Re: [Samba] rename samba4 domain
On Mon, 2012-11-19 at 16:13 -0500, Caleb O'Connell wrote: > Is it at all possible to rename an existing domain in samba4? I wanted to go > from iapp.local to iapp.lan. It isn't supported. It is possible that it would work, if we found all the right places to rename, but at the moment we have no tool to do that. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi, I have deinstalled bind99 and re-made Samba4But still, Samba4 not working.The following are what I did.Looks like it is the dnsupdate problem. This time, it is the samba4's dnsupdate problem. Do I have to initialize kdc server? Those are copied from FreeBSD handbook for Kerberos 5. .Note that this /etc/krb5.conf file implies that your KDC will have the fully-qualified hostname of kerberos.example.org. You will need to add a CNAME (alias) entry to your zone file to accomplish this if your KDC has a different hostname.Note: For large networks with a properly configured BIND DNS server, the above example could be trimmed to:[libdefaults] default_realm = EXAMPLE.ORG With the following lines being appended to the example.org zonefile:_kerberos._udp IN SRV 01 00 88 kerberos.example.org. _kerberos._tcp IN SRV 01 00 88 kerberos.example.org. _kpasswd._udp IN SRV 01 00 464 kerberos.example.org. _kerberos-adm._tcp IN SRV 01 00 749 kerberos.example.org. _kerberos IN TXT EXAMPLE.ORG Note: For clients to be able to find the Kerberos services, you must have either a fully configured /etc/krb5.conf or a minimally configured /etc/krb5.conf and a properly configured DNS server.Next we will create the Kerberos database. This database contains the keys of all principals encrypted with a master password. You are not required to remember this password, it will be stored in a file (/var/heimdal/m-key). To create the master key, run kstash and enter a password.Once the master key has been created, you can initialize the database using the kadmin program with the -l option (standing for “local”). This option instructs kadmin to modify the database files directly rather than going through the kadmind network service. This handles the chicken-and-egg problem of trying to connect to the database before it is created. Once you have the kadmin prompt, use the init command to create your realms initial database.Lastly, while still in kadmin, create your first principal using the add command. Stick to the defaults options for the principal for now, you can always change them later with the modify command. Note that you can use the ? command at any prompt to see the available options.A sample database creation session is shown below:# kstash Master key: Verifying password - Master key: # kadmin -l kadmin> init EXAMPLE.ORG Realm max ticket life [unlimited]: kadmin> add tillman Max ticket life [unlimited]: Max renewable life [unlimited]: Attributes []: Password: Verifying password - Password: Now it is time to start up the KDC services. Run /etc/rc.d/kerberos start and /etc/rc.d/kadmind start to bring up the services. Note that you will not have any kerberized daemons running at this point but you should be able to confirm that the KDC is functioning by obtaining and listing a ticket for the principal (user) that you just created from the command-line of the KDC itself:% kinit tillman till...@example.org's Password: % klist Credentials cache: FILE:/tmp/krb5cc_500 Principal: till...@example.org Issued Expires Principal Aug 27 15:37:58 Aug 28 01:37:58 krbtgt/example@example.org The ticket can then be revoked when you have finished:% kdestroy ..I did not do anything about Kerberos5. I am assuming Samba4 taking care about it. root@f10:/etc # cd /usr/ports/dns/bind99root@f10:/usr/ports/dns/bind99 # make deinstall ===> Deinstalling for dns/bind99===> Deinstalling bind99-9.9.2The following packages will be deinstalled: bind99-9.9.2 The deinstallation will free 33 MBDeleting bind99-9.9.2... doneroot@f10:/usr/ports/dns/bind99 # make clean===> Cleaning for bind99-9.9.2root@f10:/etc # cd /usr/local/samba-masterroot@f10:/usr/local/samba-master # git pullAlready up-to-date.root@f10:/usr/local/samba-master # make cleanWAF_MAKE=1 python ./buildtools/bin/waf clean Selected embedded Heimdal build'clean' finished successfully (8.929s)root@f10:/usr/local/samba-master # make && make installWAF_MAKE=1 python ./buildtools/bin/waf buildWaf: Entering directory `/usr/local/samba-master/bin' Selected embedded Heimdal build[ 1/3814] Generating replace.vscript..[3814/3814] Parse::Pidl::Wireshark::NDR.3: pidl/lib/Parse/Pidl/Wireshark/NDR.pm -> bin/default/pidl/Parse::Pidl::Wireshark::NDR.3Waf: Leaving directory `/usr/local/samba-master/bin''build' finished successfully (1h5m44.673s)WAF_MAKE=1 python ./buildtools/bin/waf installWaf: Entering directory `/usr/local/samba-master/bin'* creating /usr/local/samba/etc* creating /usr/local/samba/private* creating /usr/local/samba/var* creating /usr/local/samba/private* creating /usr/local/samba/var/lib* creating /usr/local/samba/var/locks* creating /usr/local/samba/var/cache* creating /usr/local/samba/var/lock* creating /usr/local/samba/var/run* creating /usr/local/samba/var/run
[Samba] password expiration
Hello all, I have a test system with CentOS 6.2 running samba 3.5.10_125.el6 and OpenLDAP 2.4.23_20.el6. Password expiration is set as sambaMaxPwdAge: 5184000 and password aging works with a Windows 7 client. On a production system, I've got samba 3.5.10_115.el6_2 and openldap 2.4.23_20.el6 running on RHEL6.2. I have set sambaMaxPwdAge to 5184000 and it does not work consistently with clients. To illustrate, on the production system as an account's password expiration was approaching some Windows 7 and 2008 clients would report that it was due to expire soon and would I like to change it now. Since it was odd that only some would display the message, I let it go to see what would happen when the password expired. The time and date came and went, still able to log in. Until, that is, I added a new samba client (domain member server, added to the domain after the test account's password had expired) and got the password expired message when attempting to connect with smbclient. Older clients still allowed me to log in with an aged password. The test system displayed the message as soon as I made the change in LDAP and then tried to sign in to a client. If the password had expired, I was prompted to change it on log in. I didn't see anything in the release notes to indicate a difference in the two samba packages, but of course there could be one. If someone could point me in the right direction, I would appreciate it. Take care, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] rename samba4 domain
Is it at all possible to rename an existing domain in samba4? I wanted to go from iapp.local to iapp.lan. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 19:15, Rowland Penny wrote: On 19/11/12 18:46, pccom frank wrote: Hi,Rowland! Thank you for your help. Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.1681.1.100 root@f10:/etc # ifconfig re0: flags=8843 metric 0 mtu 1500 options=8209b ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active > Date: Mon, 19 Nov 2012 16:33:24 + > From: rpe...@f2s.com > To: samba@lists.samba.org > Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406 > > On 19/11/12 02:50, Pccom Frank wrote: > > Thank you Andrew! > > You are right. Let FreeBSD start its own Kerberos does not make sense since > > Samba4 has its own Kerberos. > > I can not get Samba4's Kerberos working. > > The following is the message I run Samba4. > > > > I am using the Samba4's internal DNS. > > I copied krb5.conf from /usr/local/samba/private to /etc after I run > > samba-tool domain provision. > > > > > > > > root@f10:/usr/local/samba/sbin # ./samba -i -M single > > samba version 4.1.0pre1-GIT-e6a100e started. > > Copyright Andrew Tridgell and the Samba Team 1992-2012 > > samba: using 'single' process model > > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 507, in > > /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials > > /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, > > ccachename) > > /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ > > F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) > > /usr/local/samba/sbin/samba_dnsupdate: > > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > > NT_STATUS_ACCESS_DENIED > > > > > > > > root@f10:/usr/local/samba/sbin # uname -a > > FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC > > 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC > > i386 > > > > > > root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf > > domain f10.pcccom.ca > > nameserver 192.168.1.1 > > > > root@f10:/usr/local/samba/sbin # nslookup samba.org > > Server: 192.168.1.1 > > Address: 192.168.1.1#53 > > > > Non-authoritative answer: > > Name: samba.org > > Address: 216.83.154.106 > > > > It looks the DNS server has no problem. > > > > Please help me out! > > > > On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: > > > >> On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > >>> Hi, Samab gurus! > >>> > >>> I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > >>> computer to the domain. > >>> > >>> What I did is: > >>> > >>> 1, git clone git://git.samba.org/samba.git samba-master > >>> > >>> 2, cd /usr/local/samba-master > >>> 3, ./configure --enable-debug --enable-selftest && make && make install > >>> 4, /usr/local/samba/sbin/samba-tool domain provision > >>> --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > >>> --server-role=dc > >>> 5, cp /usr/local/samba/private/krb.conf /etc > >> What suggested that you should do this? > >> > >>> 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > >>> 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > >> This step is not included in any official Samba HOWTO. > >> > >>> 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > >>> the dns server keep the same as before. > >>> 9, /usr/local/samba/bin/samba -i -M single > >>> > >>> I found > >>> > >>> "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > >> Our KDC cannot start
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 18:46, pccom frank wrote: Hi,Rowland! Thank you for your help. Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library /usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^C root@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.1681.1.100 root@f10:/etc # ifconfig re0: flags=8843 metric 0 mtu 1500 options=8209b ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29 media: Ethernet autoselect (100baseTX ) status: active > Date: Mon, 19 Nov 2012 16:33:24 + > From: rpe...@f2s.com > To: samba@lists.samba.org > Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406 > > On 19/11/12 02:50, Pccom Frank wrote: > > Thank you Andrew! > > You are right. Let FreeBSD start its own Kerberos does not make sense since > > Samba4 has its own Kerberos. > > I can not get Samba4's Kerberos working. > > The following is the message I run Samba4. > > > > I am using the Samba4's internal DNS. > > I copied krb5.conf from /usr/local/samba/private to /etc after I run > > samba-tool domain provision. > > > > > > > > root@f10:/usr/local/samba/sbin # ./samba -i -M single > > samba version 4.1.0pre1-GIT-e6a100e started. > > Copyright Andrew Tridgell and the Samba Team 1992-2012 > > samba: using 'single' process model > > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 507, in > > /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials > > /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, > > ccachename) > > /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ > > F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) > > /usr/local/samba/sbin/samba_dnsupdate: > > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > > NT_STATUS_ACCESS_DENIED > > > > > > > > root@f10:/usr/local/samba/sbin # uname -a > > FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC > > 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC > > i386 > > > > > > root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf > > domain f10.pcccom.ca > > nameserver 192.168.1.1 > > > > root@f10:/usr/local/samba/sbin # nslookup samba.org > > Server: 192.168.1.1 > > Address: 192.168.1.1#53 > > > > Non-authoritative answer: > > Name: samba.org > > Address: 216.83.154.106 > > > > It looks the DNS server has no problem. > > > > Please help me out! > > > > On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: > > > >> On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > >>> Hi, Samab gurus! > >>> > >>> I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > >>> computer to the domain. > >>> > >>> What I did is: > >>> > >>> 1, git clone git://git.samba.org/samba.git samba-master > >>> > >>> 2, cd /usr/local/samba-master > >>> 3, ./configure --enable-debug --enable-selftest && make && make install > >>> 4, /usr/local/samba/sbin/samba-tool domain provision > >>> --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > >>> --server-role=dc > >>> 5, cp /usr/local/samba/private/krb.conf /etc > >> What suggested that you should do this? > >> > >>> 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > >>> 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > >> This step is not included in any official Samba HOWTO. > >> > >>> 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > >>> the dns server keep the same as before. > >>> 9, /usr/local/samba/bin/samba -i -M single > >>> > >>> I found > >>> > >>> "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > >> Our KDC cannot start because you enabled a different KDC and it is >
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi,Rowland!Thank you for your help.Change the dns server to the samba server make things better. But still not working. root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -gor -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library/usr/local/samba/sbin/samba_dnsupdate: /usr/bin/nsupdate: cannot specify -g or -o, program not linked with GSS API Library../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 127.0.0.1 root@f10:/etc # /usr/local/samba/sbin/samba -i -M singlesamba version 4.1.0pre1-GIT-e6a100e started.Copyright Andrew Tridgell and the Samba Team 1992-2012samba: using 'single' process model../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT ^Croot@f10:/etc # cat /etc/resolv.conf domain f10.pcccom.canameserver 192.1681.1.100root@f10:/etc # ifconfigre0: flags=8843 metric 0 mtu 1500 options=8209b ether 90:e6:ba:88:db:31 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::92e6:baff:fe88:db31%re0 prefixlen 64 scopeid 0x1 nd6 options=29media: Ethernet autoselect (100baseTX )status: active > Date: Mon, 19 Nov 2012 16:33:24 + > From: rpe...@f2s.com > To: samba@lists.samba.org > Subject: Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not > working. Samba version 4.1.0 pre1-GIT cf15406 > > On 19/11/12 02:50, Pccom Frank wrote: > > Thank you Andrew! > > You are right. Let FreeBSD start its own Kerberos does not make sense since > > Samba4 has its own Kerberos. > > I can not get Samba4's Kerberos working. > > The following is the message I run Samba4. > > > > I am using the Samba4's internal DNS. > > I copied krb5.conf from /usr/local/samba/private to /etc after I run > > samba-tool domain provision. > > > > > > > > root@f10:/usr/local/samba/sbin # ./samba -i -M single > > samba version 4.1.0pre1-GIT-e6a100e started. > > Copyright Andrew Tridgell and the Samba Team 1992-2012 > > samba: using 'single' process model > > /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 507, in > > /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) > > /usr/local/samba/sbin/samba_dnsupdate: File > > "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials > > /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, > > ccachename) > > /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ > > F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) > > /usr/local/samba/sbin/samba_dnsupdate: > > ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - > > NT_STATUS_ACCESS_DENIED > > > > > > > > root@f10:/usr/local/samba/sbin # uname -a > > FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC > > 2012 > > r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC > > i386 > > > > > > root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf > > domain f10.pcccom.ca > > nameserver 192.168.1.1 > > > > root@f10:/usr/local/samba/sbin # nslookup samba.org > > Server: 192.168.1.1 > > Address: 192.168.1.1#53 > > > > Non-authoritative answer: > > Name: samba.org > > Address: 216.83.154.106 > > > > It looks the DNS server has no problem. > > > > Please help me out! > > > > On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: > > > >> On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > >>> Hi, Samab gurus! > >>> > >>> I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > >>> computer to the domain. > >>> > >>> What I did is: > >>> > >>> 1, git clone git://git.samba.org/samba.git samba-master > >>> > >>> 2, cd /usr/local/samba-master > >>> 3, ./configure --enable-debug --enable-selftest && make && make install > >>> 4, /usr/local/samba/sbin/samba-tool domain provision > >>> --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > >>> --server-role=dc > >>> 5, cp /usr/local/samba/private/krb.conf /etc > >> What suggested that you should do this? > >> > >>> 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > >>> 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > >> This step is not included in any official Samba HOWTO. > >> > >>> 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > >>> the dns server keep the same as before. > >>> 9, /usr/local/samba/bin/samba -i -M single > >>> > >>> I found > >>> > >>> "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > >> Our KDC cannot start because you enabled a different KDC and it is
[Samba] Windows program is verifying owner, group and file permissions
Dear all, there's UserA and UserB. Their primary group is users. Both are member of a group departmentD. We've a share drwsrws--- UserA departmentD data that is accessed by a rather unknown business solution software (developed with .NET framework). UserA can write with this business app to this share. UserB can't. When I modify the permissions to drwsrws--- UserB departmentD data it's vice versa. Both users can read/write this share from Windows Explorer or other programs. It's just this .NET application that prevents access. It seems like it's checking access rights in a rather strange way. Is this a known issue? Is there any solution? I set force group to +departmentD, but it didn't work. Is it possible to say UserA this folder (and all files within) are owned by UserA and UserB it's owned by UserB? Thank you in advance. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x Windows 8
From: Neil Date: Mon, 19 Nov 2012 16:36:10 +0200 > We've tried the usual Windows 7 registry edits(after reading a few > posts) to get the Windows 8 to join the domain without any success. (snip) > I saw a mention of setting... > > max protocol = smb2 > min protocol = smb2 > Does Samba 3 support Windows 8 Pro machines, or is this still an ongoing > issue? As I mentioned at: https://lists.samba.org/archive/samba/2012-September/169219.html In my environment, Windows 8 Pro can join to Samba3 domain. I tested against Samba 3.6.6/Samba 3.5.4. Though my Windows 8 Pro box can join with "max protocol = smb2", try: - max protocol = nt1 min protocol = nt1 - as mentioned at: https://lists.samba.org/archive/samba/2012-September/169213.html --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 19/11/12 02:50, Pccom Frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest && make && make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc What suggested that you should do this? 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf This step is not included in any official Samba HOWTO. 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" Our KDC cannot start because you enabled a different KDC and it is listening on port 88 already. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Hello, is the ipaddress of the samba 4 server 192.168.1.1 ? because earlier you had a problem connecting to the KDC on 192.168.1.248 If 192.168.1.1 is a different machine, then alter the nameserver line in /etc/resolv.conf to point to either your samba4 servers ipaddress or 127.0.0.1 Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
On 11/19/2012 11:03 AM, pccom frank wrote: Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED Have you executed kinit before start samba? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 binddlz performance
And my named.conf:
options {
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
allow-query { any; };
allow-transfer { any; };
listen-on-v6 { any; };
};
dlz "samba4.zone" {
database "dlopen /usr/lib/samba/bind9/dlz_bind9_9.so {
/*
* update-policy {
* grant TEST.LOCAL ms-self * A ;
* grant Administrator@TEST.LOCAL wildcard
* A SRV CNAME;
* grant s-srv01$@TEST.local wildcard * A
SRV CNAME;
* };
*/
/*
* the list of principals and what they can change is
created
* dynamically by Samba, based on the membership of the
domain controllers
* group. The provision just creates this file as an
empty file.
*/
include /var/lib/samba/private/named.conf.update;
/* we need to use check-names ignore so _msdcs A
records can be created */
check-names ignore;
};
";
};
syslog named startup:
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'32.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'0.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'2.168.192.in-addr.arpa'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: trying container
'CN=MicrosoftDNS,CN=System,DC=test,DC=local'
Nov 19 16:01:50 s-srv01 named[27310]: samba_dlz: configured writeable zone
'test.local'
Nov 19 16:01:50 s-srv01 named[27310]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 0.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 127.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 254.169.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
100.51.198.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
113.0.203.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: D.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 8.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: 9.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: A.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone: B.E.F.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on 127.0.0.1#953
Nov 19 16:01:50 s-srv01 named[27310]: command channel listening on ::1#953
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loading from
master file managed-keys.bind failed: file not found
Nov 19 16:01:50 s-srv01 named[27310]: managed-keys-zone ./IN: loaded serial 0
Nov 19 16:01:50 s-srv01 named[27310]: running
Original-Nachricht
> Datum: Mon, 19 Nov 2012 16:11:30 +0100
> Von: "Thomas Manninger"
> An: samba@lists.samba.org
> Betreff: [Samba] samba4 binddlz performance
> Hello,
>
> i am using samba4rc2.
>
> I have problems with the bind9 dlz module, i get very long response times
> from interal queries.
>
> root@s-srv01:~# dig s-srv04.test.local @192.168.0.4
>
> ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;s-srv04.test.local. IN A
>
> ;; ANSWER SECTION:
> s-srv04.test.local. 900 IN A 192.168.0.4
>
> ;; AUTHORITY SECTION:
> test.local. 900 IN NS s-srv01.test.local.
> test.local. 900 IN NS s-srv04.test.local.
>
> ;; ADDITIONAL SECTION:
> s-srv01.test.local. 900 IN A 192.168.0.1
>
> ;; Query time: 1239 msec
> ;; SERVER: 192.168.0.4#53(192.168.0.4)
> ;; WHEN: Mon Nov 19 16:07:59 2012
> ;; MSG SIZE rcvd: 108
>
> external qu
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: > On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > > Hi, Samab gurus! > > > > I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > > computer to the domain. > > > > What I did is: > > > > 1, git clone git://git.samba.org/samba.git samba-master > > > > 2, cd /usr/local/samba-master > > 3, ./configure --enable-debug --enable-selftest && make && make install > > 4, /usr/local/samba/sbin/samba-tool domain provision > > --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > > --server-role=dc > > 5, cp /usr/local/samba/private/krb.conf /etc > > What suggested that you should do this? > > > 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > > 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > > This step is not included in any official Samba HOWTO. > > > 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > > the dns server keep the same as before. > > 9, /usr/local/samba/bin/samba -i -M single > > > > I found > > > > "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > > Our KDC cannot start because you enabled a different KDC and it is > listening on port 88 already. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Teamhttp://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions:https://lists.samba.org/mailman/options/samba> instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 - WinXP - Domain not available
Hi Jose, The samba server is a 'time server' if that is what you mean. And the PC's time is the same. What modification did you make in WinXP to be able to login to the server? Dominique On 19/11/2012 16:29, José Neto wrote: I have the same setup here (ubuntu server 12.04 + samba 3.6.3 + win7 + xp) and works flawlessly. Did you try sync the xp machine with the server time? Sorry my english. 2012/11/19 Dominique mailto:dco...@hotmail.com>> Hi, I am sure it has been discussed extensively somewhere, but I cannot find a satisfactory solution so far. We have a samba3 PDC running with Win7 machines (with the right hacks) without problems. We have been asked to add an old WinXP machine to the network but without success so far. The setup is as follow: Server : Samba 3.6.3 on Ubuntu 12.04 LTS Clients: Win 7 Ultimate (working) & Win XP Pro with SP3 (not working) We joined the the WinXP machine to the domain without problems. The issue arise when trying to logon to the PDC with a network user. The XP machine keeps saying it cannot log because the domain is not available. After googling for a while, we made changes to the XP registry and changed policies but to no avail. Does anyone have the 'right' solution? Thanks, Dominique -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 binddlz performance
Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? bind version is 9.8.0. What can i doo?? Regards, Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba3 - WinXP - Domain not available
Hi, I am sure it has been discussed extensively somewhere, but I cannot find a satisfactory solution so far. We have a samba3 PDC running with Win7 machines (with the right hacks) without problems. We have been asked to add an old WinXP machine to the network but without success so far. The setup is as follow: Server : Samba 3.6.3 on Ubuntu 12.04 LTS Clients: Win 7 Ultimate (working) & Win XP Pro with SP3 (not working) We joined the the WinXP machine to the domain without problems. The issue arise when trying to logon to the PDC with a network user. The XP machine keeps saying it cannot log because the domain is not available. After googling for a while, we made changes to the XP registry and changed policies but to no avail. Does anyone have the 'right' solution? Thanks, Dominique -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.x Windows 8
Hi guys, I'm really sorry for posting this as I'm sure it's been discussed quite a lot, but after searching(on google) for a definite up to date answer I still can't seem to get confirmation. I'm running my PDC using samba-3.5.4-0.83.el5_7.2 under RHEL 5.7, with openldap-2.3.43-12.el5 with a non roaming profiles fileserver with domain logons. We have mixed clients, Windows XP,7, 2003, 2008 and now 1 Windows 8 Pro Laptop, a total of about 300 users. We've tried the usual Windows 7 registry edits(after reading a few posts) to get the Windows 8 to join the domain without any success. I've a topic which seems to indicate disabling smb2 on the client which has been done(according to the onsite IT guy) with no luck. I saw a mention of setting... max protocol = smb2 min protocol = smb2 in the smb.conf, but not sure if this actually solves the problem. The latest samba release via the RHEL5 repo's is 3.5.10-0.110.el5_8 so not sure if this will even have any affect without upgrading to the latest 3.6 release. I realise that Samba4 will have full Windows 8 support, however we are a long way off to upgrading to Samba 4 yet. Does Samba 3 support Windows 8 Pro machines, or is this still an ongoing issue? Thank you. Regards. Neil Wilson. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Thank you Andrew! You are right. Let FreeBSD start its own Kerberos does not make sense since Samba4 has its own Kerberos. I can not get Samba4's Kerberos working. The following is the message I run Samba4. I am using the Samba4's internal DNS. I copied krb5.conf from /usr/local/samba/private to /etc after I run samba-tool domain provision. root@f10:/usr/local/samba/sbin # ./samba -i -M single samba version 4.1.0pre1-GIT-e6a100e started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model /usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last): /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 507, in /usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp) /usr/local/samba/sbin/samba_dnsupdate: File "/usr/local/samba/sbin/samba_dnsupdate", line 121, in get_credentials /usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp, ccachename) /usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for F10$@ F10.PCCOM.CA failed (Cannot contact any KDC for requested realm) /usr/local/samba/sbin/samba_dnsupdate: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_ACCESS_DENIED root@f10:/usr/local/samba/sbin # uname -a FreeBSD f10 10.0-CURRENT FreeBSD 10.0-CURRENT #0: Sat Oct 6 04:49:30 UTC 2012 r...@build-i386-fbsd-2.allbsd.org:/usr/obj/i386.i386/usr/src/sys/GENERIC i386 root@f10:/usr/local/samba/sbin # cat /etc/resolv.conf domain f10.pcccom.ca nameserver 192.168.1.1 root@f10:/usr/local/samba/sbin # nslookup samba.org Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: samba.org Address: 216.83.154.106 It looks the DNS server has no problem. Please help me out! On Sun, Nov 18, 2012 at 6:38 PM, Andrew Bartlett wrote: > On Fri, 2012-11-16 at 16:42 -0500, Pccom Frank wrote: > > Hi, Samab gurus! > > > > I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP > > computer to the domain. > > > > What I did is: > > > > 1, git clone git://git.samba.org/samba.git samba-master > > > > 2, cd /usr/local/samba-master > > 3, ./configure --enable-debug --enable-selftest && make && make install > > 4, /usr/local/samba/sbin/samba-tool domain provision > > --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' > > --server-role=dc > > 5, cp /usr/local/samba/private/krb.conf /etc > > What suggested that you should do this? > > > 6, echo 'kerberos5_server_enable="YES"' >> /etc/rc.conf > > 7, echo 'kadmind5_server_enable="YES"' >> /etc/rc.conf > > This step is not included in any official Samba HOWTO. > > > 8, echo 'domain xyz.pccom.ca' >> /etc/resolv.conf > > the dns server keep the same as before. > > 9, /usr/local/samba/bin/samba -i -M single > > > > I found > > > > "Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED" > > Our KDC cannot start because you enabled a different KDC and it is > listening on port 88 already. > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
