Re: [Samba] Samba 4 Rhedhat 6 And classicupgrade errors

2013-07-04 Thread Andrew Bartlett 
On Wed, 2013-07-03 at 12:28 +0100, GUEI née worou noee wrote:
> Hi,
> i upgrade on a new server samba3 to samba4 with a LDAP Backend.
> I have followed this HowTO 
>  http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
> 
> until de classicupgrade step
> Here is the errors I get 

> Following sids are both user and group sids:
>S-1-5-21-1770481708-1631662840-68360779-3221

> raise ProvisioningError("Please remove duplicate sid entries before 
> upgrade.")

> Please, could anyone help me. 
> I have this error since one week and coud not figure it out.
> i need help.

Read the above message carefully, and ensure no user has the same SID as
a group in your source databases. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trusted Domains List

2013-07-04 Thread Marc Muehlfeld 

Am 04.07.2013 22:08, schrieb Paul Pugliese:

I should have mentioned this in my first post, but I am running Samba 3.3.15


Can you upgrade to a newer version? The 3.3 tree out of maintainance 
since 3 years. And there are many improvements, features and 
compatibility fixes that went into the code in that time. Maybe your 
problem automatically dissappears with a newer version. And you'll get 
easier hints and support here on the list on recent versions.



I had a trust with two Samba 3 domains many years ago. But never against 
AD. But if I google your error, there are different things that can 
cause this message (like 
http://www.mail-archive.com/samba@lists.samba.org/msg95292.html).


Can you give more information on your installation (LDAP backend yes/no, 
etc.).


What you should also try, is to increase the samba log level (maybe 3 
for the beginning). Maybe you get more information to find the cause of 
your problem.


Here is also a HowTo about Samba<->AD trusts (but with Samba 3.6):
http://albertolarripa.com/?p=1631


Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trusted Domains List

2013-07-04 Thread Paul Pugliese 
Sorry,

I should have mentioned this in my first post, but I am running Samba 3.3.15

That link you gave me is regarding Samba 4.




On Thu, Jul 4, 2013 at 3:42 PM, Marc Muehlfeld wrote:

> Hello Paul,
>
> Am 04.07.2013 17:51, schrieb Paul Pugliese:
>
>  I have configured and tested the trust from Samba going to AD, but am
>> running into problems setting up AD as the trusted domain on the Samba
>> server.
>>
>
> https://wiki.samba.org/index.**php/Samba4/FAQ#Does_Samba_**
> support_trust_relationship_**with_AD.3F
> will answer your quesiton.
>
>
> Regards,
> Marc
>
>


-- 

*Paul Pugliese*
Sr. IT Service Analyst

5063 North Service Road Suite 101
Burlington, Ontario, L7L 5H6
tel: 905.319.5300
email: pa...@pintys.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trusted Domains List

2013-07-04 Thread Marc Muehlfeld 

Hello Paul,

Am 04.07.2013 17:51, schrieb Paul Pugliese:

I have configured and tested the trust from Samba going to AD, but am
running into problems setting up AD as the trusted domain on the Samba
server.


https://wiki.samba.org/index.php/Samba4/FAQ#Does_Samba_support_trust_relationship_with_AD.3F
will answer your quesiton.


Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Trusted Domains List

2013-07-04 Thread Paul Pugliese 
Hello,

I am running Samba on Redhat 5.

Attempting to configure a two way trust relationship with a Windows 2008
Domain.

I have configured and tested the trust from Samba going to AD, but am
running into problems setting up AD as the trusted domain on the Samba
server.

When I run the following command on the linux box I receive the following
error.

[root@happiness2 Period Reports]# net rpc trustdom establish pintys
Enter PINTYS.COM$'s password:
Could not connect to server GATES
[2013/07/04 11:48:45,  0] utils/net_rpc.c:rpc_trustdom_establish(5665)
  Storing password for trusted domain failed.

I apologize in advance if I should be including more information. First
time posting, and not much Linux experience.

Any help would be greatly appreciated.

Thanks!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Win8 account sees its home share, but "does not have permissions to access"

2013-07-04 Thread Dale Schroeder 
Being a Debian user, I don't have to deal with selinux; I've got a whole 
different set of problems. That being said, the 1st topic under 
troubleshooting in the Samba wiki is selinux.


https://wiki.samba.org/index.php/Samba_Troubleshooting

Hopefully, you'll find something in there to help you.


On 07/03/2013 1:50 PM, Mark Galeck wrote:

how do I check this?


On Wed, Jul 3, 2013 at 7:18 AM, Dale Schroeder <
d...@briannassaladdressing.com> wrote:


This being a Red Hat derivative, is selinux configured to allow this?



On 07/02/2013 2:54 PM, Mark Galeck wrote:


Fedora release 17 (Beefy Miracle)


On Tue, Jul 2, 2013 at 12:16 PM, Ricky Nance 
wrote:

  Mark, which distro are you running?


On Tue, Jul 2, 2013 at 2:00 PM, Mark Galeck  wrote:

  Can you log into the linux machine with the user mark and write files to

/home/mark without issue?

Certainly. I don't know Samba, but I do know Unix/Linux and as far as I
can tell, everything on Linux is working fine, as well as on the
Windows 8
side.

  What is the output of smbclient //localhost/homes -Umark -d5 (then at a
smb:\> do ls)

??  Command not found - I can't execute this on Linux.  I use


/bin/systemctl status smb.service


to get status


On Tue, Jul 2, 2013 at 11:52 AM, Ricky Nance 
wrote:

  Can you log into the linux machine with the user mark and write files

to
/home/mark without issue? What is the output of smbclient
//localhost/homes
-Umark -d5 (then at a smb:\> do ls). Just a couple of things I would
look
at\try.

Ricky







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba-tool classic upgrade - Next rid problem

2013-07-04 Thread Chris Alavoine 
Hi there,

I am trying to upgrade my old Samba3 (with LDAP backend) to Samba 4.

I am doing this on a test VM for now as a proof of concept.

When running this command:

/usr/local/samba/bin/samba-tool domain classicupgrade
--dbdir=/home/administrator/samba3/  --use-xattrs=yes
--realm=internal.com /home/administrator/samba3/smb.conf

I get this:

Reading smb.conf
Provisioning
Exporting account policy
Exporting groups
Exporting users
Next rid = 2012040402
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
ERROR(): uncaught exception -
ProvisioningError: You want to run SAMBA 4 with a next_rid of 2012040402,
the valid range is 1000-10. The default is 1000.
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
line 866, in upgrade_from_samba3
use_ntvfs=use_ntvfs, skip_sysvolacl=True)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 2155, in provision
skip_sysvolacl=skip_sysvolacl)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1757, in provision_fill
next_rid=next_rid, dc_rid=dc_rid)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1227, in fill_samdb
raise ProvisioningError(error)


So, it appears that my Next rid parameter is too high (namely: 2012040402).
I have run this multiple times and next rid is always the same number.
Before I start decimating my LDAP directory has anyone seen this behaviour
before?

I have done a quick LDAP search and not been able to find any RID's that
would cause such an inflated number so am a bit stumped.

Thanks in advance,
Chris.

-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Configuring pam_smbpass with Solaris

2013-07-04 Thread Laurent Blume 

Hello all.

I'm trying to configure pam_smbpass for Samba 3.6.16 on Solaris 10.

However, I'm getting a strange result: instead of sync'ing the password, 
it *removes* it. That is not quite what I expect...


I have this line in /etc/pam.conf:
other   password required   pam_smbpass_csw.so debug use_authtok 
try_first_pass nonull


To start the test, I make sure passwords are already in sync:
passwd user
smbpasswd user

Then I check it works:
su - user
smbclient server\\share

Both succeed, so so far, all good.

Now I try to change it using passwd, first as user:
$ passwd
Enter existing login password:
New Password:
Permission denied

The logs show:
Jul  4 14:50:17 server passwd[12830]: [ID 871885 auth.notice] 
(pam_smbpass) failed auth request by user for service passwd as user
Jul  4 14:50:17 server passwd[12830]: [ID 507756 auth.notice] 
(pam_smbpass) failed auth request by user for service passwd as 
user(-18956203)
Jul  4 14:50:17 server passwd[12830]: [ID 965784 auth.notice] 
(pam_smbpass) 1 authentication failure from user for service passwd as 
user(1000)


If I try as root:
# passwd user
New Password:
Re-enter new Password:
passwd: password successfully changed for user

su works with the new password:
su - user

Samba fails:
$ smbclient server\\share
Enter user's password:
session setup failed: NT_STATUS_LOGON_FAILURE

However, the same works with an empty password (press enter at the 
password request). Not good.


The logs show:
Jul  4 14:54:10 server passwd[12912]: [ID 632017 auth.notice] 
(pam_smbpass) password for (user/1000) changed by (root/0)


Any idea what I did wrong?

Laurent
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba