[Samba] Forcing clients to use NTLMv2 in 3.6.12
All, I need to force XP clients to use NTLMv2 when mapping to samba 3.6.12. My config is: ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No lanman auth = No XP systems can still map shares with the above config. If I add: max protocol = SMB2 min protocol = SMB2 W7 systems map shares, XP systems cannot map shares even if I change LAN Manager authentication level to: Send NTLMv2 response only or Send NTLMv2 response only\refuse LM NTLM. Any ideas? -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.6.12 build
All, I'm still struggling to get samba 3.6.12 built on a Solaris 8 sparc system. I built openldap 2.4.35 with --disable-ipv6 --disable-bdb --disable-hdb --disab le-mdb --enable-passwd. I built samba with: ./configure -prefix=/opt/XRX --exec-prefix=/opt/XRX --with-configdir=/etc/samba --with-privatedir=/et c/samba/private --with-lockdir=/var/samba/locks --with-statedir=/var/samba/locks --with-cachedir=/var/samb a/locks --with-piddir=/var/run --with-logfilebase=/var/samba/log --with-static-modules=vfs_solarisacl --wi th-shared-modules=vfs_prealloc,vfs_cacheprime,vfs_commit,idmap_ldap,idmap_tdb2,idmap_rid,idmap_ad,idmap_ha sh,idmap_adex --enable-shared --with-readline --with-acl-support --with-aio-support --with-pam --with-auto mount --with-dnsupdate=no --with-ldap --with-winbind --with-ads Samba fails during configure: checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_tag_t... yes checking for ber_scanf in -llber... no checking for ber_sockbuf_add_io... no checking for LDAP_OPT_SOCKBUF... yes checking for LBER_OPT_LOG_PRINT_FN... yes checking for ldap_init in -lldap... yes checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no checking whether LDAP support is used... yes checking for Active Directory and krb5 support... yes checking for ldap_initialize... (cached) no configure: error: Active Directory support requires ldap_initialize -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Building 3.6.12
All, I'm trying to build Samba 3.6.12 on Solaris 8 sparc using studio 12. Is this the correct forum to ask questions? This is my first build so any tips/tricks are appreciated. What are the prerequisites to get samba to compile so that it will join an AD domain? TIA, -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Building 3.6.12
I can patch Solaris 10 to get Samba 3.6.12 and takes about 5 mins to complete. I know moving off Solaris 8 would be the best path to take however it's not my decision to make... -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Build 3.6.12 on Solaris 8
All, I need to build samba 3.6.12 on solaris 8 using studio 12. Has anyone accomplished this and willing to share tips, tricks, or notes? -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] /var/samba/locks/smb_krb5/krb5.conf.DOM
All, I am running Solaris 10 and Samba 3.6.6. We use intelligent DNS and have more than 10 ADs. In /etc/krb5/krb5.conf I configure kdc and admin_server to point to the IDNS server so any one of our functioning ADs can be used dynamically. I've noticed that /var/samba/locks/smb_krb5/krb5.conf.DOM get created when net ads join is run. I've also noticed that the kdc is set to an IP address and appears to be dynamic. Can someone tell me what/how this file is controlled and if there are smb.conf settings to manually control this file? TIA, -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error creating host keytab
I am running Samba 3.0.35. When I run net ads join or net ads keytab create I see that the keytab file cannot be created. Here's a portion of the log: [2013/03/20 07:57:50, 3] libads/kerberos.c:(337) kerberos_secrets_store_des_salt: Storing salt host/pitviper.DOMAIN@REALM [2013/03/20 07:57:50, 2] libads/kerberos_keytab.c:(260) ads_keytab_add_entry: Using default system keytab: FILE:/etc/krb5/krb5.keytab [2013/03/20 07:57:50, 3] libads/kerberos_keytab.c:(184) smb_krb5_kt_add_entry: adding keytab entry for (host/pitviper.DOMAIN@REALM) with encryption type (1) and version (8) [2013/03/20 07:57:50, 1] libads/kerberos_keytab.c:(189) smb_krb5_kt_add_entry: adding entry to keytab failed (Cannot write to specified key table) [2013/03/20 07:57:50, 1] libads/kerberos_keytab.c:(346) ads_keytab_add_entry: Failed to add entry to keytab file [2013/03/20 07:57:50, 1] libads/kerberos_keytab.c:(508) ads_keytab_create_default: ads_keytab_add_entry failed while adding 'host'. [2013/03/20 07:57:50, 1] utils/net_ads.c:(1647) Error creating host keytab! Joined 'PITVIPER' to realm 'REALM' [2013/03/20 07:57:50, 2] utils/net.c:(1075) return code = 0 I've tried creating /etc/krb5/krb5.keytab with no luck. Any ideas? TIA -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.6 authentication
Can anyone tell me if Kerberos is a requirement for windows server 2008R2 AD NTLM or NTLMv2 authentication? TIA, -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authentication in 2008R2 AD
What is the earliest version of Samba that will authenticate in a native 2008R2 AD? Is Kerberos a requirement to authenticate to native 2008R2 AD? TIA, -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] username map is not functioning
All, When the company upgraded AD from 2003 to 2008R2 users lost the ability to access Samba shares without being prompted for a password. I've upgraded Samba from 3.0.30 to 3.6.6. I would like to continue using username map to map my users however it appears the map is being ignored. The only way I can get this config to work is by adding an account that matches the unix account using smbpasswd. Any ideas? [global] bind interfaces only= Yes case sensitive = Yes comment = Global Definitions create mask = 0775 directory mask = 0775 follow symlinks = No guest account = ftp guest ok= No host msdfs = No hosts allow = 13.,127. hosts deny = ALL idmap config * : backend = tdb interfaces = nge0,lo0 kernel oplocks = No level2 oplocks = No map to guest= Bad UID max disk size = 131072 oplocks = No preserve case = Yes unix extensions = No lm announce = No local master= No max protocol= SMB2 min protocol= NT1 name resolve order = host,bcast,wins,lmhosts netbios name= TYRELL security= DOMAIN username map= /etc/samba/users.map wins server = xxx.xxx.xxx.xxx workgroup = DOMAINNAME log file= /var/samba/log/log.%m log level = 4 syslog = 2 [ColorQube] path= /ColorQube writeable = Yes browseable = Yes create mask = 666 directory mask = 777 directory security mask = 777 inherit permissions = Yes guest ok= Yes [read] fake oplocks= Yes path Thanks in advance. -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] username map is not functioning
This appears to be an IDMAP username mapping issue not an issue with the username map file. I think this is not an issue with the username map file. Thanks for the reply. -Kevin On Mon, 11 Mar 2013, Kevin Shaw wrote: When the company upgraded AD from 2003 to 2008R2 users lost the ability to access Samba shares without being prompted for a password. I've upgraded Samba from 3.0.30 to 3.6.6. I would like to continue using username map to map my users however it appears the map is being ignored. The only way I can get this config to work is by adding an account that matches the unix account using smbpasswd. Any ideas? This sounds to me like Samba bug 8881. It isn't clear to me that anyone in the Samba team cares enough about this bug to get it fixed. https://bugzilla.samba.org/show_bug.cgi?id=8881 -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trying to understand authentication
I am running Solaris 10 u8 running Samba 3.6.6. Windows server 2008R2 runs AD. I don't understand samba authentication and hope someone might be able to help me understand the process. The following configuration appears to be functional. NIS is running and Winbind is not. Pam.conf has not been touched. Nsswitch.conf has the default configuration for nis. Pdbedit -Lv shows no users. How are domain users authenticating to my Samba server? I'm guessing that net rpc join had something to do with it? [global] bind interfaces only= Yes case sensitive = Yes comment = Global Definitions create mask = 0775 directory mask = 0775 follow symlinks = No guest account = ftp guest ok= No host msdfs = No hosts allow = 13.,127. hosts deny = ALL idmap config * : backend = tdb interfaces = nge0,lo0 kernel oplocks = No level2 oplocks = No map to guest= Bad UID max disk size = 131072 oplocks = No preserve case = Yes unix extensions = No lm announce = No local master= No max protocol= SMB2 min protocol= NT1 name resolve order = host,bcast,wins,lmhosts netbios name= SERVER security= DOMAIN username map= /etc/samba/users.map wins server = xxx.xxx.xxx.xxx workgroup = DOMAINNAME log file= /var/samba/log/log.%m log level = 4 syslog = 2 [ColorQube] path= /ColorQube writeable = Yes browseable = Yes create mask = 666 directory mask = 777 directory security mask = 777 inherit permissions = Yes guest ok= Yes [read] fake oplocks= Yes path TIA, -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
