Re: [Samba] Converting an LDAP server to use Samba 3
I tried copying apple.schema from a Panther box, but it still depends on things defined by the samba 2.x samba.schema file. No change. I'm curious as to how people are serving both Samba 3 accounts and OS X accounts.I thought perhaps you don't need apple.schema at all, but taking it out caused the automount maps to not be served for some reason (although strangely I got no errors.. just that people couldn't mount their home directories anymore). Anyone else have any insight? --Andy Nick Lopez wrote: On Thu, Oct 28, 2004 at 09:54:24AM -0700, Andy Moran wrote: I know this might not be the best place for this, but I'm hoping someone else has done this or knows what I need to do. We have a Linux LDAP Server (OpenLDAP 2.0.27) serving unix accounts to Linux and OS X machines. To get it to serve to OS X machines, I copied over the 'apple.schema' from an OS X box.Itr seems this schema file depends on things defined in the Samba 2.x schema file (samba.schema) because when it's present, it starts fine but when it doesn't, it complains about undefinied symbols in the apple.schema file. Copy it again from a Panther box, they might have updated it, I don't remember. I know I do have Samba3 running with an OpenLDAP backend with OSX enabled accounts too (and kerberos thrown in for the hell of it) and I don't recall having to do anything drastic from the schema. - Nick Lopez [EMAIL PROTECTED] -- Randomly selected signature -- if the bible proves the existance of god, then superman comics prove the existance of superman - Usenet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Converting an LDAP server to use Samba 3
I know this might not be the best place for this, but I'm hoping someone else has done this or knows what I need to do. We have a Linux LDAP Server (OpenLDAP 2.0.27) serving unix accounts to Linux and OS X machines. To get it to serve to OS X machines, I copied over the 'apple.schema' from an OS X box.Itr seems this schema file depends on things defined in the Samba 2.x schema file (samba.schema) because when it's present, it starts fine but when it doesn't, it complains about undefinied symbols in the apple.schema file. Now we'd love to create a Samba 3 ADS on a Linux box which pulls account information from the same LDAP database. According to documentation, this requires we use a different samba.schema file in our OpenLDAP server. The new one has different definitions and causes the apple.schema file to break. Does anyone know how to have a Linux LDAP server which serves accounts to both Linux, OS X machines and Samba 3?I can't seem to find people doing this online. Thanks. --Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 with Unix passwd authentication?
Andrew Bartlett wrote:
It should work just the same. But things work better if you can join
the windows domain, so that users can use encrypted passwords (or
maintain a local smbpasswd file)
Andrew Bartlett
Nope.. For some reason, Samba 3 does not seem to be able to authenticate
me as a local user where Samba 2.2.7 does.
I am on a Red Hat 9 box. I am using the SRPM I downloaded from the
ftp.samba.org and rebuilt on this box. The configure options of the
SRPM are:
CFLAGS=$RPM_OPT_FLAGS $EXTRA ./configure \
--prefix=%{prefix} \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient
The client error I'm getting back is:
session setup failed: NT_STATUS_LOGON_FAILURE
The server error I see in the log files:
[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_auth(514)
smb_pam_auth: PAM: Athentication Error for user andy
[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Authentication Failure : Authentication
failure
[2004/02/12 10:40:19, 0] auth/pampass.c:smb_pam_passcheck(810)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User andy !
There is also a bit where it's checking ntlm_password which fails too:
[2004/02/12 10:40:19, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [andy] - [andy] FAILED
with error NT_STATUS_WRONG_PASSWORD
As far as I can tell, /etc/pam.d/samba are the same in both versions..
But it works with Samba 2.2.7a. Strange?
--Andy
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 with Unix passwd authentication?
Yeah. I explicitly state encrypt passwords = no in the smb.conf file
and testparm confirms it. :(
--Andy
[EMAIL PROTECTED] wrote:
Does testparm report that encrypt passwords is no? The default has
changed to yes in samba 3. I don't know if this would affect you, I run
in security = DOMAIN and haven't done much with security = USER.
~ Daniel
-Original Message-
From: Andy Moran [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 1:58 PM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba 3 with Unix passwd authentication?
Andrew Bartlett wrote:
It should work just the same. But things work better if you can
join
the windows domain, so that users can use encrypted passwords (or
maintain a local smbpasswd file)
Andrew Bartlett
Nope.. For some reason, Samba 3 does not seem to be able to
authenticate
me as a local user where Samba 2.2.7 does.
I am on a Red Hat 9 box. I am using the SRPM I downloaded from the
ftp.samba.org and rebuilt on this box. The configure options of the
SRPM are:
CFLAGS=$RPM_OPT_FLAGS $EXTRA ./configure \
--prefix=%{prefix} \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient
The client error I'm getting back is:
session setup failed: NT_STATUS_LOGON_FAILURE
The server error I see in the log files:
[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_auth(514)
smb_pam_auth: PAM: Athentication Error for user andy
[2004/02/12 10:40:19, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Authentication Failure : Authentication
failure
[2004/02/12 10:40:19, 0] auth/pampass.c:smb_pam_passcheck(810)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User andy !
There is also a bit where it's checking ntlm_password which fails too:
[2004/02/12 10:40:19, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [andy] - [andy]
FAILED
with error NT_STATUS_WRONG_PASSWORD
As far as I can tell, /etc/pam.d/samba are the same in both versions..
But it works with Samba 2.2.7a. Strange?
--Andy
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 with Unix passwd authentication?
Yep. both use the same pam sama file that looks like this: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth Also, here is my smb.conf file in case someone sees something obvious that would keep it from using the normal unix password file: [global] workgroup = WILDBRAIN.COM encrypt passwords = no debug level = 3 log file = /var/log/samba/%m.log max log size = 500 os level = 0 local master = No homedir map = auto.people printing = cups veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/lost+found/ [wb] comment = Wild Brain Data Path path = /share valid users = @user admin users = @sos force user = @user create mask = 0777 force create mode = 0664 directory mask = 0777 force directory mode = 02775 inherit permissions = Yes read only = no writeable = yes --Andy [EMAIL PROTECTED] wrote: Yeah. I explicitly state encrypt passwords = no in the smb.conf file and testparm confirms it. :( --Andy Contents of /etc/pam.d/samba (or wherever it is for you) unchanged? ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 with Unix passwd authentication?
We are a primarily Linux company with a NIS backend, but we keep a couple bridge boxes for Windows users (on a Windows PDC) to connect to their unix accounts and access data. Under Samba 2.2, this was fairly easy with encrypt passwords = no turned on. But I can't figure out how to make it work with Samba 3. Does Samba 3 not support a unix passwd backend, or am I just missing a configuration option? --Andy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
