Re: [Samba] Domain problem... (other way)
27 sep 2006 kl. 16:26 skrev Elvis Aaron Presley: I used net rpc join -S server32 -U Administrador to add the linux machine to the domain. The net ad leave is for the kerberos method if I'm not in a mistake. Do you mean remove all computer accounts at the domain server? !!??!?!?!!??!? Noo! Just the Samba account. You can't add it again if its there. (Well, you can reset AD accounts also.) Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 15:40 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... (other way) I would remove any computer accounts in AD. You think should have used net ad leave before uninstall. Do you use net rpc join or net ads join? 27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley: Ok, I see there is no solution for this strange situation... Now, I want to reinstall samba and winbind. I'll delete the user and the computer at the domain. I'll uninstall samba and winbind using apt-get on my debian How can I deatach the machine from the domain on linux? Is there something more to do to start again? Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006 12:59 Para: 'Lista Samba' Asunto: RE: [Samba] Domain problem... Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up
RE: [Samba] Domain problem...
Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version 3.0.22 on debian machine. And in the domain exist the user oracle with password realpwd. I've tried wbinfo --authenticate=oracle%fakepwd and return: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%fakepwd with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user oracle with challenge/response But if I try wbinfo --authenticate=oracle%realpwd it returns: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%realpwd with plaintext password challenge/response password authentication succeeded What? How is it possible? The user exist in the domain. I've tried delete it and create it again and same result. I've tried with other user... But same result. How can this stop to work if I didn't change anything? Is possible that it happenned after apt-get dist-upgrade? This is the global part of my smb.conf but i supposse it's ok because it was working and nothing changed: [global] workgroup = RXN32 security = DOMAIN password server = server32 encrypt passwords = true idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + netbios name = oracle I googled a lot, but with no luck... :( Thank for read this big text, and sorry if this message is at incorrect list. If there is a more specific list for this kind of issues, please tell me. Thanks in advance and Regards. Elvis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain problem...
Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version 3.0.22 on debian machine. And in the domain exist the user oracle with password realpwd. I've tried wbinfo --authenticate=oracle%fakepwd and return: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%fakepwd with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user oracle with challenge/response But if I try wbinfo --authenticate=oracle%realpwd it returns: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%realpwd with plaintext password challenge/response password authentication succeeded What? How is it possible? The user exist in the domain. I've tried delete it and create it again and same result. I've tried with other user... But same result. How can this stop to work if I didn't change anything? Is possible that it happenned after apt-get dist-upgrade? This is the global part of my smb.conf but i supposse it's ok because it was working and nothing changed: [global] workgroup = RXN32 security = DOMAIN password server = server32 encrypt passwords = true idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + netbios name = oracle I googled a lot, but with no luck... :( Thank for read this big text, and sorry if this message is at incorrect list. If there is a more specific list for this kind of issues, please tell me. Thanks in advance and Regards. Elvis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain problem...
Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version 3.0.22 on debian machine. And in the domain exist the user oracle with password realpwd. I've tried wbinfo --authenticate=oracle%fakepwd and return: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%fakepwd with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user oracle with challenge/response But if I try wbinfo --authenticate=oracle%realpwd it returns: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%realpwd with plaintext password challenge/response password authentication succeeded What? How is it possible? The user exist in the domain. I've tried delete it and create it again and same result. I've tried with other user... But same result. How can this stop to work if I didn't change anything? Is possible that it happenned after apt-get dist-upgrade? This is the global part of my smb.conf but i supposse it's ok because it was working and nothing changed: [global
RE: [Samba] Domain problem... (other way)
Ok, I see there is no solution for this strange situation... Now, I want to reinstall samba and winbind. I'll delete the user and the computer at the domain. I'll uninstall samba and winbind using apt-get on my debian How can I deatach the machine from the domain on linux? Is there something more to do to start again? Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006 12:59 Para: 'Lista Samba' Asunto: RE: [Samba] Domain problem... Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version 3.0.22 on debian machine. And in the domain exist the user oracle with password realpwd. I've tried wbinfo --authenticate=oracle%fakepwd and return: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%fakepwd with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user oracle with challenge/response But if I try wbinfo --authenticate=oracle%realpwd it returns: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage
Re: [Samba] Domain problem... (other way)
I would remove any computer accounts in AD. You think should have used net ad leave before uninstall. Do you use net rpc join or net ads join? 27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley: Ok, I see there is no solution for this strange situation... Now, I want to reinstall samba and winbind. I'll delete the user and the computer at the domain. I'll uninstall samba and winbind using apt-get on my debian How can I deatach the machine from the domain on linux? Is there something more to do to start again? Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006 12:59 Para: 'Lista Samba' Asunto: RE: [Samba] Domain problem... Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version 3.0.22 on debian machine. And in the domain exist the user oracle with password realpwd. I've tried wbinfo --authenticate=oracle%fakepwd and return: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user oracle%fakepwd with plaintext password challenge/response password authentication failed error code was NT_STATUS_WRONG_PASSWORD (0xc06a) error messsage was: Wrong Password Could not authenticate user oracle with challenge/response But if I try wbinfo --authenticate
RE: [Samba] Domain problem... (other way)
I used net rpc join -S server32 -U Administrador to add the linux machine to the domain. The net ad leave is for the kerberos method if I'm not in a mistake. Do you mean remove all computer accounts at the domain server? !!??!?!?!!??!? Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 15:40 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... (other way) I would remove any computer accounts in AD. You think should have used net ad leave before uninstall. Do you use net rpc join or net ads join? 27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley: Ok, I see there is no solution for this strange situation... Now, I want to reinstall samba and winbind. I'll delete the user and the computer at the domain. I'll uninstall samba and winbind using apt-get on my debian How can I deatach the machine from the domain on linux? Is there something more to do to start again? Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006 12:59 Para: 'Lista Samba' Asunto: RE: [Samba] Domain problem... Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up domain users wbinfo -g returns Error looking up domain groups Samba version
Re: [Samba] Domain problem with NT4 Samba 3.0.2a
The first thing that jumps out at me is the line beginning with Domain=[WORKGROUP] in the results of 'smbclient -L moon. It appears to me that in looking for the browse list, your user may be attempting to authenticate against the local smbpasswd database instead of authenticating against the PDC or BDC. A bug, a feature, or a misunderstanding? I don't know. Have you joined this server to the domain? You'll want to read this section of the Samba 3 HOWTO if you haven't already: http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server This section says to use Security = DOMAIN instead of Security = SERVER, and explains why. Looking at your smb.conf, it looks like you're on the right track. I'd recommend investigating winbind to create users on the fly when auth'd against the domain controller. As samba still requires a local user database, winbind and appropriate scripts will automatically maintain this local user database for you. And, of course, there's always the recommendation to go with Samba 3.0.4 (or 3.0.5 if it's out soon). --Jon Johnson Sutinen Consulting, Inc. [EMAIL PROTECTED] On Thu, 10 Jun 2004, Spike Burkhardt wrote: All, I really need some help. I'm putting samba up on a new windows domain called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely knowledgeable on Windows NetBIOS... but am good with Solaris. The status is that I've got the daemons running and working normally. I have 1 desktop with 1 PDC 1 BDC in the SIERRA domain. On the desktop, I can see both DC's but not the samba server. As a non-priviledged account, when I issue a smbclient -L moon I get the following output: moon:/home/burkharr smbclient -L moon Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtest Disk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1] tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) NetBIOS over TCP disabled -- no workgroup available When I issue the same command substituting localhost for moon I get the following output: moon:/home/burkharr smbclient -L localhost Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtestDisk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Server Comment ---- EPN32-237 MOON Samba 3.0.2a ROHAN SHADOWFAX WorkgroupMaster ---- SIERRAMOON Notice that I don't get any NetBIOS errors which makes sense because I'm not going out on the network. Here's my smb.conf file: moon:/home/burkharr more /apps/samba/lib/smb.conf # Global parameters [global] workgroup = SIERRA netbios name = moon security = SERVER encrypt passwords = Yes password server = rohan shadowfax wins server = 172.22.2.251 password level = 8 #admin log = Yes log level = 1 log file = /var/samba/log/log.%m create mask = 775 [rcbtest] comment = Spike's testing path = /dbd00/spike valid users = @webadmin force group = webadmin create mask = 740 writeable = Yes Any thoughts? Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain problem with NT4 Samba 3.0.2a
Jon, I'm using the Security = SERVER due to the fact that the machines that will be used aren't in the domain. I'm not using the smbpasswd file. I have not joined the domain but on the two other servers I've setup I haven't had to. I'll try it and let you know. As to the authenticating, how can I tell if it's using smbpasswd? spike Jonathan Johnson wrote: The first thing that jumps out at me is the line beginning with Domain=[WORKGROUP] in the results of 'smbclient -L moon. It appears to me that in looking for the browse list, your user may be attempting to authenticate against the local smbpasswd database instead of authenticating against the PDC or BDC. A bug, a feature, or a misunderstanding? I don't know. Have you joined this server to the domain? You'll want to read this section of the Samba 3 HOWTO if you haven't already: http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server This section says to use Security = DOMAIN instead of Security = SERVER, and explains why. Looking at your smb.conf, it looks like you're on the right track. I'd recommend investigating winbind to create users on the fly when auth'd against the domain controller. As samba still requires a local user database, winbind and appropriate scripts will automatically maintain this local user database for you. And, of course, there's always the recommendation to go with Samba 3.0.4 (or 3.0.5 if it's out soon). --Jon Johnson Sutinen Consulting, Inc. [EMAIL PROTECTED] On Thu, 10 Jun 2004, Spike Burkhardt wrote: All, I really need some help. I'm putting samba up on a new windows domain called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely knowledgeable on Windows NetBIOS... but am good with Solaris. The status is that I've got the daemons running and working normally. I have 1 desktop with 1 PDC 1 BDC in the SIERRA domain. On the desktop, I can see both DC's but not the samba server. As a non-priviledged account, when I issue a smbclient -L moon I get the following output: moon:/home/burkharr smbclient -L moon Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtest Disk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1] tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) NetBIOS over TCP disabled -- no workgroup available When I issue the same command substituting localhost for moon I get the following output: moon:/home/burkharr smbclient -L localhost Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtestDisk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Server Comment ---- EPN32-237 MOON Samba 3.0.2a ROHAN SHADOWFAX WorkgroupMaster ---- SIERRAMOON Notice that I don't get any NetBIOS errors which makes sense because I'm not going out on the network. Here's my smb.conf file: moon:/home/burkharr more /apps/samba/lib/smb.conf # Global parameters [global] workgroup = SIERRA netbios name = moon security = SERVER encrypt passwords = Yes password server = rohan shadowfax wins server = 172.22.2.251 password level = 8 #admin log = Yes log level = 1 log file = /var/samba/log/log.%m create mask = 775 [rcbtest] comment = Spike's testing path = /dbd00/spike valid users = @webadmin force group = webadmin create mask = 740 writeable = Yes Any thoughts? Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba