Yes read only = Yes [profiles] path = /profiles read only = No writable = Yes create mask = 0600 directory mask = 0700 [homes] comment = Home Directories browsable = no writeable = yes valid users = %S create mask = 0700 directory mask = 0700 hide dot files = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
