Hi! I'm still stuck at the point where samba compiles, but I cannot join domain. I see "SPNEGO login failure" when using debug level 3 and "failed to lookup DC info for domain 'DOMAIN.COM' over rpc: Logon failure" on STDOUT.
I have compiled: - openssl 0.9.8o - openldap 2.4.21 - MIT Kerberos5 1.8.2 - GNU GSS 0.1.5 - openssl with kerberos support - samba 3.5.4 I'm using sunstudio12.1 cc compiler and gnu make on snv_134. Everything is "--prefix'ed" to /opt/samba. I have set CPPFLAGS and LDFLAGS to point to /opt/samba/include and /opt/samba/lib 1. Can anyone help on explaining this SPNEGO thing? I suspect that it means that samba was unable to negotiate some gssapi related stuff, so I might have compiled something wrong. 2. Why "struct libnet_JoinCtx" suggests that kerberos won't be used (see line marked with arrows)? Here's some lines from "net -U domainadmin%pass ads join -d10" [2010/07/20 09:37:05.413534, 2] lib/interface.c:338(add_interface) added interface e1000g0:6 ip=192.168.0.84 bcast=192.168.0.255 netmask=255.255.255.0 [2010/07/20 09:37:05.413946, 1] libnet/libnet_join.c:1947(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'SAMBA-DEV' domain_name : * domain_name : 'DOMAIN.COM' account_ou : NULL admin_account : 'Administrator' admin_password : * machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) ----------> use_kerberos : 0x00 (0) <-------------------------------------------------------------------------------------- secure_channel_type : SEC_CHAN_WKSTA (2) ....................SKIP...................... [2010/07/20 09:37:05.521247, 5] libsmb/ntlmssp.c:1196(ntlmssp_client_challenge) NTLMSSP challenge set by NTLM2 [2010/07/20 09:37:05.521259, 5] libsmb/ntlmssp.c:1197(ntlmssp_client_challenge) challenge is: [2010/07/20 09:37:05.521270, 5] ../lib/util/util.c:278(_dump_data) [0000] A3 7C 51 9D 27 CF 26 FA .|Q.'.&. [2010/07/20 09:37:05.521349, 1] ../librpc/ndr/ndr.c:214(ndr_print_debug) &authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : 52ef40e69996a2ef00000000000000000000000000000000 NtChallengeResponseLen : 0x0018 (24) NtChallengeResponseMaxLen: 0x0018 (24) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 24) v1: struct NTLM_RESPONSE Response : dccf3343610fc15a038074885a333ab7ce0d8aef7cd17728 DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x001a (26) UserNameMaxLen : 0x001a (26) UserName : * UserName : 'Administrator' WorkstationLen : 0x0012 (18) WorkstationMaxLen : 0x0012 (18) Workstation : * Workstation : 'SAMBA-DEV' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [2010/07/20 09:37:05.521558, 10] ../lib/util/util.c:278(_dump_data) [0000] 08 5C F1 71 2B 7B 55 BF E7 25 D6 0D F6 E7 E1 31 .\.q+{U. .%.....1 NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 [2010/07/20 09:37:05.521750, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/07/20 09:37:05.521763, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2010/07/20 09:37:05.521921, 10] libsmb/smb_signing.c:209(smb_signing_sign_pdu) smb_signing_sign_pdu: sent SMB signature of [2010/07/20 09:37:05.521935, 10] ../lib/util/util.c:278(_dump_data) [0000] 42 53 52 53 50 59 4C 20 BSRSPYL [2010/07/20 09:37:05.521956, 6] libsmb/clientgen.c:323(write_socket) write_socket(7,270) [2010/07/20 09:37:05.521978, 6] libsmb/clientgen.c:326(write_socket) write_socket(7,270) wrote 270 [2010/07/20 09:37:05.558662, 10] lib/util_sock.c:726(read_smb_length_return_keepalive) got smb length of 35 [2010/07/20 09:37:05.558704, 5] lib/util.c:617(show_msg) [2010/07/20 09:37:05.558715, 5] lib/util.c:620(show_msg) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=16481 smb_uid=2051 smb_mid=3 smt_wct=0 smb_bcc=0 [2010/07/20 09:37:05.558782, 5] lib/util.c:617(show_msg) [2010/07/20 09:37:05.558791, 5] lib/util.c:620(show_msg) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51205 smb_tid=0 smb_pid=16481 smb_uid=2051 smb_mid=3 smt_wct=0 smb_bcc=0 [2010/07/20 09:37:05.559036, 3] libsmb/cliconnect.c:1249(cli_session_setup) SPNEGO login failed: Logon failure [2010/07/20 09:37:05.559098, 1] libsmb/cliconnect.c:2307(cli_full_connection) failed session setup with NT_STATUS_LOGON_FAILURE [2010/07/20 09:37:05.559256, 1] libnet/libnet_join.c:1978(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to lookup DC info for domain 'DOMAIN.COM' over rpc: Logon failure' domain_is_ad : 0x00 (0) result : WERR_LOGON_FAILURE Failed to join domain: failed to lookup DC info for domain 'DOMAIN.COM' over rpc: Logon failure On 19 July 2010 09:42, Marcis Lielturks <marcis.lieltu...@gmail.com> wrote: > Hi! > > Here's comparison of "net ads join" output, between my first build of samba > 3.5.4 that gave "pkcs 11 error" and second build, that is failing with "rpc: > Logon failure". Can anyone comment on differences. I'm starting to think, > that the "diff -u" output say's that 2nd build is failing sooner than the > first build did. As you can see there's a lot of missing lines with "sasl", > "ldap" and "krb5". > > MMM > > > On 07/16/10 04:34 PM, Gaiseric Vandal wrote: > >> Which version of Samba? I had more trouble with Samba 3.5.x. And I have >> never managed to get Samba to compile with sun cc. I figured Samba was >> written with gcc in mind. >> >> >> The "failed to lookup DC info for domain 'mydomain.COM' over rpc: Logon >> failure' " message is interesting - not sure if you are getting login >> errors before lookup errors. Is you samba server configure to use your AD >> server as the DNS server? What version of windows is the AD server? What >> domain/foreset mode is your AD server in? >> >> In the "windows" world clients can locate the the login server via >> specific resource records in DNS. I don't know if Samba does this do or is >> still relying on netbios. I had one AD domain that was in >> NT4-compatibility mode and one AD domain that was in Windows 2003 native >> mode. Changing the client DNS settings on the samba machine seemed to >> help with locating the "2003 native" mode. DC. >> >> >> >> On 07/16/2010 05:29 AM, Marcis Lielturks wrote: >> >>> Hi! >>> >>> First of all, thanks for replies to all ;)! >>> >>> Using GCC was a fail for me - too much errors and 2 additional things >>> must be compiled (tdb & talloc) . I only managed to compile using Sun's cc >>> and gmake and will stick to them. I'm a bit further now. Now I don't get >>> PKCS 11 erros, when trying to do "net ads join". I recompiled openldap with >>> slapd (but with null backend) and "-lpkcs11" in LDFLAGS (I think this is >>> what helped). However now I'm getting following when doing "net ads join" >>> >>> [2010/07/16 12:16:54, 3] param/loadparm.c:9158(lp_load_ex) >>> lp_load_ex: refreshing parameters >>> [2010/07/16 12:16:54, 3] param/loadparm.c:4929(init_globals) >>> Initialising global parameters >>> [2010/07/16 12:16:54, 2] param/loadparm.c:4785(max_open_files) >>> rlimit_max: rlimit_max (256) below minimum