Re: [Samba] SMBD not authenticating against Active Directory

2008-11-28 Thread saddam abu ghaida
could you add the following and send the generated log files

os level = 3 passdb:5 auth:10 winbind:5

*   spnego has something to do with this failure

regards,
saddam abu ghaida


On Thu, Nov 27, 2008 at 2:01 AM, Kums <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Iam trying to setup Samba version 3.2.3 on Redhat (RHEL5) server to use
> Active Directory for authentication. I followed the instructions from
> article in following website:
> http://technet.microsoft.com/en-au/magazine/dd228986.aspx
>
> Setup Winbind + Samba + Kerberos and it seems to work fine. I can see the
> users in Active Directory through winbind as well as authenticate users
> using NTLM authentication.
>
> Problem is that Iam unable to access Samba share from Windows clients as AD
> user. Analyzing the network traffic on SMBD port gives:
> ---
> 10.849969 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
> NTLMSSP_AUTH, User: TESTDOMAIN\testuser
> 10.853302 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response,
> Error:STATUS_LOGON_FAILURE
> --
>
> I can however access the Samba share as local user in the Samba server via
> smbpasswd:
> ---
> 166.059746 192.168.97.2 -> 192.168.97.5 SMB Session Setup AndX Request,
> NTLMSSP_AUTH, User: D1950-01\kums
> 166.068297 192.168.97.5 -> 192.168.97.2 SMB Session Setup AndX Response
> 166.068500 192.168.97.2 -> 192.168.97.5 SMB Tree Connect AndX Request, Path:
> \\192.168.97.5\global
> 166.068787 192.168.97.5 -> 192.168.97.2 SMB Tree Connect AndX Response
> ---
>
> Winbind gives following error, not sure if this is significant for I can
> access the AD via "wbinfo"
> [2008/11/26 15:22:58,  1]
> libsmb/cliconnect.c:cli_session_setup_kerberos(626)
>  cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot find
> KDC for requested realm
>
> Please see attached for configuration detail + detailed error log. Googling
> helped me to get so far, but not completely resolve this issue.
>
> Please advise.
>
> Thanks in Advance,
> -Kums
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails

2008-11-28 Thread Patrick Ben Koetter
* Volker Lendecke <[EMAIL PROTECTED]>:
> On Fri, Nov 28, 2008 at 10:42:21PM +0100, Patrick Ben Koetter wrote:
> > Yes it is the full log and yes it's weird. Excuse my ignorance, the log 
> > level
> > setting is a copy and paste setting:
> > 
> > log level = 3 passdb:5 auth:10 winbind:2
> > 
> > What should in- or decrease to get more usefull logging?
> 
> Just ignore those different levels. Just "log level = 10"...

Okay. I'll get some of that tomorrow. Nobody there to operate the scanner
anymore. ;)

Thanks,


[EMAIL PROTECTED]

-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick KoetterTel: 089 45227227
Echinger Strasse 3 Fax: 089 45227226
85386 Eching   Web: http://www.state-of-mind.de

Amtsgericht MünchenPartnerschaftsregister PR 563
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails

2008-11-28 Thread Volker Lendecke
On Fri, Nov 28, 2008 at 10:42:21PM +0100, Patrick Ben Koetter wrote:
> Yes it is the full log and yes it's weird. Excuse my ignorance, the log level
> setting is a copy and paste setting:
> 
> log level = 3 passdb:5 auth:10 winbind:2
> 
> What should in- or decrease to get more usefull logging?

Just ignore those different levels. Just "log level = 10"...

Volker


pgpOF3jQQeGsA.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails

2008-11-28 Thread Patrick Ben Koetter
* Volker Lendecke <[EMAIL PROTECTED]>:
> On Fri, Nov 28, 2008 at 09:24:36PM +0100, Patrick Ben Koetter wrote:
> > I am trying to let a Konica-Minolta Copy-Scanner-Printer store scanned stuff
> > to a file.
> > 
> > It works at once, if I let it send the file to a SMB share provided by a W2K
> > workstation that is part of a (Samba) domain.
> > 
> > It doesn't work, if I want it to store the messages on a share provided by 
> > the
> > Samba server.
> > 
> > So far I have verified that the user the scanner runs under is allowed to
> > mount the share and write to it and this marks my wits end. I have log, but 
> > I
> > can't interpret it really well.
> > 
> > As far as I can tell the client connects, authenticates and then disconnects
> > without giving any reason.
> > 
> > If anyone took a look at the log and tell me they are seeing more I'd be
> > helped a lot.
> > 
> > Here's the log:
> > 
> 
> That log looks very weird. Some messages appear to be debug
> level 10 messages, but if it was, there are lots of lines
> missing. Are you sure you really got the correct, full log?

Yes it is the full log and yes it's weird. Excuse my ignorance, the log level
setting is a copy and paste setting:

log level = 3 passdb:5 auth:10 winbind:2

What should in- or decrease to get more usefull logging?

[EMAIL PROTECTED]



-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick KoetterTel: 089 45227227
Echinger Strasse 3 Fax: 089 45227226
85386 Eching   Web: http://www.state-of-mind.de

Amtsgericht MünchenPartnerschaftsregister PR 563
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Konica Printer: Scan to File (Samba SMB share) fails

2008-11-28 Thread Volker Lendecke
On Fri, Nov 28, 2008 at 09:24:36PM +0100, Patrick Ben Koetter wrote:
> I am trying to let a Konica-Minolta Copy-Scanner-Printer store scanned stuff
> to a file.
> 
> It works at once, if I let it send the file to a SMB share provided by a W2K
> workstation that is part of a (Samba) domain.
> 
> It doesn't work, if I want it to store the messages on a share provided by the
> Samba server.
> 
> So far I have verified that the user the scanner runs under is allowed to
> mount the share and write to it and this marks my wits end. I have log, but I
> can't interpret it really well.
> 
> As far as I can tell the client connects, authenticates and then disconnects
> without giving any reason.
> 
> If anyone took a look at the log and tell me they are seeing more I'd be
> helped a lot.
> 
> Here's the log:
> 

That log looks very weird. Some messages appear to be debug
level 10 messages, but if it was, there are lots of lines
missing. Are you sure you really got the correct, full log?

Volker


pgptyo7VegLKR.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Konica Printer: Scan to File (Samba SMB share) fails

2008-11-28 Thread Patrick Ben Koetter
I am trying to let a Konica-Minolta Copy-Scanner-Printer store scanned stuff
to a file.

It works at once, if I let it send the file to a SMB share provided by a W2K
workstation that is part of a (Samba) domain.

It doesn't work, if I want it to store the messages on a share provided by the
Samba server.

So far I have verified that the user the scanner runs under is allowed to
mount the share and write to it and this marks my wits end. I have log, but I
can't interpret it really well.

As far as I can tell the client connects, authenticates and then disconnects
without giving any reason.

If anyone took a look at the log and tell me they are seeing more I'd be
helped a lot.

Here's the log:


TIA,

[EMAIL PROTECTED]

-- 
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick KoetterTel: 089 45227227
Echinger Strasse 3 Fax: 089 45227226
85386 Eching   Web: http://www.state-of-mind.de

Amtsgericht MünchenPartnerschaftsregister PR 563
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to create users accounts with already encrypted passwords ?

2008-11-28 Thread Aaron Maley
I'm maybe completely misunderstanding the question here, but would it 
not be fairly trivial to create a valid smbpasswd file using the info 
you have and then use the -i and -e switches from pdbedit(check the 
manpage) to export that info into the tdbsam files?


Clemence wrote:

I also have Unix Hash !! I have :
*- User login
- Unix Hash
- LanMan Hash
- NT Hash.*
in this text file. I need to create samba users from this file.

I could use a smbpasswd file and a script to inject the correct 
passwords hashs...
But how to inject Lanman et NT hash directly into Samba with a tdbsam 
backend ? Is it possible ?





Ryan Bair a écrit :

You can't create the UNIX hash from the NT hash as they are different
1 way transformations. As an alternative, you could have PAM
authenticate using winbind which would probably give the desired
effect.

On Thu, Nov 27, 2008 at 2:11 PM,  <[EMAIL PROTECTED]> 
wrote:
 
I don't have the plain password for creating users in Samba only 
Lanman Hash and NT hash from the text file !


C.


   

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Clemence wrote:
 

Hi, i need to create users accounts into Samba with already encrypted
passwords from a file. I use tdbsam backend and Samba 3.0.24 
(Debian Etch)


The file format is quite easy :
login1|Unix_passwd|Lanman Password Hash|NT Password Hash

First, i create the unix users with their already encrypted 
password :

useradd -p Unix_passwd login1.
Fine.

But can i do the same thing with smbpasswd or pdbedit ? I haven't 
found

anything about this.
How can i do ?

Look at the -s flag in man smbpasswd to accept STDIN as the input 
method

for the password change. If I recall correctly, you end up with
something like:

echo password\npassword\n | smbpasswd -s

Good?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 
(2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - 
C630

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLuJLmb+gadEcsb4RAsuXAKC9Mv0p5m5SnSQnH5rh2Qw76TiFMACgq910
I1eAaqcGzfEIwRK0KI/tjkA=
=1r8B
-END PGP SIGNATURE-
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba





  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] AIX 53TL8 Samba 3.2.4 Active Directory Win2k3 - "session setup failed: Call returned zero bytes (EOF)"

2008-11-28 Thread Mark Taylor

Hi Samba bods, 

Has anyone got time to look at this issue please, I am sure its something
simple in the configuration but for the life of me I cannot spot it .. 

Any / pointers greatly appreciated ..

Cheers
Mark

-- 
View this message in context: 
http://www.nabble.com/AIX-53TL8-Samba-3.2.4-Active-Directory-Win2k3---%22session-setup-failed%3A-Call-returned-zero-bytes-%28EOF%29%22-tp20708062p20734890.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] odd ip behavior

2008-11-28 Thread Collen Blijenberg

Hello, this might be a quick fix, but can't find it...

sinse some time, samba users ip nrs like :::192.168.2.99
but i'm used to normal ip4

we made some changes in smb.conf (dunno witch) and ever sinse we've got 
those :::


(smbstatus shows it, aswell the samba.log's)

how can i get my good old ipv4 back (witch smb.conf parameter)

Thx ... Collen

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Mac .DS_Stores

2008-11-28 Thread Mike Gallamore


On Nov 27, 2008, at 10:59 PM, Nozy wrote:


Hi Mike

why not get the system to remove the be for the backup start ?
We have 160TB of data, long long time to do a find on the space. In  
fact, we have some directories so large that a "ls" crashes (millions  
and millions of files generated by an image processing app). The  
backups are done on the system live, we are using Sun's SAMFS which  
schedules the backups as it thinks it needs to (essentially it  
decreases the time between backup if a lot of data has been changing,  
if not then it waits up to the pre-specified time you give it).


or veto them after you have clear them out I use a mixed net work  
here I

just have my centos box to remove the files or veto them the mac will
work with out them.

Might work, thanks.

Nozy


On Wed, 2008-11-26 at 10:12 +0100, Mike Gallamore wrote:

Yeah those seem pretty helpful. Part of the problem is how the
backup
system handles them. It keeps track of all the files that are on the
disk and keeps copies of them. We have a policy in the system to not
backup the .DS_Store files, but the other part of the system still
tries to recover the data, then complains because naturally it can't
find a backup copy of the file. Really sucks because some of our
users
have millions of files in thousands of directories, you can't really
follow the restore process because you get countless pages of
"warning
this file couldn't be restored" messages on your term.
On Nov 25, 2008, at 11:12 PM, Nozy wrote:




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


[Samba] smbclient fails to resolve name

2008-11-28 Thread Collen Blijenberg

Hi, we' ve got some probs regarding the smbclient..

it's odd, coz all seems te be working ok, except the smbclients.
we use samba 3.2.4, here is a debug level 10
nmblook up is working, also it's a pdc and seems to function normal ?!
i did add wins with the nsswitch, and can ping the host.

anny idea where to look for ?!?!

Cheers, Collen

[EMAIL PROTECTED] var]# echo "huh" | smbclient -M ODIN -d10
Initialising global parameters
params.c:pm_process() - Processing configuration file 
"/usr/local/samba/lib/smb.conf"

Processing section "[global]"
doing parameter workgroup = JORDANET
doing parameter server string =
doing parameter netbios name = GREEN
handle_netbios_name: set global_myname to: GREEN
doing parameter netbios aliases = STATLER ATHENA THORTON
doing parameter bind interfaces only = no
doing parameter interfaces = 192.168.2.4 127.0.0.1/8
doing parameter socket options = TCP_NODELAY
doing parameter name resolve order = wins bcast host
doing parameter security = user
doing parameter preferred master = yes
doing parameter domain master = yes
doing parameter domain logons = Yes
doing parameter local master = yes
doing parameter os level = 99
doing parameter map to guest = Never
doing parameter wins support = yes
doing parameter dns proxy = no
-
doing parameter include = /usr/local/samba/lib/smb_shares.conf
params.c:pm_process() - Processing configuration file 
"/usr/local/samba/lib/smb_shares.conf"

pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_PDC
--
added interface bond0 ip=192.168.2.4 bcast=192.168.3.255 
netmask=255.255.254.0

interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255 
netmask=255.0.0.0

Netbios name list:-
my_netbios_names[0]="GREEN"
my_netbios_names[1]="STATLER"
my_netbios_names[2]="ATHENA"
my_netbios_names[3]="THORTON"
Client started (version 3.2.4).
Opening cache file at /usr/local/samba/var/locks/gencache.tdb
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up ODIN#3 (sitename (null))
Cache entry with key = NBT/ODIN#03 couldn't be found
no entry for ODIN#03 found.
resolve_wins: Attempting wins lookup for name ODIN<0x3>
Cache entry with key = WINS_SRV_DEAD/127.0.0.1,0.0.0.0 couldn't be found
wins_srv_is_dead: 127.0.0.1 is alive
resolve_wins: using WINS server 127.0.0.1 and tag '*'
bind succeeded on port 0
Sending a packet of len 50 to (127.0.0.1) on port 137
read_udp_v4_socket: ip 127.0.0.1 port 35072 read: 56
parse_nmb: packet id = 18870
Received a packet of len 56 from (127.0.0.1) port 137
nmb packet from 127.0.0.1(137) header: id=18870 opcode=Query(0) response=Yes
   header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
   header: rcode=3 qdcount=0 ancount=1 nscount=0 arcount=0
   answers: nmb_name=ODIN<03> rr_type=10 rr_class=1 ttl=0
Negative name query response, rcode 0x03: The name requested does not exist.
name_resolve_bcast: Attempting broadcast lookup for name ODIN<0x3>
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 1
socket option SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
Could not test socket option TCP_KEEPCNT.
Could not test socket option TCP_KEEPIDLE.
Could not test socket option TCP_KEEPINTVL.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 111616
socket option SO_RCVBUF = 111616
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (192.168.3.255) on port 137
Sending a packet of len 50 to (192.168.3.255) on port 137
Sending a packet of len 50 to (192.168.3.255) on port 137
Sending a packet of len 50 to (127.255.255.255) on port 137
Sending a packet of len 50 to (127.255.255.255) on port 137
Sending a packet of len 50 to (127.255.255.255) on port 137
resolve_hosts: not appropriate for name type <0x3>
lang_tdb_init: /usr/local/samba/lib/en_US.UTF-8.msg: No such file or 
directory

Connection to ODIN failed. Error NT_STATUS_BAD_NETWORK_NAME
[EMAIL PROTECTED] var]#


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to create users accounts with already encrypted passwords ?

2008-11-28 Thread Clemence

I also have Unix Hash !! I have :
*- User login
- Unix Hash
- LanMan Hash
- NT Hash.*
in this text file. I need to create samba users from this file.

I could use a smbpasswd file and a script to inject the correct 
passwords hashs...
But how to inject Lanman et NT hash directly into Samba with a tdbsam 
backend ? Is it possible ?





Ryan Bair a écrit :

You can't create the UNIX hash from the NT hash as they are different
1 way transformations. As an alternative, you could have PAM
authenticate using winbind which would probably give the desired
effect.

On Thu, Nov 27, 2008 at 2:11 PM,  <[EMAIL PROTECTED]> wrote:
  

I don't have the plain password for creating users in Samba only Lanman Hash 
and NT hash from the text file !

C.




-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Clemence wrote:
  

Hi, i need to create users accounts into Samba with already encrypted
passwords from a file. I use tdbsam backend and Samba 3.0.24 (Debian Etch)

The file format is quite easy :
login1|Unix_passwd|Lanman Password Hash|NT Password Hash

First, i create the unix users with their already encrypted password :
useradd -p Unix_passwd login1.
Fine.

But can i do the same thing with smbpasswd or pdbedit ? I haven't found
anything about this.
How can i do ?


Look at the -s flag in man smbpasswd to accept STDIN as the input method
for the password change. If I recall correctly, you end up with
something like:

echo password\npassword\n | smbpasswd -s

Good?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJLuJLmb+gadEcsb4RAsuXAKC9Mv0p5m5SnSQnH5rh2Qw76TiFMACgq910
I1eAaqcGzfEIwRK0KI/tjkA=
=1r8B
-END PGP SIGNATURE-
  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba





  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba