Re: [Samba] Force group gid
Thanks for the reply Jerry, On Wednesday 27 September 2006 1:12 am, Gerald (Jerry) Carter wrote: Lewis Shobbrook wrote: Hi All, I note from previous posts that the uid gid are not supported in smb.conf. My issue is that I have mysql auth backend for ftp sites, that I'd like to share directories for internal access. There is currently no way I can see to force the user or group using uid gid for this type of backend. Can anyone offer any suggestions as a work around to this? Sorry but I don't see why this would be necessary if you have a working NSS. The issue for me is that the SQL auth backend does not create user accounts in /etc/passwd only creating numerical uid gid assigning these to the relevant directories it creates. So nss can not pick them up. The other issue that I raised was the conflicts between unix account names and domain accounts. Were there is a local unix account with the same name as a domain account the force user attribute will force the domain user account of the same name. There are workarounds, but I think the ability to force a uid gid would be a useful feature. Cheers, Lew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Force group gid
Hi All, I note from previous posts that the uid gid are not supported in smb.conf. My issue is that I have mysql auth backend for ftp sites, that I'd like to share directories for internal access. There is currently no way I can see to force the user or group using uid gid for this type of backend. Can anyone offer any suggestions as a work around to this? Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: Force group gid
Addition to my previous post... There are also instances where the use of force user responding to a uid would be advantageous. E.g. a local users account conflicting with a domain account of the same name. e.g. force user = lewis results in access denied on writes as the service connects to the share using the account MYDOMAIN\lewis with uid 10007 instead of the local unix lewis with uid 1007 account Just my $.02 worth... -- Forwarded Message -- Subject: Force group gid Date: Friday 22 September 2006 12:19 pm From: Lewis Shobbrook [EMAIL PROTECTED] To: samba@lists.samba.org Hi All, I note from previous posts that the uid gid are not supported in smb.conf. My issue is that I have mysql auth backend for ftp sites, that I'd like to share directories for internal access. There is currently no way I can see to force the user or group using uid gid for this type of backend. Can anyone offer any suggestions as a work around to this? Cheers, Lewis --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Debian 3.0.23b tbdsam guest panic
Hi All, Just upgraded a test box to 3.0.23b and discovered some changes that cause a panic. I had an smb.conf with passdb backend = tbdsam guest The guest bit now causes panic action. log.smbd complains ... No builtin nor plugin backend for tdbsam guest found Either the build options have changed or the guest operative has issues. Works OK without guest, but it's been necessary to use it in the past on occasions. Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Warning for SP2 net share point on Samba 3.0.7
Hi All, Just a word of caution for those who are intending to roll out XP SP2 via a network share. I've encoutered an issue with SP2 and Debian Samba 3.07 when more than 5 simultaneous connections are in place. I'd set-up and tested a rollout using the samba share, but come roll-out day most of the 20 odd machines were still copying files some 48 hours after. No specific errors were apparent in system/smb logs and regular share access continued without disruption to the usual quality of service. i.e. Everything was still working fine as a regular user, just SP2 fell into a heap. The share used had been tested previosuly utilising the same scripted method for SP2 rollout pilots, with up to simultaneous 5 users without issue; it appears that only higher volumes of SP2 cause an issue. The rollout was repeated using a 2003 server, without issue. Just thought I'd raise this rather strange occurrence, and potentially cover a pitfall. Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] adduser fails ???
Hi All, I have a production samba server running 3.04 on Debian integrated to use AD accounts. It's been running most happily for about 6 months 8=] I've just attempted to create a non-privileged local unix user account for a new service I'm installing, but it fails prompting me for the AD domain account password. Eg... adduser test Adding user test... Adding new group test (1000). Adding new user test (1000) with group cron. Creating home directory /home/test. Copying files from /etc/skel Enter new UNIX password: Retype new UNIX password: Password for [EMAIL PROTECTED]: passwd: Error in service module adduser: `/usr/bin/passwd test' returned error code 10. Aborting. Cleaning up. Removing directory `/home/test' Removing user `test'. Removing group `test'. groupdel: group test does not exist I vaguely remember something about synching password changes suspect when the server was in test phase, I may have toyed briefly with such settings. Can anyone tell me how to switch this off? Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Slow Printing from XP clients with SP2?
Hi Rohan Hello, I was wondering if anyone else has experienced this. Yes I've noticed this. I thought shit... The print service has failed. 2-3 Minutes later out comes the print job This is with the firewall turned off, so something less obvious at hand here. From an XP machine printing to a SAMBA printer, printing is painfully slow. Selecting the printer, and even sending the job through windows makes the app appear non-responsive. The print job is completed fine, but just takes a long time to print. XP boxes with SP1 print like a dream. I've managed to replicate this on 4 boxes all with SP2. I'm running SAMBA 3.0.4. Cheers, Rohan Rohan Gilchrist [EMAIL PROTECTED] http://www.e-mailme.org/~rohan/ 0412 648 909 Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WinXP registry problems on SMB PDC
Hi David, I recently moved off of an ancient NT4 PDC to a SMB PDC running Samba 3.0.4-1 on a RH9 box. I had absolutely no troubles joining the domain, and other than a few login quirks every now and again, it is stable. I am, however, experiencing what I believe to be a permissions issue with the user profiles... my own, included. I am unable to make registry changes, most notably with regards to Norton Antivirus. All users are currently in a group mapped to Domain Admins, as most of the profiles had difficulties loading without it... After a long weekend of profile copying, I figured that I'd cross that bridge later. Regedit gives me a message, Error opening key while navagating to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec. I'm almost certain it's a permissions problem, but I have been unable to locate the source of the problem. Any help you could offer would be greatly appreciated. I have had a client who recently installed Symantec NAV 2004 on machines running XP sp1a, the samba PDC is 3.0.4-2 on Debian unstable. (Not that I think samba is the issue here) The 2004 live-updates eventually killed the machines to point to where they needed to be reinstalled (less work to do it that way anyway). NAV would repeatedly complain of corrupt registry and ask for the product to be re-installed. In the building I work in, Symantec have an their local state office on the top floor. I overheard a conversation in the lift, in the week following the initial release of 2004, words describing in effect what eventually happened at my clients site. No doubt my clients no longer have NAV 2004. And BTW I had advised them against installing NAV 2004, but somehow they missed it. 2003 was no issue... I suspect this may where your problems are coming from. Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] debian unstable 3.0.4-3 panics
/libc.so.6(abort+0x178) [0x401ba838] #6 /usr/lib/libgcrypt.so.7 [0x40384f37] #7 /usr/lib/libgcrypt.so.7 [0x40385c95] #8 /usr/lib/libgcrypt.so.7 [0x403b6558] #9 /usr/lib/libgcrypt.so.7 [0x403b644e] #10 /usr/lib/libgcrypt.so.7(gcry_mpi_scan+0x2a1) [0x403bb741] #11 /usr/lib/libgnutls.so.7(_gnutls_mpi_scan+0x39) [0x40351e29] #12 /usr/lib/libgnutls.so.7(_gnutls_dh_calc_mpis+0x7b) [0x4035989b] #13 /usr/lib/libgnutls.so.7(gnutls_global_init+0xc2) [0x40353d82] #14 /usr/lib/libcups.so.2(httpInitialize+0x5d) [0x4010eb3d] #15 /usr/lib/libcups.so.2(httpConnectEncrypt+0x22) [0x4010ecb2] #16 /usr/lib/libcups.so.2(httpConnect+0x38) [0x4010ec88] #17 /usr/sbin/smbd(cups_printer_fn+0x62) [0x817c50a] #18 /usr/sbin/smbd(pcap_printer_fn+0x81) [0x817c1b1] #19 /usr/sbin/smbd(add_all_printers+0x27) [0x81806b7] #20 /usr/sbin/smbd(load_printers+0x19) [0x8180785] #21 /usr/sbin/smbd(reload_services+0xc7) [0x81ede07] #22 /usr/sbin/smbd(main+0x2a3) [0x81ee4c7] #23 /lib/libc.so.6(__libc_start_main+0xc6) [0x401a5dc6] #24 /usr/sbin/smbd(ldap_msgfree+0x71) [0x8078221] Looks like a bug to me... Anyone not got this issue with 3.0.4 sharing printers? Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OSX upgrade effcts 8.3 fielpath
Hi All, I have received a cry for help from someone that has upgraded their system from OSX 10.2 to OSX 10.3. They use samba to serve an application that stores relative filepaths in an access db. Some of the the filepaths are stored in 8.3 format. A client running XP can access all the std filepaths, but is no longer able to access those stored in 8.3 format since upgrading to OSX 10.3. One thought came to mind that the default 8.3 mangling may have changed, however this should only represent a part of the 8.3 filepaths, not all of them. Is anyone aware of any devlopments in the samba chain at any point that has modified the way samba handles 8.3 filepath requests from 32 bit clients? Thanks for any suggestions. Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba (2.2.8a or 3.0.2a) + WinXP not updating roamingprofiles on logout
Hi Jeremy, Can't help with the romaing profiles, but can with this one As another note, I get the following message in log.machine name since going to samba3... [2004/04/05 23:16:16, 0] rpc_server/srv_util.c:get_domain_user_groups(372) get_domain_user_groups: primary gid of user [jeremy] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that [2004/04/05 23:16:20, 1] smbd/service.c:make_connection_snum(705) aerith (192.168.0.3) connect to service jeremy initially as user jeremy (uid=1000, gid=4) (pid 22991) You need to re-assign the primary group for the user to a windows group such as domain users. An easy way to do this is through the NT4 usermanager package USRMGR.EXE mentioned somewhere in the SAMBA 3 Doc's, I believe still available from microsoft. Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mapped samba drive missing in MS SQL Admin console
Hi All, I've noticed something strange with a drive mapping to a samba share, where it disappears when viewing is attempted via the MS SQL Enterprise Manager console. The drive appears in My Computer and can be accessed via, NT4,2K,XP,9x dos. When attempting to use restore a backup file from a disk device, all M$ mapped drives appear, however the samba 3.0.2-2 is sadly missing. It appears that using the UNC path is a part work around. Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to access printers
Hi All, Since updating a from 3.0.1-2 to 3.0.2-1 a few weeks back I've been unable to print. I checked all the obvios settings, but as they had been working perfectly for some time prior was not surprised to find the configuration was correct. The authentication is configured via winbind to a 2000 ADS PDC. security = DOMAIN I've since updated again to 3.0.2-2 and found the issue persists, even admin users are unable to connect. The log seems to indicate some weird processing of the user account in reference only to the printer shares as all other shares are behaving well (inc printers. It seems as though no matter which user connects, the backend attempts to authenticate the user as root... Case in point the following workstation log (level 10)... checking name: \\ftwork\HP_4000 [2004/02/23 14:00:28, 10] rpc_server/srv_spoolss_nt.c:open_printer_hnd(548) open_printer_hnd: name [\\ftwork\HP_4000] [2004/02/23 14:00:28, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(142) Opened policy hnd[2] [000] 00 00 00 00 27 00 00 00 00 00 00 00 CC 6C 39 40 '... .l9@ [010] 12 42 00 00 .B.. [2004/02/23 14:00:28, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(447) Setting printer type=\\ftwork\HP_4000 Printer is a printer [2004/02/23 14:00:28, 4] rpc_server/srv_spoolss_nt.c:set_printer_hnd_name(480) Setting printer name=\\ftwork\HP_4000 (len=16) searching for [HP_4000] (len=7) share:printers share:HP_4000 set_printer_hnd_name: Printer found: HP_4000 - HP_4000 [2004/02/23 14:00:28, 5] rpc_server/srv_spoolss_nt.c:open_printer_hnd(583) 2 printer handles active [2004/02/23 14:00:28, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 27 00 00 00 00 00 00 00 CC 6C 39 40 '... .l9@ [010] 12 42 00 00 .B.. [2004/02/23 14:00:28, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162) Found policy hnd[0] [000] 00 00 00 00 27 00 00 00 00 00 00 00 CC 6C 39 40 '... .l9@ [010] 12 42 00 00 .B.. [2004/02/23 14:00:28, 4] rpc_server/srv_spoolss_nt.c:get_printer_snum(430) short name:HP_4000 [2004/02/23 14:00:28, 10] lib/username.c:user_in_list(521) user_in_list: checking user root in list [2004/02/23 14:00:28, 10] lib/username.c:user_in_list(525) user_in_list: checking user |root| against |FASTTRACK/Domain Users| [2004/02/23 14:00:28, 10] lib/username.c:user_in_list(602) user_in_list: checking if user |root| is in winbind group |FASTTRACK/Domain Users| [2004/02/23 14:00:28, 3] rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1764) access DENIED for printer open Another crazy thing is when altering the root password using passwd, I get prompts for the pwd to be re-entered and then a prompt for the password to be entered for [EMAIL PROTECTED] which then results in passwd: Authentication failure And for that matter the user [EMAIL PROTECTED] doesn't exist. Of course the local root user account long exists in the tdbc courtesy of smbpasswd. Using smbclient as user root also fails with NT_STATUS_LOGON_FAILURE Is the [EMAIL PROTECTED] passwd prompt a result of skewed automated password sync? nsswitch.conf ... passwd: files winbind shadow: files group: files winbind root is not listed as an invalid user in smb.conf Can anyone can offer some suggestions here? Thanks in advance! Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.1 - 3.0.2 upgrade problem
org] On Behalf Of Barry Smoke Sent: Thursday, 12 February 2004 02:47 Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.1 - 3.0.2 upgrade problem same thing here... I had a similar experience, where NT4, 9X DOS clients dropped off. This was caused by a hung process or locked file in my case, where smbd failed shutdown cleanly. Rather than attempting to trace the rogue file/process, I simply restarted the machine and all came up roses. amrito wrote: Michal Sladek wrote: This morning I tried to upgrade Samba from 3.0.1 to 3.0.2 final I had only few minutes to test it from Windows XP clients (we use Windows 98 and XP clients in our company) because we have hundreds of users connected and I had to go back to 3.0.1 immediately before the get angry:-) Exactly the same happend with me. After compiling 3.0.2 (which worked absolutely fine) and installing it, the telephone started to ring, and I had to revert immediately. Basic effect: when attaching a network drive, the system asked for a password and afterwards rejected the service with a message like 'invalid user or password' I haven't got time to install 3.0.2 on a spare server to check what went wrong without the threat of being thrown out of the window, but if in between someone got some hints what might have gone wrong and (even more interesting) how to fix it, I would greatly appreciate to get the info, too. Thanks Regards john Might be better to set-up a test machine test your upgrades before rolling them out eh! Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] New Fedora RPMS available
Heads up, These should fix the cups problems reported on the list yesterday. See http://samba.org/samba/ftp/Binary_Packages/ Where the deb's also effected? All printers are shared here, but access is uniformly denied? Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: PDC - initial profile creation
I had similar issues, with existing unix user accounts that were mgirated across to a samba 3.0.1-2 PDC on a debian unstable system. It's simply a matter of reassigning the Primary Group for the user through NT user manager. Perhaps the automated migration of unix accounts should assign the primary group to the Domain Users group by default, or at least alert and refer to the required process? Cheers, Lewis Shobbrook I know the user exists, because I personally made the users and set their passwords, I also added them to the smbpasswd file. Do they need to be a specific group? If so, that was my problem. I know I made the users, and added them, but all I did was useradd username, and then passwd username and then smbpasswd -a username. I never added them to a group. Also, when adding to smbpasswd, it says Ignoring unknown parameter logon name. I'm wondering if that's important? Thanks! Robert On Jan 21, 2004, at 2:47 AM, Collen wrote: Hmm.. looks like you user has not group assigned to him.. or no entry at all in the passwd group file. did you add your user to the linux account's as wel to the samba account's ?? as far the windows error tell's, Network path not found.. look's like the win box can't acces the network share where your profile's are stored.. the share might be correct, but if there is no user entry in the passwd and/or samba.. it simply say's acces denied. and there is your problem.. I gues.. L8r Collen (MLHJ) At 13:43 20/01/2004, you wrote: Hi all, I'm still suffering from the problem whereby a user can login to the domain, but a message comes up saying Windows cannot locate the server copy of your roaming profile... DETAIL - The network path was not found.. I have now found these entries in the logs: [2004/01/20 12:31:27, 1] smbd/service.c:make_connection_snum(698) pulse-laptop (192.168.0.101) connect to service netlogon initially as user antgel (uid=1003, gid=100) (pid 5659) [2004/01/20 12:31:31, 0] smbd/service.c:make_connection(850) pulse-laptop (192.168.0.101) couldn't find service %u [2004/01/20 12:31:31, 0] smbd/service.c:make_connection(850) pulse-laptop (192.168.0.101) couldn't find service %u [2004/01/20 12:31:34, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain CHHAUSMANN - S-1-5-21-3247875428-2940378000-2436062379 [2004/01/20 12:31:34, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [antgel] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that [2004/01/20 12:31:34, 0] rpc_server/srv_util.c:get_alias_user_groups(219) get_alias_user_groups: gid of user antgel doesn't exist. Check your /etc/passwd and /etc/group files Clearly the two issues are couldn't find service %u and the primary gid error. However user antgel has a primary group of users, which is mapped to Domain Users. Can anyone shed any light on this? Antony -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ~Robert Brugman~ This e-mail is X.509 happy ;-) GPG Fingerprint: D710 B8D9 C72A AB56 174F 71AC 3619 9F32 8250 6034 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.1-2 failed to decode PDU
Hi All, come acrross a curious issue with 3.0.1-2 from Debian unstable. Looks like a bug of sorts to me... Have a PDC configured and basically working well, apart from single recurrent issue that keeps popping up in the logs below, related to failure or breaking of remote procedure calls. The pipes more often break when using the UNC path as opposed to IP. couldn't find service netlogon [2004/01/29 10:20:34, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) failed to decode PDU [2004/01/29 10:20:34, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. Users can logon, group security settings are honoured, passwords can be changed etc etc, just the share connections sometimes fail drop out as does mmc computer management. Attempts to remap using the machine name generally fail once this has occurred, using the IP address generally works. Here's the global section... # Global parameters [global] workgroup = DOMAINNAME server string = My Domain Controller interfaces = eth0, lo bind interfaces only = Yes obey pam restrictions = No passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u delete user script = /usr/sbin/userdle %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/adduser %u %g delete user from group script = /usr/sbin/deluser %u %g set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false -M %u /usr/bin/passwd -l %u domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d admin users = root, lewis printer admin = root, lewis printing = cups Any ideas what's happening here? Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Auto printer dirver install for windows client
Hi Nandish, We have HP Laserjet 4000 / 4050 printer, I made Redhat Linux as my print server, I was not able to auto install the printer dirver to windows client machine, I tried various option make driver auto install, now print job is come to the queue but it's not printing. I've just set up an HP4000 on a Debian system. I used the latest foomatic drivers from linuxprinting.org a recent CUPS system, samba 3.0.1-2, the cups-samba drivers for windows from http://www.cups.org/ (CUPS Driver for Windows 5.0rc30) and the samba-client tools which include the cupsaddsmb utility. If you follow the documentation for samba 3 from the samba web site, it should work for you. Set-up the printer through cups use the APPsocket/HP JetDirect and enter the printers IP connection(print test page from windows box to find it if unkown) socket://192.168.0.39:9100/ and print a test page. If that works then proceed to use the cupsaddsmb -A -v, as described in the documentation. Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] debian packages at download samba are broken
Just thought I bring attention to the state of the debian packages at http://download.samba.org/samba/ftp/Binary_Packages/ the samba_3.0.1-2_i386.deb and samba-common_3.0.1-2_i386.deb have errors associated with the packaging of the debs. An underscore seems to have found it's way into the template definitions eg. _Description: and generates an error as an unkown symbol when installing. Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind/samba 3.0.1-1 fails to store machine account password when joining ADS
Hi All, The latest Debian unstable release of samba 3.0.1-1 appears to be fail in storing the machine account password when joining a 2000 AD domain. kinit [EMAIL PROTECTED] works fine, as does net ads join suggesting the issue is not related kerberos misconfiguration. klist indicates no cached tickets, until kinit is used. and winbindd.log shows the following entries when winbindd starts. libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password HOST/[EMAIL PROTECTED] failed: Client not found in Kerberos database We can see from the logs that the winbindd is attempting to initiate the connection to the domain using kerberos ticket associated with the machine account, but it isn't there. The file secrets.tdb doesn't exist, neither does smbpasswd for that matter (not that it is specifically needed). The process of storing the machine account details was automated in the last version prior to this current relase. It is apparently broken. All attempts to access shares fail with smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Am I missing something?? Cheers, Lewis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 DOS Users rejected by PAM through winbind.
Hi All, I have a member server on debian unstable using 3.0.0.final, member of 2000 AD, in ADS security mode authenticating through winbind. XP/2000/2003 clients connect to shares OK, NT4 DOS fail (suspect 9x the same not tested). NOT using NTLM v2. The logged error is auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User DOMAIN+user. winbind log generates No rid for Pre-Windows 2000 Compatible Access !? I can't find any info on this error out there. Any ideas where to start? Xmas Cheers, Lewis Shobbrook -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