Windows limit (16384) >>> [2010/07/16 12:16:54.047848, 3] ../lib/util/params.c:550(pm_process) >>> params.c:pm_process() - Processing configuration file >>> "/opt/samba/lib/smb.conf" >>> [2010/07/16 12:16:54.047875, 3] param/loadparm.c:7842(do_section) >>> Processing section "[global]" >>> [2010/07/16 12:16:54.048365, 2] lib/interface.c:338(add_interface) >>> added interface e1000g0:3 ip=192.168.0.84 bcast=192.168.0.255 >>> netmask=255.255.255.0 >>> [2010/07/16 12:16:54.048517, 1] libnet/libnet_join.c:1947(libnet_Join) >>> libnet_Join: >>> libnet_JoinCtx: struct libnet_JoinCtx >>> in: struct libnet_JoinCtx >>> dc_name : NULL >>> machine_name : 'SAMBA-DEV' >>> domain_name : * >>> domain_name : 'mydomain.COM' >>> account_ou : NULL >>> admin_account : 'Administrator' >>> admin_password : * >>> machine_password : NULL >>> join_flags : 0x00000023 (35) >>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >>> os_version : NULL >>> os_name : NULL >>> create_upn : 0x00 (0) >>> upn : NULL >>> modify_config : 0x00 (0) >>> ads : NULL >>> debug : 0x01 (1) >>> use_kerberos : 0x00 (0) >>> secure_channel_type : SEC_CHAN_WKSTA (2) >>> [2010/07/16 12:17:00.052208, 2] libads/cldap.c:97(ads_cldap_netlogon) >>> cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT >>> [2010/07/16 12:17:00.141661, 3] >>> libsmb/cliconnect.c:2201(cli_start_connection) >>> Connecting to host=BORED.mydomain.com >>> [2010/07/16 12:17:00.141828, 3] >>> lib/util_sock.c:974(open_socket_out_send) >>> Connecting to 192.168.0.94 at port 445 >>> [2010/07/16 12:17:00.143207, 3] >>> libsmb/cliconnect.c:991(cli_session_setup_spnego) >>> Doing spnego session setup (blob length=107) >>> [2010/07/16 12:17:00.143274, 3] >>> libsmb/cliconnect.c:1019(cli_session_setup_spnego) >>> got OID=1.2.840.48018.1.2.2 >>> got OID=1.2.840.113554.1.2.2 >>> got OID=1.2.840.113554.1.2.2.3 >>> got OID=1.3.6.1.4.1.311.2.2.10 >>> [2010/07/16 12:17:00.143302, 3] >>> libsmb/cliconnect.c:1029(cli_session_setup_spnego) >>> got principal=bor...@mydomain.com >>> [2010/07/16 12:17:00.143856, 3] >>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) >>> Got challenge flags: >>> [2010/07/16 12:17:00.143870, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x62898215 >>> [2010/07/16 12:17:00.143883, 3] >>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) >>> NTLMSSP: Set final flags: >>> [2010/07/16 12:17:00.143894, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x60088215 >>> [2010/07/16 12:17:00.143984, 3] >>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) >>> NTLMSSP Sign/Seal - Initialising with flags: >>> [2010/07/16 12:17:00.143997, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x60088215 >>> [2010/07/16 12:17:00.177128, 3] >>> libsmb/cliconnect.c:1249(cli_session_setup) >>> SPNEGO login failed: Logon failure >>> [2010/07/16 12:17:00.177159, 1] >>> libsmb/cliconnect.c:2307(cli_full_connection) >>> failed session setup with NT_STATUS_LOGON_FAILURE >>> [2010/07/16 12:17:00.177271, 1] libnet/libnet_join.c:1978(libnet_Join) >>> libnet_Join: >>> libnet_JoinCtx: struct libnet_JoinCtx >>> out: struct libnet_JoinCtx >>> account_name : NULL >>> netbios_domain_name : NULL >>> dns_domain_name : NULL >>> forest_name : NULL >>> dn : NULL >>> domain_sid : NULL >>> domain_sid : (NULL SID) >>> modified_config : 0x00 (0) >>> error_string : 'failed to lookup DC info for >>> domain 'mydomain.COM' over rpc: Logon failure' >>> domain_is_ad : 0x00 (0) >>> result : WERR_LOGON_FAILURE >>> [2010/07/16 12:17:00.177442, 2] utils/net.c:916(main) >>> >>> >>> Intersting is that if I supply wrong username output doesn't differ much. >>> Below you can see differences (I stripped time to be able to use diff). >>> >>> --- pass_ok_stripped.txt 2010-07-16 12:19:11.869234402 +0300 >>> +++ pass_wrong_stripped.txt 2010-07-16 12:19:22.318101275 +0300 >>> @@ -19,7 +19,7 @@ >>> domain_name : * >>> domain_name : 'mydomain.COM' >>> account_ou : NULL >>> - admin_account : 'Administrator' >>> + admin_account : 'Adminisdgasgasdtor' >>> admin_password : * >>> machine_password : NULL >>> join_flags : 0x00000023 (35) >>> @@ -43,8 +43,6 @@ >>> debug : 0x01 (1) >>> use_kerberos : 0x00 (0) >>> secure_channel_type : SEC_CHAN_WKSTA (2) >>> - libads/cldap.c:97(ads_cldap_netlogon) >>> - cldap_netlogon() failed: NT_STATUS_IO_TIMEOUT >>> libsmb/cliconnect.c:2201(cli_start_connection) >>> Connecting to host=BORED.ProServe.com >>> lib/util_sock.c:974(open_socket_out_send) >>> >>> >>> Maybe I'm missing some rpc things? "smbd -b | tail -2" says: >>> >>> Builtin modules: >>> pdb_ldap pdb_smbpasswd pdb_tdbsam pdb_wbc_sam rpc_lsarpc rpc_winreg >>> rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl rpc_ntsvcs rpc_netlogon >>> rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb >>> idmap_passdb idmap_nss idmap_rid idmap_hash nss_info_template auth_sam >>> auth_unix auth_winbind auth_wbc auth_server auth_domain auth_builtin >>> auth_netlogond vfs_default vfs_solarisacl vfs_zfsacl >>> >>> >>> MMM >>> >>> On 07/15/10 04:32 PM, Gaiseric Vandal wrote: >>> >>>> I compiled Samba 3.4.x on Solaris 10. (I have a Samba 3.4.x pdc with >>>> two Samba 3.0.x BDC's.) Samba 3.0.x DC"s will not support Windows 7 >>>> clients >>>> (don't have any yet but it is probably inevitable) and doesn't seem to >>>> support trusts with Windows 2003 Native domains (at least it didn't for >>>> me.) >>>> >>>> >>>> If you following the opensolaris forums it seems unlikely that there >>>> will be compiled build of 3.4.x or 3.5.x of samba in Solaris 10 or >>>> OpenSolaris in the near future. I don't think it really is a licensing >>>> or >>>> even major technical issue. There is seems to more interest in CIFS >>>> project as an alternative to Samba. Oracle/Sun sells a NAS server that >>>> runs on opensolaris and users CIFS so I don't think they have much interest >>>> in Samba. I don't see Oracle/Sun paying any one work on Samba 3.4.x or >>>> 3.5.x integration when they have "better" solutions and more important >>>> priorities. >>>> >>>> To be specific, Samba doesn't require OpenLDAP but it does require LDAP >>>> with certain functionality. The Solaris-bundled Samba does use OpenLDAP. >>>> But if you are compiling it yourself OpenLDAP is the way to do it. >>>> Easiest to just get the openldap precompiled from blastwave or >>>> sunfreeware.com. And there is precompiled Samba available from >>>> Sunfreeware and Blastwave but it may lack the features you need, so you >>>> probably need to compile anyway. >>>> >>>> If you don't need AD support, then then the Sun ldap client >>>> functionality should be sufficient. >>>> >>>> >>>> I didn't know about the NGROUPS_MAX option. I would have disabled it if >>>> I had known, since I am subject to the 16 group NFS v3 limit. (What I >>>> really need to do is switch to NFS v4 and use kerberos authentication for >>>> NFS clients.) >>>> >>>> The OpenSolaris developer build (from earlier this year- not the >>>> official release from last year- has updated GCC and other tools that may >>>> make compiling easier. Gcc from Sun (and even Sunfreeware) use >>>> "/usr/ccs/bin/ld" as the linker. You may need to renamed the file and >>>> symlink it to gld (gnu linker.) Samba compiling also requires that you >>>> get set the CPPFLAGS and LDFLAGS as well. >>>> >>>> e.g. >>>> >>>> >>>> PATH=/usr/swf/bin:/usr/ccs/bin:$PATH >>>> PATH=/usr/local/samba-3.4.5/bin:/usr/local/samba-3.4.5/sbin:$PATH >>>> LD_LIBRARY_PATH=/usr/sfw/lib:/usr/ccs/lib:$LD_LIBRARY PATH >>>> LD_LIBRARY_PATH=/usr/local/samba- 3.4.5:$LD_LIBRARY_PATH >>>> >>>> export LD_LIBRARY_PATH >>>> export CPPFLAGS="-I/usr/local/include -I/usr/local/ssl/include >>>> -I/usr/include" >>>> export LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib >>>> -L/usr/local/lib -R/usr/local/lib -L/usr/lib -R/usr/lib" >>>> >>>> >>>> >>>> >>>> I posted questions/results to the list earlier this year about my >>>> experiences. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 07/14/2010 05:38 PM, Mārcis Lielturks wrote: >>>> >>>>> >>>>> >>>>> On 15 July 2010 00:28, Jeremy Allison <j...@samba.org <mailto: >>>>> j...@samba.org>> wrote: >>>>> >>>>> On Thu, Jul 15, 2010 at 12:26:05AM +0300, Mārcis Lielturks wrote: >>>>> > Thanks, machine wont provide NFS or ssh login services, so >>>>> fiddling with max >>>>> > groups should do no harm! >>>>> > >>>>> > I googled a bit at found that samba should be recompiled to take >>>>> advantage >>>>> > of new NGROUPS_MAX. "./configure" logs also suggested that >>>>> NGROUPS_MAX is >>>>> > evaluated only at compile time. >>>>> >>>>> Yep. Recompilation should do the trick once the kernel understands >>>>> large numbers of groups. >>>>> >>>>> > Can anybody share experience on compiling samba on OpenSolaris? >>>>> What's the >>>>> > most painless way? I'm considering to use latest 3.5.5 but maybe >>>>> I should >>>>> > use same version Sun (Oracle) is using - 3.0.37? I have to set >>>>> up Samba on 2 >>>>> > servers, which already replicate storage, so ID mapping must be >>>>> consistent >>>>> > between both Samba servers. Servers have to provide shares also >>>>> to trusted >>>>> > domains, but 3.0.37 doesn't have idmap_hash and seems that >>>>> idmap_rid is not >>>>> > supported to provide mappings for more than one domain, so >>>>> anything newer >>>>> > than 3.0.37 sounds like the right choice. >>>>> >>>>> The only reason they use 3.0.x is they're still unable to cope >>>>> with the GPLv3 in (Open?)Solaris. Which is ironic as Oracle >>>>> Linux has been shipping GPLv3 Samba for a while. But it's a big >>>>> company, you can't expect one part to know what another part is >>>>> up to :-). >>>>> >>>>> Yeah, I read about that, but still, I was thinking that as they ship >>>>> 3.0.37, it should also be easier to compile because OS has all that's >>>>> necessary for 3.0.37. Newer Samba versions may have some dependencies (new >>>>> libs or newer version of libs), that might be harder to satisfy. I have >>>>> never compiled samba so far and all I know at the moment (from >>>>> documentation) is that AD support requires krb5 and openldap development >>>>> libraries and files. >>>>> >>>>> >>>>> Jeremy. >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> ML >>>>> >>>> >>>> >> -- ML -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba