subject:"\[Samba\] Samba and Active Directory"

[Samba] SaMBa and Active Directory Functional Level

2013-04-09 Thread F. David del Campo Hill

Hi all,

We have an Active Directory domain with two Windows Server 2008 R2
domain controllers, but our domain functional level is still Windows Server
2003. We would like to raise the functional level to Windows Server 2008
R2, but due to the age of some of our SaMBa installations, I would like to
know which is the earliest version of SaMBa which supported Active Directory
at the Windows Server 2008 R2 functional level.
Raising the functional level is irreversible, and one of the SaMBa
installations is on a SUN (now Oracle) server running a version of SaMBa
(3.6.8) which is unlikely to be upgraded anytime soon; so if it turns out to
be incompatible, we will be in deep trouble.

Thank you for your help.

Yours,

David del Campo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba with Active directory integration problem

2012-07-12 Thread Heather Choi


What is the lwopen idmap backend? First I've heard of that one:-)

Also, why are you setting your homedir template as /dev/null, and yet 
shell as /bin/true? That's pretty goofy..=-O


On 07/10/2012 07:20 AM, velusamy Krishnan wrote:

Hi,
I have followed the all the steps given, in
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto.  to
integrate the samba with active directory.

I have the following configuration file,
[global]
 workgroup = ASSURANCE
 security = ads
 realm = ASSURANCE.LOCAL
 encrypt passwords = yes
 winbind separator =  +
 idmap backend = lwopen
 idmap uid = 1-2
 idmap gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes
 template homedir = /dev/null
 template shell = /bin/true


[adshare]
 path = */home/velusamy/Pictures/*
 writable = yes
 valid users = ASSURANCE+velu
 browseable = yes

Now, executed the smb-clinet.
 smbclient //192.168.5.136/adshare -U velu
It asked password, given, it connected to the share.

But, I was unable to access the share form different machine which is
connected in the same network.
It said the following error.
 smbclient //192.168.5.136/adshare -U velu
 Enter velu's password:
 session setup failed: NT_STATUS_LOGON_FAILURE
Kindly anyone please help me out form this problem.. I could not solve this
issue for las two days. Please help me out.


Thanks,
Velusamy.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba with Active directory integration problem

2012-07-10 Thread velusamy Krishnan

Hi,
   I have followed the all the steps given, in
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto.  to
integrate the samba with active directory.

I have the following configuration file,
[global]
workgroup = ASSURANCE
security = ads
realm = ASSURANCE.LOCAL
encrypt passwords = yes
winbind separator =  +
idmap backend = lwopen
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /dev/null
template shell = /bin/true


[adshare]
path = */home/velusamy/Pictures/*
writable = yes
valid users = ASSURANCE+velu
browseable = yes

Now, executed the smb-clinet.
smbclient //192.168.5.136/adshare -U velu
It asked password, given, it connected to the share.

But, I was unable to access the share form different machine which is
connected in the same network.
It said the following error.
smbclient //192.168.5.136/adshare -U velu
Enter velu's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Kindly anyone please help me out form this problem.. I could not solve this
issue for las two days. Please help me out.


Thanks,
Velusamy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba with Active directory integration problem

2012-07-10 Thread velusamy Krishnan

Hi,
   I have followed the all the steps given, in
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto.  to
integrate the samba with active directory.

I have the following configuration file,
[global]
workgroup = ASSURANCE
security = ads
realm = ASSURANCE.LOCAL
encrypt passwords = yes
winbind separator =  +
idmap backend = lwopen
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /dev/null
template shell = /bin/true


[adshare]
path = */home/velusamy/Pictures/*
writable = yes
valid users = ASSURANCE+velu
browseable = yes

Now, executed the smb-clinet.
smbclient //192.168.5.136/adshare -U velu
It asked password, given, it connected to the share.

But, I was unable to access the share form different machine which is
connected in the same network.
It said the following error.
smbclient //192.168.5.136/adshare -U velu
Enter velu's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Kindly anyone please help me out form this problem.. I could not solve this
issue for las two days. Please help me out.


Thanks,
Velusamy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba with Active directory integration problem

2012-07-02 Thread Velusamy.K


Hi,
   I have followed the all the steps given, in 
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto.  to 
integrate the samba with active directory.


I have the following configuration file,
[global]
workgroup = ASSURANCE
security = ads
realm = ASSURANCE.LOCAL
encrypt passwords = yes
winbind separator =  +
idmap backend = lwopen
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /dev/null
template shell = /bin/true


[adshare]
path = /home/velusamy/Pictures/
writable = yes
valid users = ASSURANCE+velu
browseable = yes

Now, executed the smb-clinet.
smbclient //192.168.5.136/adshare -U velu
It asked password, given, it connected to the share.

But, I was unable to access the share form different machine which is 
connected in the same network.

It said the following error.
smbclient //192.168.5.136/adshare -U velu
Enter velu's password:
session setup failed: NT_STATUS_LOGON_FAILURE
Kindly anyone please help me out form this problem.. I could not solve 
this issue for las two days. Please help me out.



Thanks,
Velusamy.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and Active Directory 2008

2011-07-13 Thread Keith

Yeah, i've got files/compat and winbind in the nssconfig.conf file, still
cant get it to pull the UID from active directory. I'm going to keep trying
various options, but if anyone had any suggestions that would be great

Thanks

On Tue, Jul 12, 2011 at 3:43 AM, Puyal Tolosa, Noé npu...@valls.cat wrote:

 The important part is that you insert winbind keyword just after the files
 keyword

 -Missatge original-
 De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
 En
 nom de Keith
 Enviat: lunes, 11 de julio de 2011 17:33
 Per a: samba@lists.samba.org
 Tema: Re: [Samba] Samba and Active Directory 2008

 Yeah, but i'm not using compat, but files. Not sure if it makes a big
 difference?

 Thanks

 On Mon, Jul 11, 2011 at 10:06 AM, Robert Freeman-Day
 pres...@gmail.comwrote:

  Have you also edited your /etc/nsswitch.conf file to pull those
  entries properly?  You should at least have it looking like below:
 
passwd: compat winbind
group:  compat winbind
shadow: compat

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and Active Directory 2008

2011-07-12 Thread Puyal Tolosa , Noé

The important part is that you insert winbind keyword just after the files
keyword

-Missatge original-
De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] En
nom de Keith
Enviat: lunes, 11 de julio de 2011 17:33
Per a: samba@lists.samba.org
Tema: Re: [Samba] Samba and Active Directory 2008

Yeah, but i'm not using compat, but files. Not sure if it makes a big
difference?

Thanks

On Mon, Jul 11, 2011 at 10:06 AM, Robert Freeman-Day
pres...@gmail.comwrote:

 Have you also edited your /etc/nsswitch.conf file to pull those 
 entries properly?  You should at least have it looking like below:

   passwd: compat winbind
   group:  compat winbind
   shadow: compat


smime.p7s
Description: S/MIME cryptographic signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and Active Directory 2008

2011-07-11 Thread Keith

I was wondering if anyone has had any luck getting samba working with a
Windows 2008 domain? I've got mine working for the most part except for UID
lookups. I've got identity management for unix installed on on the windows
box and have several users configured with custom home directories, login
shell, and UID on the Unix attributes tab. My samba server is joined to the
domain, wbinfo -u and -g both provide a list of users and groups. When i run
getent passwd i get a list of local users and domain users. With the domain
users it pulls the home directory and login shell just fine from active
directory, but i cant get it to pull the UID.

I've got it setup and working using RID, which is ok, but we would rather
get it working with the UID. I'm using samba version 3.5.4 and here is a
copy of the global settings

workgroup=test
realm=pizza.com
security=ads
password server = password-server.pizza.com
idmap uid = 1 - 2
idmap guid = 1 - 2
idmap backend = rid:pizza.com=1-2
winbind use default domain = yes
winbind enum users = yes
winbind refresh tickets = yes
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
winbind nss info = rfc2307
client ldap sasl wrapping = sign

Any help would be greatly appreciated.

Thanks

Keith
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and Active Directory 2008

2011-07-11 Thread Robert Freeman-Day

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/11/2011 10:09 AM, Keith wrote:
 I was wondering if anyone has had any luck getting samba working with a
 Windows 2008 domain? I've got mine working for the most part except for UID
 lookups. I've got identity management for unix installed on on the windows
 box and have several users configured with custom home directories, login
 shell, and UID on the Unix attributes tab. My samba server is joined to the
 domain, wbinfo -u and -g both provide a list of users and groups. When i run
 getent passwd i get a list of local users and domain users. With the domain
 users it pulls the home directory and login shell just fine from active
 directory, but i cant get it to pull the UID.
 
 I've got it setup and working using RID, which is ok, but we would rather
 get it working with the UID. I'm using samba version 3.5.4 and here is a
 copy of the global settings
 
 workgroup=test
 realm=pizza.com
 security=ads
 password server = password-server.pizza.com
 idmap uid = 1 - 2
 idmap guid = 1 - 2
 idmap backend = rid:pizza.com=1-2
 winbind use default domain = yes
 winbind enum users = yes
 winbind refresh tickets = yes
 client use spnego = yes
 client ntlmv2 auth = yes
 encrypt passwords = yes
 restrict anonymous = 2
 winbind nss info = rfc2307
 client ldap sasl wrapping = sign
 
 Any help would be greatly appreciated.
 
 Thanks
 
 Keith

Have you also edited your /etc/nsswitch.conf file to pull those entries
properly?  You should at least have it looking like below:

   passwd: compat winbind
   group:  compat winbind
   shadow: compat


- -- 


Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4bEVYACgkQup357T5MfTbSqQCcDtAAg1/PR4mc4Q5urgUoOcP4
LCEAn10m5/LFF/Ttvu/13OGYUvD3AbOM
=zDL1
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and Active Directory 2008

2011-07-11 Thread Keith

Yeah, but i'm not using compat, but files. Not sure if it makes a big
difference?

Thanks

On Mon, Jul 11, 2011 at 10:06 AM, Robert Freeman-Day pres...@gmail.comwrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 07/11/2011 10:09 AM, Keith wrote:
  I was wondering if anyone has had any luck getting samba working with a
  Windows 2008 domain? I've got mine working for the most part except for
 UID
  lookups. I've got identity management for unix installed on on the
 windows
  box and have several users configured with custom home directories, login
  shell, and UID on the Unix attributes tab. My samba server is joined to
 the
  domain, wbinfo -u and -g both provide a list of users and groups. When i
 run
  getent passwd i get a list of local users and domain users. With the
 domain
  users it pulls the home directory and login shell just fine from active
  directory, but i cant get it to pull the UID.
 
  I've got it setup and working using RID, which is ok, but we would rather
  get it working with the UID. I'm using samba version 3.5.4 and here is a
  copy of the global settings
 
  workgroup=test
  realm=pizza.com
  security=ads
  password server = password-server.pizza.com
  idmap uid = 1 - 2
  idmap guid = 1 - 2
  idmap backend = rid:pizza.com=1-2
  winbind use default domain = yes
  winbind enum users = yes
  winbind refresh tickets = yes
  client use spnego = yes
  client ntlmv2 auth = yes
  encrypt passwords = yes
  restrict anonymous = 2
  winbind nss info = rfc2307
  client ldap sasl wrapping = sign
 
  Any help would be greatly appreciated.
 
  Thanks
 
  Keith

 Have you also edited your /etc/nsswitch.conf file to pull those entries
 properly?  You should at least have it looking like below:

   passwd: compat winbind
   group:  compat winbind
   shadow: compat


 - --
 

 Robert Freeman-Day

 https://launchpad.net/~presgas
 GPG Public Key:

 http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk4bEVYACgkQup357T5MfTbSqQCcDtAAg1/PR4mc4Q5urgUoOcP4
 LCEAn10m5/LFF/Ttvu/13OGYUvD3AbOM
 =zDL1
 -END PGP SIGNATURE-
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and active Directory

2010-05-14 Thread Andreas Hubert

hi all,

yes the good old topic where most people have a problem with :)

I have a Windows 2003 Active Directory Server und want that users on
this directory are able to login on a Samba Share.
The authentication with wbinfo -a user%password works and I already
joined the domain with
net ads join
I am also able to authenticate as directory user with his directory
password, BUT only if this username also exists in the /etc/passwd file.
Users which username is not in the lokal passwd file cannot login.
I use samba Version 3.0.37 on Solaris 10, here is my smb.conf:

[global]
workgroup = ABC
realm = ABC.DE
server string = Samba Server
security = ADS
map to guest = Bad User
password server = ABCDC01.abc.de ABCDC02.abc.de
use kerberos keytab = Yes
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
os level = 65
local master = No
domain master = No
wins support = Yes
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
winbind use default domain = Yes

[test]
comment = test
path = /test
valid users = ABC+corpus, ABC+ahu
read only = No
[/code]

The user ABC+corpus also exists locally and I am able to logon with his
Directory password on the share, but not with the user ABC+ahu
If I just do
useradd ahu
I am able to logon with this user!
What am I doing wrong? I also want that users from the directory will be
mapped to the local user corpus from the access rights and would do this
with force user = corpus on the share, would this be right?

Thanks for any help


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and active Directory

2010-05-14 Thread Dimitri Yioulos

On Friday 14 May 2010 5:11:20 am Andreas Hubert 
wrote:
 hi all,

 yes the good old topic where most people have a
 problem with :)

 I have a Windows 2003 Active Directory Server
 und want that users on this directory are able
 to login on a Samba Share. The authentication
 with wbinfo -a user%password works and I
 already joined the domain with
 net ads join
 I am also able to authenticate as directory
 user with his directory password, BUT only if
 this username also exists in the /etc/passwd
 file. Users which username is not in the lokal
 passwd file cannot login. I use samba Version
 3.0.37 on Solaris 10, here is my smb.conf:

 [global]
 workgroup = ABC
 realm = ABC.DE
 server string = Samba Server
 security = ADS
 map to guest = Bad User
 password server = ABCDC01.abc.de
 ABCDC02.abc.de use kerberos keytab = Yes
 log file = /var/log/samba/log.%m
 max log size = 50
 time server = Yes
 os level = 65
 local master = No
 domain master = No
 wins support = Yes
 idmap uid = 1-2
 idmap gid = 1-2
 winbind separator = +
 winbind use default domain = Yes

 [test]
 comment = test
 path = /test
 
 read only = No
 [/code]

 The user ABC+corpus also exists locally and I
 am able to logon with his Directory password on
 the share, but not with the user ABC+ahu If I
 just do
 useradd ahu
 I am able to logon with this user!
 What am I doing wrong? I also want that users
 from the directory will be mapped to the local
 user corpus from the access rights and would do
 this with force user = corpus on the share,
 would this be right?

 Thanks for any help




Firstly, did you configure Kerberos properly.  
Nextly, and I could be wrong on this, but I think 
you need to change:

valid users = ABC+corpus, ABC+ahu

to:

valid users = @ABC+corpus @ABC+ahu

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and active Directory

2010-05-14 Thread Dimitri Yioulos

On Friday 14 May 2010 11:28:05 am Dimitri Yioulos 
wrote:
 On Friday 14 May 2010 5:11:20 am Andreas Hubert

 wrote:
  hi all,
 
  yes the good old topic where most people have
  a problem with :)
 
  I have a Windows 2003 Active Directory Server
  und want that users on this directory are
  able to login on a Samba Share. The
  authentication with wbinfo -a user%password
  works and I already joined the domain with
  net ads join
  I am also able to authenticate as directory
  user with his directory password, BUT only if
  this username also exists in the /etc/passwd
  file. Users which username is not in the
  lokal passwd file cannot login. I use samba
  Version 3.0.37 on Solaris 10, here is my
  smb.conf:
 
  [global]
  workgroup = ABC
  realm = ABC.DE
  server string = Samba Server
  security = ADS
  map to guest = Bad User
  password server = ABCDC01.abc.de
  ABCDC02.abc.de use kerberos keytab = Yes
  log file = /var/log/samba/log.%m
  max log size = 50
  time server = Yes
  os level = 65
  local master = No
  domain master = No
  wins support = Yes
  idmap uid = 1-2
  idmap gid = 1-2
  winbind separator = +
  
 
  [test]
  comment = test
  path = /test
 
  read only = No
  [/code]
 
  The user ABC+corpus also exists locally and I
  am able to logon with his Directory password
  on the share, but not with the user ABC+ahu
  If I just do
  useradd ahu
  I am able to logon with this user!
  What am I doing wrong? I also want that users
  from the directory will be mapped to the
  local user corpus from the access rights and
  would do this with force user = corpus on
  the share, would this be right?
 
  Thanks for any help

 Firstly, did you configure Kerberos properly.
 Nextly, and I could be wrong on this, but I
 think you need to change:

 valid users = ABC+corpus, ABC+ahu

 to:

 valid users = @ABC+corpus @ABC+ahu

 Dimitri

 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.


Oops, sorry on the valid users piece.  What I told 
you applies to groups.  But, since you have:

winbind use default domain = Yes

perhaps you only need to specify the user names 
in valid users.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and Active directory groups

2010-05-01 Thread Tharanga Abeyseela (RGA)

Hi list,

I have successfully authenticated active directory users with samba. Now I need 
to create some Active directory security groups and authenticate and redirect 
those users to a specific directory.
Ex:
IT_GROUP -  user x , user y
FIN_group - user a, user b

If the user x , access the samba server, that user will be redirected to the 
specific directory (that's in the samba stanza).

This is my  smb.conf

[global]
workgroup = xxx
realm = xxx.COM
preferred master = no
server string = Samba file and print server
security = ADS
encrypt passwords = yes
password server = *
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
auth methods = winbind
printcap name = cups
printing = cups

[homes]
comment = Home Directories
path = /home/IT
browseable = no
writable = yes
inherit acls = yes
inherit permissions = yes
#valid users = @ADGROUP+domain users
valid users = @ADGROUP+domain test_access1
#create mode = 0664
#directory mode = 0775

[IT]
comment = Home Directories
path = /home/IT
browseable = no
writable = yes
#valid users = @ADGROUP+domain users
directory mode = 0775
valid users = @ADGROUP+domain test_access2
write list = @ADGROUP+domain test_access2
read list = @ADGROUP+domain test_access2


If someone try to access the samba server 
(\\sambaserverfile:///\\sambaserver)  it will  create ADusername directory 
on the server. (user Mary access the server it will create a directory named 
mary automatically ) I need to redirect them to a specific directory based on 
the Active directory group access .

Can someone help to me solve the issue.

Thanks,
Tharanga
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba and active directory groups

2010-05-01 Thread Tharanga Abeyseela (RGA)

Hi list,

I have successfully authenticated active directory users with samba. Now I need 
to create some Active directory security groups and authenticate and redirect 
those users to a specific directory.
Ex:
IT_GROUP -  user x , user y
FIN_group - user a, user b

If the user x , access the samba server, that user will be redirected to the 
specific directory (that's in the samba stanza).

This is my  smb.conf

[global]
workgroup = xxx
realm = xxx.COM
preferred master = no
server string = Samba file and print server
security = ADS
encrypt passwords = yes
password server = *
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
auth methods = winbind
printcap name = cups
printing = cups

[homes]
comment = Home Directories
path = /home/IT
browseable = no
writable = yes
inherit acls = yes
inherit permissions = yes
#valid users = @ADGROUP+domain users
valid users = @ADGROUP+domain test_access1
#create mode = 0664
#directory mode = 0775

[IT]
comment = Home Directories
path = /home/IT
browseable = no
writable = yes
#valid users = @ADGROUP+domain users
directory mode = 0775
valid users = @ADGROUP+domain test_access2
write list = @ADGROUP+domain test_access2
read list = @ADGROUP+domain test_access2


If someone try to access the samba server 
(\\sambaserverfile:///\\sambaserver)  it will  create ADusername directory 
on the server. (user Mary access the server it will create a directory named 
mary automatically ) I need to redirect them to a specific directory based on 
the Active directory group access .

Can someone help to me solve the issue.

Thanks,
Tharanga

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba and active directory groups

2010-05-01 Thread Damien Dye

humm

am assuming that you want a share that is dynamic and that the group
is defined by the primary unix group of the user


if so try adding a share like this.

[group]
comment = my group folder %g
path = /path/to/folder/%g
browseable = yes
writable = yes


--
Damien Dye BSC(hon)



On 29 April 2010 23:55, Tharanga Abeyseela (RGA)
tharanga.abeyse...@rexelga.com.au wrote:

 Hi list,

 I have successfully authenticated active directory users with samba. Now I 
 need to create some Active directory security groups and authenticate and 
 redirect those users to a specific directory.
 Ex:
 IT_GROUP -  user x , user y
 FIN_group - user a, user b

 If the user x , access the samba server, that user will be redirected to the 
 specific directory (that's in the samba stanza).

 This is my  smb.conf

 [global]
 workgroup = xxx
 realm = xxx.COM
 preferred master = no
 server string = Samba file and print server
 security = ADS
 encrypt passwords = yes
 password server = *
 log level = 3
 log file = /var/log/samba/%m
 max log size = 50
 winbind separator = +
 idmap uid = 1-2
 idmap gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes
 auth methods = winbind
 printcap name = cups
 printing = cups

 [homes]
 comment = Home Directories
 path = /home/IT
 browseable = no
 writable = yes
 inherit acls = yes
 inherit permissions = yes
 #valid users = @ADGROUP+domain users
 valid users = @ADGROUP+domain test_access1
 #create mode = 0664
 #directory mode = 0775

 [IT]
 comment = Home Directories
 path = /home/IT
 browseable = no
 writable = yes
 #valid users = @ADGROUP+domain users
 directory mode = 0775
 valid users = @ADGROUP+domain test_access2
 write list = @ADGROUP+domain test_access2
 read list = @ADGROUP+domain test_access2


 If someone try to access the samba server 
 (\\sambaserverfile:///\\sambaserver)  it will  create ADusername 
 directory on the server. (user Mary access the server it will create a 
 directory named mary automatically ) I need to redirect them to a specific 
 directory based on the Active directory group access .

 Can someone help to me solve the issue.

 Thanks,
 Tharanga

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and Active Directory

2009-07-27 Thread tsg

Hi all.

We currently have WinXP users connecting to a RHEL4 samba share
authenticating to active directory. (the WinXP clients are NOT part of the
domain, and are out of our control). It all works fine.

We are now testing a CentOS5 samba share, with the sama domain controller as
before, but the WinXP users must login to the share as DOMAIN\username.  As
long as they prefix the login wth the domain, it works all ok.  But we'd
prefer for this not to happen.

I tried to use the same smb.conf/krb/nsswitch etc, but it seems a lot has
changed.

our RHEL4 runs samba-3.0.10-1.4E.11

our new CentOS5 runs samba-3.0.25c-1.2.el5

What changes do i need to get it working again?

 I'm a bit fuzzy on winbind.. but i did try
 winbind use default domain = Yes

So just to be sure, With samba 3.0.xx could users still authenticate to AD
WITHOUT prefixing the domain like we used to do on RHEL4?

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

FW: [Samba] samba and active directory on win 2003

2008-03-26 Thread Jaan Talvet

Victor, 

I just spent hours searching for the solution to the same problem you
are having using samba version 3.0.25b after an upgrade from version
3.0.10. the resolution for me was posted by Volker Lendecke:


 Make sure that the fully qualified domain name and your host name 
 differ in the sense that you actually have a domain appended.

 Under Linux, hostname and hostname -f need to return different 
 things, hostname -f should preferrably show your AD domain name 
 appended.

 Volker

My /etc/hosts had an alias that made hostname  hostname -r return the
same value.

broken:
127.0.0.1   zelda localhost.localdomain   localhost
172.16.1.29 zelda.ournetwork.org zelda

Works:
127.0.0.1   localhost.localdomain   localhost
172.16.1.29 zelda.ournetwork.org zelda

Hope this helps
-jaan 


-Original Message-
From: Victor Sterpu [mailto:[EMAIL PROTECTED] 
Sent: Saturday, March 08, 2008 3:36 PM
To: samba@lists.samba.org
Subject: [Samba] samba and active directory on win 2003

I use samba Version 3.0.25b-1.el5_1.4.
When I try to join the domain adtest.ro I receive the following error:

[EMAIL PROTECTED] samba]# net ads join -U Administrator
Administrator's password:
Using short domain name -- ADTEST
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'ZIMBRA' in realm 'ADTEST.RO'
Failed to join domain: Type or value exists

In the process of joining the domain samba refers to 
ADTEST-U5HTDLBY.ADTEST.RO instead adtest.ro.
I don't know why but I belive this is the cause of the problem.

hosts.conf contain this:
192.168.1.1 adtest.ro ADTEST-U5HTDLBY.ADTEST.RO

Kerberos authentication is ok:
kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:  returns no error.

samba.conf contains this configuration:
[global]
workgroup = ADTEST
realm = ADTEST.RO
password server = ADTEST-U5HTDLBY.ADTEST.RO
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-2
idmap gid = 600-2
;template primary group = Domain Users
template shell = /bin/bash

[homes]
comment = Home Direcotries
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
printable = yes
guest ok = yes

Thank you.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2008-03-10 Thread Mary Steiner

Hi All-
Is there a way to authenticate samba shares using Active Directory? I don't
want to add the Linux server to AD, I just want to be able to use Active
Directory for the authentication of the Samba shares.

Is there a good how-to?

Thanks,
MS
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2008-03-10 Thread Adam Tauno Williams

 Is there a way to authenticate samba shares using Active Directory? I don't
 want to add the Linux server to AD, I just want to be able to use Active
 Directory for the authentication of the Samba shares.
 Is there a good how-to?

Yes, and yes. See the documentation.  
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/
http://us3.samba.org/samba/docs/man/Samba-Guide/

-- 
Adam Tauno Williams, Network  Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2008-03-10 Thread John H Terpstra

On Monday 10 March 2008 08:03:04 am Mary Steiner wrote:
 Hi All-
 Is there a way to authenticate samba shares using Active Directory? I don't
 want to add the Linux server to AD, I just want to be able to use Active
 Directory for the authentication of the Samba shares.

 Is there a good how-to?

 Thanks,
 MS

Mary,

Could perhaps give us an example in practive (from the user's perspective) how 
this would work?

Please start at the very beginning: A user logs onto ... and then does the 
following to access shares on the Samba server ...

What documents have you referred to understand the issues at heart of the 
question you are asking?

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2008-03-10 Thread Sachin S Ghormade

Hi All,


I am facing one problem  the SMB service is failed. The following is smbd 
log as below


[EMAIL PROTECTED] samba]# tail -f smbd.log
[2008/03/08 23:43:13, 0] smbd/server.c:main(760)
  smbd version 3.0.10-1.4E.12.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2008/03/08 23:43:13, 1] auth/auth_util.c:make_server_info_sam(822)
  User Guest in passdb, but getpwnam() fails!
[2008/03/08 23:44:11, 0] smbd/server.c:main(760)
  smbd version 3.0.10-1.4E.12.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2008/03/08 23:44:11, 1] auth/auth_util.c:make_server_info_sam(822)
  User Guest in passdb, but getpwnam() fails!
[EMAIL PROTECTED] samba]# tail -f smbd.log
[2008/03/08 23:43:13, 0] smbd/server.c:main(760)
  smbd version 3.0.10-1.4E.12.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2008/03/08 23:43:13, 1] auth/auth_util.c:make_server_info_sam(822)
  User Guest in passdb, but getpwnam() fails!
[2008/03/08 23:44:11, 0] smbd/server.c:main(760)
  smbd version 3.0.10-1.4E.12.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2004
[2008/03/08 23:44:11, 1] auth/auth_util.c:make_server_info_sam(822)
  User Guest in passdb, but getpwnam() fails!

Sachin Ghormade
System Operation Lead Specialist
OZONE-1 Pune
[EMAIL PROTECTED]
9766321056





Mary Steiner [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
03/10/2008 06:33 PM

To
samba@lists.samba.org
cc

Subject
[Samba] Samba and Active Directory






Hi All-
Is there a way to authenticate samba shares using Active Directory? I 
don't
want to add the Linux server to AD, I just want to be able to use Active
Directory for the authentication of the Samba shares.

Is there a good how-to?

Thanks,
MS
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2008-03-10 Thread Mary Steiner

Hi John,
Basically this is what I would like to happen:

I have a Windows 2003 Active Directory server and a Fedora Linux server. I
have set up Samba on the Fedora server. I would like for users to be able to
map a Samba share using their login and password from Active Directory.

I have read a lot of posts regarding kerberos, pam and samba, but most of
them involved creating new users on active directory and installing Unix
services on the windows server. I would like to not have to make any changes
to the active directory server, just changes to the linux server.

Any ideas?
Thanks,
MS

On Mon, Mar 10, 2008 at 9:13 AM, Mary Steiner [EMAIL PROTECTED]
wrote:

 Hi John,
 Basically this is what I would like to happen:

 I have a Windows 2003 Active Directory server and a Fedora Linux server. I
 have set up Samba on the Fedora server. I would like for users to be able to
 map a Samba share using their login and password from Active Directory.

 I have read a lot of posts regarding kerberos, pam and samba, but most of
 them involved creating new users on active directory and installing Unix
 services on the windows server. I would like to not have to make any changes
 to the active directory server, just changes to the linux server.

 Any ideas?
 Thanks,
 MS


 On Mon, Mar 10, 2008 at 8:20 AM, John H Terpstra [EMAIL PROTECTED] wrote:

  On Monday 10 March 2008 08:03:04 am Mary Steiner wrote:
   Hi All-
   Is there a way to authenticate samba shares using Active Directory? I
  don't
   want to add the Linux server to AD, I just want to be able to use
  Active
   Directory for the authentication of the Samba shares.
  
   Is there a good how-to?
  
   Thanks,
   MS
 
  Mary,
 
  Could perhaps give us an example in practive (from the user's
  perspective) how
  this would work?
 
  Please start at the very beginning: A user logs onto ... and then does
  the
  following to access shares on the Samba server ...
 
  What documents have you referred to understand the issues at heart of
  the
  question you are asking?
 
  - John T.
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/listinfo/samba
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and active directory on win 2003

2008-03-08 Thread Victor Sterpu


I use samba Version 3.0.25b-1.el5_1.4.
When I try to join the domain adtest.ro I receive the following error:

[EMAIL PROTECTED] samba]# net ads join -U Administrator
Administrator's password:
Using short domain name -- ADTEST
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'ZIMBRA' in realm 'ADTEST.RO'
Failed to join domain: Type or value exists

In the process of joining the domain samba refers to 
ADTEST-U5HTDLBY.ADTEST.RO instead adtest.ro.

I don't know why but I belive this is the cause of the problem.

hosts.conf contain this:
192.168.1.1 adtest.ro ADTEST-U5HTDLBY.ADTEST.RO

Kerberos authentication is ok:
kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:  returns no error.

samba.conf contains this configuration:
[global]
workgroup = ADTEST
realm = ADTEST.RO
password server = ADTEST-U5HTDLBY.ADTEST.RO
preferred master = no
server string = Linux Test Machine
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
idmap uid = 600-2
idmap gid = 600-2
;template primary group = Domain Users
template shell = /bin/bash

[homes]
comment = Home Direcotries
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/cups
browseable = no
printable = yes
guest ok = yes

Thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and ACTIVE DIRECTORY

2008-02-27 Thread Tom Weishaupt

I am trying to join authenticate a linux machine from a Windows 2003 SP2
ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and have the same krb5.conf, smb.conf and nsswitch.conf
files on both machines. Both machines are running the exact same
Distrubution of Linux and Samba and yet machine one authenticates and
machine two does not.
 
the error message that I currently get is
 
 ads_join_realm: Operations error  
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=1-2
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=1-2
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd: compat winbind
group:  compat winbind
shadow: compat
 
hosts:  files dns wins
networks:   files
 
protocols:  db files
services:   db files
ethers: db files
rpc:db files
 
netgroup:   nis

krb5.conf
 
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}

 
[login]
krb4_convert = true
krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...
 
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA and ACTIVE DIRECTORY

2008-02-27 Thread Tom Weishaupt

I am trying to join and authenticate a linux machine to a Windows 2003
SP2 ADS domain with Microsoft service for unix version 3.5 running
 
I have prior to SP2 been able to connect to the domain with no problem I
actually have a machine that was connected prior to the install of SP2
still running and has the same krb5.conf, smb.conf and nsswitch.conf
files as the machine I'm trying to connect save the machine name. Both
machines are running the exact same Distrubution of Linux and Samba and
yet machine one authenticates and machine two does not.
 
the error message that I currently get is
 
 ads_join_realm: Operations error  
 
has anyone got any ideas as to a resolution to this problem
 
I have included the following
 
smb.conf
 
[global]
wins server =
workgroup=domainname
server string=%h (Xandros Desktop)
dns proxy=no
name resolve order=hosts lmhosts host wins bcast
log file=/var/log/samba/log.%m
max log size=1000
syslog=0
panic action=/usr/share/samba/panic-action %d
security=ADS
encrypt passwords=true
passdb backend=tdbsam guest
obey pam restrictions=yes
invalid users=root
map to guest=Bad User
passwd program=/usr/bin/passwd %u
passwd chat=*Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
client use spnego=no
load printers=no
printing=cups
printcap name=cups
dos filetimes=yes
socket options=TCP_NODELAY
display charset=iso8859-1
unix charset=iso8859-1
winbind enum users=no
idmap uid=1-2
winbind enum groups=no
winbind separator=+
allow trusted domains=yes
template homedir=/home/%D/%U
password server=ADSSERVER
preserve case=yes
template shell=/opt/Shellloader.sh
realm=DOMAINNAME
case sensitive=no
short preserve case=yes
os level=20
idmap gid=1-2
;   preexec = /bin/mount /cdrom
;   postexec = /bin/umount /cdrom

nsswitch.conf
 

passwd: compat winbind
group:  compat winbind
shadow: compat
 
hosts:  files dns wins
networks:   files
 
protocols:  db files
services:   db files
ethers: db files
rpc:db files
 
netgroup:   nis

krb5.conf
 
[realms]
DOMANNAME = {
kdc = ADSSERVER
}
DOMAINSHORTNAME = {
kdc = ADSSERVER
}

 
[login]
krb4_convert = true
krb4_get_tickets = true

 
All these files are identical on both machines and both machines are
identical in time.
 
ANY SUGGESTIONS...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba on active Directory domain issues

2006-03-07 Thread Guillermo Gutierrez

 Hi all,
 I have rebuilt the gentoo linux samba server that I was having trouble with 
 and I'm trying to again add the samba server to a windows 2003 active 
 directory but I am still running into all of the same symptoms.
 
 I am able to see the machine in NetBeui/NetBios (My network Places on 
 2000/XP) and I can navigate inside the server to the public folder thatI have 
 set up but I can not get into the home directory for the for my domain 
 profile (/home/DOMAINNAME/USERNAME).
 
 Looking at the log.machinename log file from samba, I see this from trying 
 to connect to the public folder:
 
   init msg_type=0x81 msg_flags=0x0
 [2006/03/07 13:08:07, 0] lib/util_sock.c:write_data(557)
   write_data: write failure in writing to client 10.11.7.56. Error Connection 
 reset by peer
 [2006/03/07 13:08:07, 0] lib/util_sock.c:send_smb(765)
   Error writing 4 bytes to client. -1. (Connection reset by peer)
 [2006/03/07 13:08:07, 3] smbd/sec_ctx.c:set_sec_ctx(288)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2006/03/07 13:08:07, 5] auth/auth_util.c:debug_nt_user_token(433)
   NT user token: (NULL)
 [2006/03/07 13:08:07, 5] auth/auth_util.c:debug_unix_user_token(454)
   UNIX token of user 0
   Primary group is 0 and contains 0 supplementary groups
 [2006/03/07 13:08:07, 5] smbd/uid.c:change_to_root_user(324)
   change_to_root_user: now uid=(0,0) gid=(0,0)
 [2006/03/07 13:08:07, 2] smbd/server.c:exit_server(614)
   Closing connections
 [2006/03/07 13:08:07, 3] smbd/connection.c:yield_connection(69)
   Yielding connection to
 [2006/03/07 13:08:07, 3] smbd/connection.c:yield_connection(76)
   yield_connection: tdb_delete for name  failed with error Record does not 
 exist.
 [2006/03/07 13:08:07, 3] smbd/server.c:exit_server(655)
   Server exit (process_smb: send_smb failed.)
 
 I am using samba 3.0.21c on  Gentoo Linux kernel 2.6.15-r1. I can send the 
 contents of my smb.conf or other config files if needed.
 Please help, I am quickly getting to the end of my rope.
 
 TIA,
 
 Guillermo Gutierrez
 Development Systems Engineer
 Market Scan Information Systems
 (818) 575-2000 x2427
 [EMAIL PROTECTED]
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active directory

2006-01-09 Thread Bruno Gola

Hello guys :-)

Last week I was configuring a samba server here in my linux box to act as a
AD Domain member. Using Samba, kerberos5 and winbind i finally did it. Now,
i have another problem, for each machine that i wanna do this, i need to add
this machine in the Win2k AD Server (with the command net ads join -UAdmin
etc) but, the problem is that i dont have the permission (or the admin
account) to do this, so everytime i create a new machine in vmware i need to
call the infra structure guys, and i dont want this, so the solution was, to
create a new samba server that will be a domain controller, and my Virtual
Machines would auth against this serverm and this server would auth each
user against the AD.

Example:
  $USER auth   check the $USER and passwd @ AD
VM - Samba - AD

Resuming, the AD will be just a passwd server for samba.

Does anyone knows if it is possible? Is there a way ?

Thanks!

Bruno Gola
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.20, Active Directory, Debian: Username ... is invalid on this system

2005-10-13 Thread Markus Feilner

Hello List,
I have a strange problem:
I have successfully added my debian system to the local active directory 
domain. Winbind works and gives me Users, Groups, and relations when I call 
wbinfo. However, Users cannot connect to a share I prepared.
It makes no difference if there is no valid user =  entry, or if I put an 
correct entry with my test user. 
All I get in log.winbindd is:
Username DOMAIN+test is invalid on this system
(just like there was a valid user entry.)
I have successfully checked the password of this user with wbinfo, user data 
is handed over correctly, wbinfo -t is successful, domain membership works.
What is wrong?
Thanks!!
-- 
Mit freundlichen Grüßen
Markus Feilner

--
Feilner IT Linux  GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
Untere Hauptstr 2 85386 Eching
fon regensburg  +49 941 8107989
fon eching  +49 89 379 956 3 
fax +49 89 379 956 444  
mobil + +49 170 3027092 
skype ID: mfeilner mail: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0. Active Directory on AIX 5.2

2005-08-09 Thread Daniel Teklu

I need to re-compile samba to join a Windows Active Directory domain. This is 
on  AIX 5.2 server.

here are the steps I am following

- Install Openssl
- Install OpenLDAP
- Install MIT Kerberos
- re-compile samba

After all this,  is editing the /etc/krbd5.conf and smb.conf enough or do I 
need to make changes on the AIX side? I see on Solaris, we need to change 
/etc/nsswitch.conf but what do we need to do on AIX side for this to work?

I appreciate any ideas.

Thanks

-D
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba with Active Directory on AIX

2005-08-02 Thread Daniel Teklu


Hi All,

I just built samba 3.0.14 on AIX and it is working fine with users created on 
the server. Now I need to change it to use Active directory authentication.

I am new to Samba. is there any info on how I can do this with the changes I 
need to make on the samba configuration and on AIX?

Thanks in advance,

-Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and active directory

2005-06-07 Thread Paolo


Hi to all,
I have a problem.
I have 2 servers the first is an unix server with samba and ldap that is 
a domain controller, and the second is a windows server with active 
directory..
My problem is: is it possible to share the active directory tree with 
ldap tree?

Or can i have an unique tree to share between samba and active directory?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2005-06-07 Thread Paolo


Paolo wrote:


Hi to all,
I have a problem.
I have 2 servers the first is an unix server with samba and ldap that 
is a domain controller, and the second is a windows server with active 
directory..
My problem is: is it possible to share the active directory tree with 
ldap tree?

Or can i have an unique tree to share between samba and active directory?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba and Active Directory

2005-05-20 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:

 Can someone provide a definitive answer please
 
 Question: Can a Samba 3 server be introduced into my AD forest when the 
 forest runs in a functional level of Windows 2003 server ? 

'security = ads' support mixed, native 2000 and native 2003
mode domains.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCji22IR7qMdg1EfYRAm3SAKCdjqa7WAI5h9o0eVi2Eme25EVI9ACg8Qzn
uqlH3YruMBtlPxU7eBiIPa4=
=Dvz/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and Active Directory

2005-05-17 Thread bmccauley

Can someone provide a definitive answer please

Question: Can a Samba 3 server be introduced into my AD forest when the 
forest runs in a functional level of Windows 2003 server ? 

Thanks 


Bernie McCauley
IT Consultant 
Computer Sciences Corporation
15 National Cct  Barton  ACT 2600
Ph: (02) 6270 8334
alternate email: [EMAIL PROTECTED] 


This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2005-05-10 Thread Mattier, Ricardo

Hello,
Is there a way to push a Solaris machine onto a Active Directory
domain?  If so, what software do I need to upgrade to?  I am currently
using Solaris 9.  
 
Rick Mattier
Systems Analyst II
Windriver Systems
120 Royall St
Canton, Ma 02021
[EMAIL PROTECTED]
Canton: 781 364-2002
Nashua: 603 897-2084
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba and Active Directory

2005-04-25 Thread Israel Tena

Hello,
I have samba2.2.3 in a AIX4.3.3,
Whow can i do to join this machine to Active Directory?
_
Descubre la descarga digital con MSN Music. Más de medio millón de 
canciones. http://music.msn.es/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2004-10-19 Thread Mike Kelly

Hi,

I'm trying to join my Linux file server to an AD domain.  I've looked at
several different documents describing how to do this, but I still am not
able to get everything to work correctly.

I am able to join my domain, but I cannot use smbclient to connect to
another file server in the domain, nor can I connect to the samba server from
my desktop PC.

My kerberos tickets seem to be in order:

$ kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
$ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
10/19/04 12:26:21  10/19/04 22:26:25  krbtgt/[EMAIL PROTECTED]
renew until 10/19/04 13:26:21

$ smbclient -U [EMAIL PROTECTED] -k //fs02/Share
session setup failed: NT_STATUS_LOGON_FAILURE

Even with debug enabled, I don't get any clues:

$ smbclient -U [EMAIL PROTECTED] -k -d 4 //fs02/Share
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file /etc/samba/smb.conf
Processing section [global]
doing parameter local master = no
doing parameter realm = MY.BIG.DOMAIN.LOC
doing parameter password server = 10.109.40.128
doing parameter workgroup = MYDOMAIN
doing parameter netbios name = FS01
handle_netbios_name: set global_myname to: FS01
doing parameter encrypt passwords = yes
doing parameter security = ads
doing parameter log file = /var/log/samba.log
doing parameter server string = 
doing parameter winbind separator = +
doing parameter winbind uid = 1-2
doing parameter winbind gid = 1-2
doing parameter template shell = /bin/bash
doing parameter wins server = 10.109.40.128
doing parameter client use spnego = no
doing parameter use spnego = yes
pm_process() returned Yes
added interface ip=10.109.40.77 bcast=10.109.41.255 nmask=255.255.254.0
Client started (version 3.0.7-2.FC2).
Connecting to 10.109.40.59 at port 445
 session request ok
Serverzone is 25200
session setup failed: NT_STATUS_LOGON_FAILURE

/var/log/samba.log has three error messages which might be related to my
problem:
[2004/10/19 11:46:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/10/19 11:51:31, 1] libads/ldap.c:ads_connect(251)
  Failed to get ldap server info
[2004/10/19 12:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'root' does not exist

My smb.conf:
[global]
  local master = no
  realm = MY.BIG.DOMAIN.LOC
  password server = 10.109.40.128
  workgroup = MYDOMAIN
  netbios name = FS01
  encrypt passwords = yes
  security = ads
  log file = /var/log/samba.log
  server string = 
  winbind separator = +
  winbind uid = 1-2
  winbind gid = 1-2
  template shell = /bin/bash
  wins server = 10.109.40.128
  client use spnego = no
  use spnego = yes

[Share]
  comment = Share
  browseable = yes
  writable = yes
  guest ok = no
  path = /smb/share



I'm running Fedora Core 2, Samba Version 3.0.7-2.FC2, and kernel 2.6.5-1.358.
Active Directory lives on 10.109.40.128.
The samba server is FS01 at 10.109.40.77.
A windows fileserver is FS02 at 10.109.40.59.

Does anyone have any suggestions about what I might do to get samba working
correctly?

Thanks,

Mike
(:

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Active Directory

2004-10-19 Thread Kevin Riggins

I had to add the following lines to the [libdefaults] section of my
/etc/krb5.conf file to get it working:

  default_tgs_enctypes = rc4-hmac
  default_tkt_enctypes = rc4-hmac
  dns_lookup_realm = false
  dns_lookup_kdc = false

This assumes you are trying to connect to a Win2K Domain Controller.  I
don't know if it works with a 2003 server.

Also, since your kinit was successful, the -U parameter is unnecessary
when using smbclient -k.

ex.  smbclient -k //fs02/Share

Kevin


-Original Message-
From: Mike Kelly [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 19, 2004 2:42 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and Active Directory


Hi,

I'm trying to join my Linux file server to an AD domain.  I've looked at
several different documents describing how to do this, but I still am
not
able to get everything to work correctly.

I am able to join my domain, but I cannot use smbclient to connect to
another file server in the domain, nor can I connect to the samba server
from
my desktop PC.

My kerberos tickets seem to be in order:

$ kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
$ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
10/19/04 12:26:21  10/19/04 22:26:25
krbtgt/[EMAIL PROTECTED]
renew until 10/19/04 13:26:21

$ smbclient -U [EMAIL PROTECTED] -k //fs02/Share
session setup failed: NT_STATUS_LOGON_FAILURE

Even with debug enabled, I don't get any clues:

$ smbclient -U [EMAIL PROTECTED] -k -d 4 //fs02/Share
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
/etc/samba/smb.conf
Processing section [global]
doing parameter local master = no
doing parameter realm = MY.BIG.DOMAIN.LOC
doing parameter password server = 10.109.40.128
doing parameter workgroup = MYDOMAIN
doing parameter netbios name = FS01
handle_netbios_name: set global_myname to: FS01
doing parameter encrypt passwords = yes
doing parameter security = ads
doing parameter log file = /var/log/samba.log
doing parameter server string = 
doing parameter winbind separator = +
doing parameter winbind uid = 1-2
doing parameter winbind gid = 1-2
doing parameter template shell = /bin/bash
doing parameter wins server = 10.109.40.128
doing parameter client use spnego = no
doing parameter use spnego = yes
pm_process() returned Yes
added interface ip=10.109.40.77 bcast=10.109.41.255 nmask=255.255.254.0
Client started (version 3.0.7-2.FC2).
Connecting to 10.109.40.59 at port 445
 session request ok
Serverzone is 25200
session setup failed: NT_STATUS_LOGON_FAILURE

/var/log/samba.log has three error messages which might be related to my
problem:
[2004/10/19 11:46:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No credentials cache found)
[2004/10/19 11:51:31, 1] libads/ldap.c:ads_connect(251)
  Failed to get ldap server info
[2004/10/19 12:01:00, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(1059)
  user 'root' does not exist

My smb.conf:
[global]
  local master = no
  realm = MY.BIG.DOMAIN.LOC
  password server = 10.109.40.128
  workgroup = MYDOMAIN
  netbios name = FS01
  encrypt passwords = yes
  security = ads
  log file = /var/log/samba.log
  server string = 
  winbind separator = +
  winbind uid = 1-2
  winbind gid = 1-2
  template shell = /bin/bash
  wins server = 10.109.40.128
  client use spnego = no
  use spnego = yes

[Share]
  comment = Share
  browseable = yes
  writable = yes
  guest ok = no
  path = /smb/share



I'm running Fedora Core 2, Samba Version 3.0.7-2.FC2, and kernel
2.6.5-1.358.
Active Directory lives on 10.109.40.128.
The samba server is FS01 at 10.109.40.77.
A windows fileserver is FS02 at 10.109.40.59.

Does anyone have any suggestions about what I might do to get samba
working
correctly?

Thanks,

Mike
(:

-- 
[EMAIL PROTECTED]
---
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2004-10-19 Thread Mike Kelly

On Tue, Oct 19, 2004 at 03:05:52PM -0500, Michael Wray wrote:
 Make sure signed traffic is disabled on the AD server (at least for traffic
 from your samba) under domain and local policies.  And that LM,NTLM,NTLM2
 when negotiated are enabled on the AD server.
 
Unfortuntely, the signed traffic setting affects the entire domain, and I
don't think that I will be able to sell my company's AD admins on decreasing
company-wide security for a single branch office server.

I read this message which says that samba 3 supports signing, and that it
doesn't need to be disabled in AD.
http://lists.samba.org/archive/samba/2003-October/000341.html

Is this mesage inaccurate?

 Also check your log.winbindd file for errors.  (usually
 /var/log/log.winbindd or /var/log/samba/log.winbindd  some servers have
 both.)
 
I have /var/log/samba/winbindd.log, which consistantly states:
[2004/10/19 11:46:21, 1] nsswitch/winbindd.c:main(854)
  winbindd version 3.0.7-2.FC2 started.
  Copyright The Samba Team 2000-2004

Thanks,

Mike
(:

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2004-10-19 Thread Mike Kelly

On Tue, Oct 19, 2004 at 03:01:05PM -0500, Kevin Riggins wrote:
 I had to add the following lines to the [libdefaults] section of my
 /etc/krb5.conf file to get it working:
 
   default_tgs_enctypes = rc4-hmac
   default_tkt_enctypes = rc4-hmac
   dns_lookup_realm = false
   dns_lookup_kdc = false
 
I already had:
 default_tgs_enctypes = des-cbc-crc des-cbc-md5
 default_tkt_enctypes = des-cbc-crc des-cbc-md5
 dns_lookup_realm = false
 dns_lookup_kdc = false

But adding rc4-hmac did not help.

 This assumes you are trying to connect to a Win2K Domain Controller.  I
 don't know if it works with a 2003 server.
 
My AD server is running 2003 Server, so I guess this means that the above
doesn't work with 2003.  ):

I'm open to any other ideas you might have.

Thanks,

Mike
(:

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2004-10-19 Thread Gerald (Jerry) Carter

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike Kelly wrote:
| On Tue, Oct 19, 2004 at 03:05:52PM -0500, Michael Wray wrote:
|
| Make sure signed traffic is disabled on the AD server
| (at least for traffic from your samba) under domain
| and local policies.  And that LM,NTLM,NTLM2
| when negotiated are enabled on the AD server.
|
|
| Unfortuntely, the signed traffic setting affects the
| entire domain, and I don't think that I will be able to
| sell my company's AD admins on decreasing
| company-wide security for a single branch office server.
|
| I read this message which says that samba 3 supports signing,
| and that it doesn't need to be disabled in AD.
| http://lists.samba.org/archive/samba/2003-October/000341.html
|
| Is this mesage inaccurate?
Samba 3.0.x does support SMB signing.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBdY2JIR7qMdg1EfYRAsg6AJ9BUizsCjMfQY8TaMvj76ip+AdJogCfZpoJ
UoGKkcTAljVT790EXEJ9/Zw=
=FEGD
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba as Active Directory replacement - is it possible?

2004-09-22 Thread Tomasz Chmielewski

Andrew Bartlett wrote:
On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:

Where can I find any HOWTOS/documents on this? I spent an hour googling 
but found nothing promising so far.

It all very much depends on what you want to do with it.  Samba 3.0 is
an NT4 level domain controller, as far as windows clients see it, but is
fully backed by whatever directory server you attach it to.  
OK, so at the bottom I describe more or less what I want.

So, if you just want to move to a directory based system, with the
benefits of directory management, then the standard Samba 3.0 will do
what you want.
If you would like to add kerberos, then it is possible with snapshots of
I don't think kerberos is needed in my case.

The other area of ongoing work is in Samba4, were we have demonstrated
an 'Active Directory' join of WinXP SP2 to Samba4.  This is an ongoing
area of research, but also an area that is moving surprisingly fast. 
More assistance (programming wise) is always appreciated :-)
This is what I actually want from this AD replacement:
- it has to store users, groups and passwords
- it has to store computer accounts
- it has to store policies - for users, computers
So by example:
Clients are purely Windows machines. Now with Active Directory the below 
can be achieved:

1) PC1 (client) is booted.
2) it connects to the server, reads its computer account and policy:
- what settings should it have, what programs installed - and if a 
program is missing, it should be automatically installed/deinstalled 
(according to the policy)

3) login box appears - user logs in
- he/she is authenticated against the server, and his/her settings are 
applied

Well, I'm certain that I can store passwords, users, groups, either with 
Samba or Samba + OpenLDAP, but what I'm afraid of, is how can I set 
different policies for users and computers with Samba/OpenLDAP.

Any help if it's possible is appreciated.
Tomek
--
Bar w Internecie wciaz bez cenzury!  http://link.interia.pl/f1835 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba as Active Directory replacement - is it possible?

2004-09-21 Thread Tomasz Chmielewski

Hello,
I've been trying to figure out if it's possible to replace Active 
Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but 
from what I've found I'm not sure.

Is it possible, or partially possible (I don't need every feature of AD)?
What additional software (besides Samba) will I need?
What functionality will I loose?
Where can I find any HOWTOS/documents on this? I spent an hour googling 
but found nothing promising so far.

Tomek
--
Startuj z INTERIA.PL...  http://link.interia.pl/f1834
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba as Active Directory replacement - is it possible?

2004-09-21 Thread John H Terpstra

On Tuesday 21 September 2004 04:49, Tomasz Chmielewski wrote:
 Hello,

 I've been trying to figure out if it's possible to replace Active
 Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but
 from what I've found I'm not sure.

 Is it possible, or partially possible (I don't need every feature of AD)?
 What additional software (besides Samba) will I need?

 What functionality will I loose?

 Where can I find any HOWTOS/documents on this? I spent an hour googling
 but found nothing promising so far.

http://www.samba.org/samba/docs/Samba-Guide.pdf

Check chapters 5,6,7,9

If you need more information contact me direct.

- John T.



 Tomek

 --
 Startuj z INTERIA.PL...  http://link.interia.pl/f1834

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba as Active Directory replacement - is it possible?

2004-09-21 Thread Roland Giesler

I'm actually considering a similar exercise.  I understand to run OpenLDAP
you would need some database like PostGRE or mySQL (someone, can't remember
who, said you need PostGRE)

Roland


 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] 
 On Behalf Of John H Terpstra
 Sent: 21 September 2004 17:36
 To: [EMAIL PROTECTED]
 Subject: Re: [Samba] Samba as Active Directory replacement - 
 is it possible?
 
 
 On Tuesday 21 September 2004 04:49, Tomasz Chmielewski wrote:
  Hello,
 
  I've been trying to figure out if it's possible to replace Active 
  Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on 
 Linux - but 
  from what I've found I'm not sure.
 
  Is it possible, or partially possible (I don't need every 
 feature of 
  AD)? What additional software (besides Samba) will I need?
 
  What functionality will I loose?
 
  Where can I find any HOWTOS/documents on this? I spent an hour 
  googling but found nothing promising so far.
 
 http://www.samba.org/samba/docs/Samba-Guide.pdf
 
 Check chapters 5,6,7,9
 
 If you need more information contact me direct.
 
 - John T.
 
 
 
  Tomek
 
  
 --
  Startuj z INTERIA.PL...  http://link.interia.pl/f1834
 
 -- 
 John H Terpstra
 Samba-Team Member
 Phone: +1 (650) 580-8668
 
 Author:
 The Official Samba-3 HOWTO  Reference Guide, ISBN: 
 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening 
 Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 
 Other books in production.
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba as Active Directory replacement - is it possible?

2004-09-21 Thread Andrew Bartlett

On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:
 Hello,
 
 I've been trying to figure out if it's possible to replace Active 
 Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but 
 from what I've found I'm not sure.
 
 Is it possible, or partially possible (I don't need every feature of AD)?
 What additional software (besides Samba) will I need?
 
 What functionality will I loose?
 
 Where can I find any HOWTOS/documents on this? I spent an hour googling 
 but found nothing promising so far.

It all very much depends on what you want to do with it.  Samba 3.0 is
an NT4 level domain controller, as far as windows clients see it, but is
fully backed by whatever directory server you attach it to.  

So, if you just want to move to a directory based system, with the
benefits of directory management, then the standard Samba 3.0 will do
what you want.

If you would like to add kerberos, then it is possible with snapshots of
Heimdal kerberos for unix clients to use their 'Samba' passwords for
keberos.  These are kept in the same directory (and indeed same entries)
as Samba's passwords.
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

The other area of ongoing work is in Samba4, were we have demonstrated
an 'Active Directory' join of WinXP SP2 to Samba4.  This is an ongoing
area of research, but also an area that is moving surprisingly fast. 
More assistance (programming wise) is always appreciated :-)

Andrew Bartlett



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory

2004-08-22 Thread Jason Simons

I am having the same exact issue.  I have not tried assigning
permissions using DOMAINPREFIX\\username, but like you I can get
Kerberos tickets, use smbclient to connect to windows shares, but from
a windows client, I cannot connect to the Samba server.  I'm using
Suse 9.1, and the latest version of SAMBA that I've tried was 3.05.

Jason

On Thu, 19 Aug 2004 15:48:55 -0400, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
 I have setup my linux machine (Fedora Core2) to kinit to my windows 2003
 server.
 It has added itself to the active directory with no errors
 I can use smbclient //server/c$ -k and view all the files on the server.
 I installed and configured winbind.  I can do a wbinfo -u and wbinfo -g and
 return the list of users and groups from the active directory.
 I have done a getent passwd and getgroups and winbind has assigned the
 active directory users and groups the proper unix uid's and gid's.
 I can even assign ownership to files but I must use DOMAINPREFIX\\username
 in order to do so. IS THIS THE CORRECT WAY TO DO THAT?
 
 I can add the user to the smbpasswd file using smbpasswd -a
 DOMAINPREFIX\\username and it gets added.
 This tells me that unix knows the user exits.
 Whether I add the username to the smbpasswd file or not I still cannot
 access any of the samba shares.  It continuously prompts me for a username
 and password when I access it from a windows machine.
 
 I guessing that the password isn't getting pulled from the active directory
 for the user accounts.  But I'm not sure.
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2004-08-19 Thread jzorzi

I have setup my linux machine (Fedora Core2) to kinit to my windows 2003
server.
It has added itself to the active directory with no errors
I can use smbclient //server/c$ -k and view all the files on the server.
I installed and configured winbind.  I can do a wbinfo -u and wbinfo -g and
return the list of users and groups from the active directory.
I have done a getent passwd and getgroups and winbind has assigned the
active directory users and groups the proper unix uid's and gid's.
I can even assign ownership to files but I must use DOMAINPREFIX\\username
in order to do so. IS THIS THE CORRECT WAY TO DO THAT?

I can add the user to the smbpasswd file using smbpasswd -a
DOMAINPREFIX\\username and it gets added.
This tells me that unix knows the user exits.
Whether I add the username to the smbpasswd file or not I still cannot
access any of the samba shares.  It continuously prompts me for a username
and password when I access it from a windows machine.

I guessing that the password isn't getting pulled from the active directory
for the user accounts.  But I'm not sure.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3, Active Directory and LDAP

2004-08-02 Thread J. A. Landamore

I don't know if the following is possible.  Definitive yes/no would be 
appreciated, with pointers to how to do it if the answer is yes.

At present our lab PCs (c. 250 dual boot *nix/W2K boxes) get file served by our 
Solaris file/LDAP/mail server; NFS for *nix, samba 2 for local user files in 
W2K.  The W2K is centrally managed with more user filestore so the W2K PCs 
always have at least 3 shares mounted.  In *nix they authenticate against our 
departmental LDAP, in W2K against the campus AD and use a local smbpasswd for 
samba.  Samba is used solely to share a users *nix home directory to his/her PC 
when it is in W2K; i.e. in smb.conf after the usual pre-amble there is only:

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   
What I'd like to do is:

move to samba 3
continue to authenticate *nix (including server) to local LDAP
authenticate samba to central AD (preferably via LDAP)
get information for the home share from local LDAP (as obviously the central AD 
doesn't know anything about where the user's local *nix filestore is)

From RingTFM I believe that this is possible using kerberos rather than LDAP to 
authenticate samba but I really want to go the LDAP route.  Is is possible?

Thanks

John Landamore

School of Mathematics  Computer Science
University of Leicester
University Road, LEICESTER, LE1 7RH
[EMAIL PROTECTED]
Phone: +44 (0)116 2523410   Fax: +44 (0)116 2523604

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory Permissions RESOLUTION

2004-03-20 Thread Simone

Hi everyone. I'm running into the same problem. I've set up slackware 9.1
with kernel 2.6.4 to have acl support for ext3 (tried also to work with
kernel 2.4.25 + patch acl), samba 3.0.2a. Joined the domain as a member and
followed instructions in the acl howto. Samba is working and I can set up
shares using winbind authentication, just fine. The problem is with acl if I
try to set from a win2k box. I can change permissions only on files and not
on folders, and only on the already present users (can't add or remove
anyone). I've been testing many options (security mask, directory security
mask, create mask/directory) and I have set admin users '@DOMAIN\Domain
Admins' but still no success. Here's my share conf:


[acl]
path = /samba/acl   the folder is owned by user simone that is part of the
Domain Admin group
valid users = DOMAIN\simone
read only = no
browseable = yes
admin users = DOMAIN\simone
create mask = 0770
directory mask = 0770
directory security mask = 0700

What am I missing? I can get into the share and create new folders, but when
I try to change permissions I get error unable to save permissions. I've
been searching through the last  6158 messages on the list and followed
hints but unsuccessful.
Any help would be greatly appreciated since I am lost at the moment.
PS I have not created any local samba user, not even root, users are only
from domain

Thanks
Simone


- Original Message - 
From: John Petro [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 8:58 PM
Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION


All,
  Thanks for the responses.  There were two things I had to do to get
this to work.  The first thing was I had to change the readonly
attribute in the smb.conf to NO.  I also noticed that there was an error
in my /etc/fstab so that the options were not read in for some reason.
Once I fixed this and re-mounted the filesystem with the ACL option, I
was able to do what I needed to do.  Thanks again for all your
responses.

--John

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Petro
Sent: Thursday, March 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and Active Directory Permissions

All,

  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up



My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.



Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my
fileservices.



--John





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory Permissions

2004-03-20 Thread Simone

Thank you very much for your reply.

I'm trying to change permissions on a folder underneath. Basically I create
a folder in /acl and then I try to change permissions. I will try to have a
local unix user to be admin and I'll post back if it's the answer.

Once again thanks for your help

Simone


- Original Message - 
From: John Petro [EMAIL PROTECTED]
To: Simone [EMAIL PROTECTED]
Sent: Saturday, March 20, 2004 5:13 PM
Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION


Are you setting the permissions on the /acl directory? Or a folder
underneath.  It sounds like a permission problem.  I ended up having a
local unix user be the admin user and so I haven't seen the same issue
you are having.

--John

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Simone
Sent: Saturday, March 20, 2004 7:07 AM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba and Active Directory Permissions RESOLUTION

Hi everyone. I'm running into the same problem. I've set up slackware
9.1
with kernel 2.6.4 to have acl support for ext3 (tried also to work with
kernel 2.4.25 + patch acl), samba 3.0.2a. Joined the domain as a member
and
followed instructions in the acl howto. Samba is working and I can set
up
shares using winbind authentication, just fine. The problem is with acl
if I
try to set from a win2k box. I can change permissions only on files and
not
on folders, and only on the already present users (can't add or remove
anyone). I've been testing many options (security mask, directory
security
mask, create mask/directory) and I have set admin users '@DOMAIN\Domain
Admins' but still no success. Here's my share conf:


[acl]
path = /samba/acl   the folder is owned by user simone that is part of
the
Domain Admin group
valid users = DOMAIN\simone
read only = no
browseable = yes
admin users = DOMAIN\simone
create mask = 0770
directory mask = 0770
directory security mask = 0700

What am I missing? I can get into the share and create new folders, but
when
I try to change permissions I get error unable to save permissions. I've
been searching through the last  6158 messages on the list and followed
hints but unsuccessful.
Any help would be greatly appreciated since I am lost at the moment.
PS I have not created any local samba user, not even root, users are
only
from domain

Thanks
Simone


- Original Message - 
From: John Petro [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, March 19, 2004 8:58 PM
Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION


All,
  Thanks for the responses.  There were two things I had to do to get
this to work.  The first thing was I had to change the readonly
attribute in the smb.conf to NO.  I also noticed that there was an error
in my /etc/fstab so that the options were not read in for some reason.
Once I fixed this and re-mounted the filesystem with the ACL option, I
was able to do what I needed to do.  Thanks again for all your
responses.

--John

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Petro
Sent: Thursday, March 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and Active Directory Permissions

All,

  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up



My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.



Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my
fileservices.



--John





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman

RE: [Samba] Samba and Active Directory Permissions RESOLUTION

2004-03-19 Thread John Petro

All,
  Thanks for the responses.  There were two things I had to do to get
this to work.  The first thing was I had to change the readonly
attribute in the smb.conf to NO.  I also noticed that there was an error
in my /etc/fstab so that the options were not read in for some reason.
Once I fixed this and re-mounted the filesystem with the ACL option, I
was able to do what I needed to do.  Thanks again for all your
responses.

--John

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Petro
Sent: Thursday, March 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and Active Directory Permissions

All,

  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up

 

My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.  

 

Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my
fileservices.

 

--John

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory Permissions

2004-03-18 Thread John Petro

All,

  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up

 

My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.  

 

Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my
fileservices.

 

--John

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Active Directory Permissions

2004-03-18 Thread Aden, Steve

I have had similar problems. I was able to set permissions on shares
from Windows by adding:

admin users = DOMAIN_Domain Admins to my smb.conf file. ( _ is my
Winbind separator character).

The problem is that once they are set and the everyone group is removed,
the users cannot connect to the share with kerberos authentication.
(They can connect via ip address, which causes samba to use NTLM?
authentication). I always get Access Denied. Setting logging to 10 I can
see the authentication checks in the log, but the user sid captured does
not match the user's actual sid so it doesn't match the sid in the acl.

Hopefully you do not have the same problem. I have had this problem for
over two weeks and haven't been able to solve it. Even on a totally
clean install of everything in my lab including the W2K AD server and
the Samba server.

Steve Aden


Privileged/Confidential Information may be contained in this message. If you are not 
the addressee indicated in this message (or responsible for delivery of the message to 
such person), you may not copy or deliver this message to anyone. In such case, you 
should destroy this message and kindly notify the sender by reply email. Opinions, 
conclusions and other information contained in this message that do not relate to 
official business shall be understood as neither given nor endorsed by ITS

-Original Message-
From: John Petro [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 18, 2004 12:13 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and Active Directory Permissions


All,

  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up

 

My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.  

 

Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my
fileservices.

 

--John

 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

_
This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BH08999c2f.0001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory Permissions

2004-03-18 Thread alaslavic







John Petro [EMAIL PROTECTED] wrote on 03/18/2004 12:13:08 PM:

 All,

   I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
 to use the extended file systems permissions through windows, but I
 haven't had much luck.  Here is how I am set up



 My linux box is joined to my AD domain and appears to be functioning
 correctly.  I also have winbind set up, and functioning, although I
 still have some tweaking to do, it is assigning user and group ids as I
 would expect it to.  I can create a share ok via Samba or active
 directory users and computers with out a problem.  However, once I
 create this share, and I mount it on a windows client, I can't do
 anything as far as  setting or deligating permissions.  When I look at
 the folder properties, it says the folder it owned by root on my linux
 server.  It will not let me change the ownership to any other user.  I
 get a error that says something to the effect that I don't have the
 rights to change the permissions.


If the files and folders are owned by root, only root can change the
ownership.  One way around this is to add
admin users = your domain username or groupname
to your smb.conf for that share.  This will give your user root
permissions.



 Has anyone had this issue, and do you know what I can do to get around
 this.  I really don't want to go to a windows platform for my
 fileservices.



 --John





 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Active Directory Permissions

2004-03-18 Thread John Petro

Yeah I tried that.. I get an error that says that it can't save
permissions on the folder (or file) in this case.  Any other ideas?

--John

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 18, 2004 2:12 PM
To: John Petro
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba and Active Directory Permissions

John Petro [EMAIL PROTECTED] wrote on 03/18/2004 12:13:08 PM:

 All,

   I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
 to use the extended file systems permissions through windows, but I
 haven't had much luck.  Here is how I am set up

 My linux box is joined to my AD domain and appears to be functioning
 correctly.  I also have winbind set up, and functioning, although I
 still have some tweaking to do, it is assigning user and group ids as
I
 would expect it to.  I can create a share ok via Samba or active
 directory users and computers with out a problem.  However, once I
 create this share, and I mount it on a windows client, I can't do
 anything as far as  setting or deligating permissions.  When I look at
 the folder properties, it says the folder it owned by root on my linux
 server.  It will not let me change the ownership to any other user.  I
 get a error that says something to the effect that I don't have the
 rights to change the permissions.

If the files and folders are owned by root, only root can change the
ownership.  One way around this is to add
admin users = your domain username or groupname
to your smb.conf for that share.  This will give your user root
permissions.

 Has anyone had this issue, and do you know what I can do to get around
 this.  I really don't want to go to a windows platform for my
 fileservices.

 --John

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Active Directory Permissions

2004-03-18 Thread daniel . jarboe

  server.  It will not let me change the ownership to any other user.
I
  get a error that says something to the effect that I don't have the
  rights to change the permissions.

Do you have ACL's enabled on the filesystem with the shared files?

http://www.bluelightning.org/linux/samba_acl_howto/


~ Daniel

---

This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 + Active Directory + Win2000

2003-12-14 Thread Lancsr Roland

Hi!

I have a strange question!

I would like to write my diploma work this theme.

The questoin is: it works? Really can I put samba into AD? Has anybody tried? what is 
the experiences?

It is not problem to me, that the configuration is difficultly but I am a newbie. ;) 
So I want to learn...

Thanks!

Bye, Roland


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory Implications

2003-10-02 Thread Adam Williams

 1.) How having linux boxes in AD affects replication

The question is: How would it possibly effect replication?  Do they know
what they are talking about?

 2.) If it is possible to authenticate against the Linux boxes without
 actually joining the AD domain

Do you mean authenticate against AD without joining the Linux box to the
AD realm?  You'd probably have to mangle the security on AD a bit, but
kerberos is not going to work unless the KDC (in this case AD) knows
about the client.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Active Directory Implications

2003-10-02 Thread Rob Burtelow

Adam,

 The question is: How would it possibly effect replication?  Do they know
 what they are talking about?

First of all thanks for your input.  I agree with your above statement,
it is what I told them.  The Linux boxes don't send or receive any type
of replication requests, so it shouldn't matter.

 Do you mean authenticate against AD without joining the Linux box to the
 AD realm?  You'd probably have to mangle the security on AD a bit, but
 kerberos is not going to work unless the KDC (in this case AD) knows
 about the client.

Agreed again, I'm just trying to make sure what I'm telling them is in
line with how it actually works.  If it comes down to it, it might be a
pissing contest between them making me prove it will work and have no
problems, and me telling them to prove it will have problems.

--

Thanks,
Rob
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3 active directory

2003-07-31 Thread Razvan Cosma

  Hello,

 I'm posting this only in the event somebody else does a search in the
mlist archive for such keywords (I know I did), hope you won't mind. 
Status: IT WORKS! :)
 Steps taken:
Install Slackware (well, that was already in place). 
Install PAM (Linux-PAM-0.77, plain ./configure) - this I will need later
for Postfix SMTP auth against AD. 
Install Kerberos (krb5-1.2.8, ./configure --prefix=/usr/local/kerberos 
--without-krb4 --enable-dns --enable-dns-for-kdc --enable-dns-for-realm 
--enable-shared). 
Install OpenLDAP (openldap-2.1.22, ./configure --disable-slapd
--disable-slurpd). 
Install Samba (samba-3.0.0beta3, ./configure --prefix=/usr/local/samba 
--with-smbwrapper --with-dce-dfs --with-ads --with-smbmount --with-pam
--with-libsmbclient --with-acl-support --with-winbind 
--with-krb5=/usr/local/kerberos --without-quotas --with-ldap)

joe /etc/krb5.conf
[realms]
 DOM.AIN = {
  kdc = DC.DOM.AIN
 }
test with 
kinit [EMAIL PROTECTED]

joe /usr/local/samba/lib/smb.conf
[global]
security = ADS
realm = DOM.AIN
winbind use default domain = yes
wins server = dc.dom.ain
encrypt passwords = yes
password server = dc.dom.ain

net ads join domain -U Administrator
nmbd -D
smbd -D
winbindd

..that's all I think

PS. Thanks to the Samba team for the great work

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 + Active Directory + Debian + Profiles?

2003-07-23 Thread Jan Johansson

How on earth do i make Debian/Unstable play nice and use Samba 3.0 as a
member server in a AD-Domain running in Native Mode, and be able to
store user profiles on the Samba server? I just can make no heads nor
tails from any documentation, have I missed something fundamental?
Adding the server to the domain was easy enough. But then user
authentication does not seem to work?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0 + Active Directory + Debian + Profiles?

2003-07-23 Thread Jan Johansson

How on earth do i make Debian/Unstable play nice and use Samba 3.0 as a
member server in a AD-Domain running in Native Mode, and be able to
store user profiles on the Samba server? I just can make no heads nor
tails from any documentation, have I missed something fundamental?
Adding the server to the domain was easy enough. But then user
authentication does not seem to work?

Maybe I am closer then I thought. 

I removed samba completely, reinstalled it, joined it to the domain, and
net ads sort of started to work, I got a no credential in cache from
Kerberos. 

And when doing a net view from a windows box, I get access denied and
the following in my logs.

== log.nwl105 ==
[2003/07/23 10:49:02, 1] libads/kerberos_verify.c:ads_verify_ticket(91)
  krb5_parse_name(HOST/ndc5-router-1@) failed (Malformed representation
of principal)
[2003/07/23 10:49:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(175)
  Failed to verify incoming ticket!

== log.smbd ==
[2003/07/23 10:49:02, 1] sam/idmap_tdb.c:db_idmap_init(487)
  idmap uid range missing or invalid
  idmap will be unable to map foreign SIDs
[2003/07/23 10:49:02, 1] sam/idmap_tdb.c:db_idmap_init(499)
  idmap gid range missing or invalid
  idmap will be unable to map foreign SIDs

where should I be looking?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0 + Active Directory + Debian + Profiles?

2003-07-23 Thread Jan Johansson

How on earth do i make Debian/Unstable play nice and use Samba 3.0 as a
member server in a AD-Domain running in Native Mode, and be able to
store user profiles on the Samba server? I just can make no heads nor
tails from any documentation, have I missed something fundamental?
Adding the server to the domain was easy enough. But then user
authentication does not seem to work?

Ok, now I added realm = NWL.SE to my smb.conf, and now I get

== log.ndc2-w2k-1 ==
[2003/07/23 11:00:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(221)
  Username Administrator is invalid on this system
[2003/07/23 11:00:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(221)
  Username Administrator is invalid on this system

Seem to be a step forward, but not there yet

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba 3.0 + Active Directory + Debian + Profiles?

2003-07-23 Thread Paul Eggleton

Hi Jan,

Jan Johansson wrote on Wednesday, 23 July 2003 8:49 p.m.:
 == log.smbd ==
 [2003/07/23 10:49:02, 1] sam/idmap_tdb.c:db_idmap_init(487)
   idmap uid range missing or invalid
   idmap will be unable to map foreign SIDs
 [2003/07/23 10:49:02, 1] sam/idmap_tdb.c:db_idmap_init(499)
   idmap gid range missing or invalid
   idmap will be unable to map foreign SIDs

Add the following settings in smb.conf and restart winbind:

idmap uid = 1-65000
idmap gid = 1-65000

One good way to test if you have things set right is to use the wbinfo
command (eg. wbinfo -u). If this correctly lists domain users, great. If
not, check the winbind log file for details.

Cheers,
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/Solaris/Active Directory

2003-03-20 Thread Metcalf, Bob



I'm about to install the latest version of Samba on a Solaris8 machine,
with an Active Directory MS environment.  Haven't done this before,
and am looking for:

   - cookbook howto
   - things that will break and how to get around them
   - dope slaps

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

67 matches

Mail list logo