RE: [Samba] Hostname or alias question
Hi Steve, Yes, while testing netbios, I commented this line out of smb.conf. - Avron -Original Message- From: Steve Rippl [mailto:rip...@woodlandschools.org] Sent: Friday, April 03, 2009 10:16 AM To: Avron Gray Cc: samba@lists.samba.org Subject: Re: [Samba] Hostname or alias question > > disable netbios = yes I'm no expert on this, but just checking on the obvious... did you take this out of your smb.conf when you tried the netbios alias? -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Hostname or alias question
Hi Steve, Thanks for responding. While I have tried changes to the netbios flags before, I have run the following combinations again - just in case I'd missed something before: 1. netbios aliases = webservice \ netbios name= snswiki 2. netbios aliases = webservice \ netbios name= webservice 3. netbios aliases = webservice Each combination results in a "trust relationship between the workstation and the primary domain have failed" error. Only connecting with the host's actual name results in an authenticated connection. I suspect that this may be possible by mucking about with ActiveDirectory... - Avron -Original Message- From: Steve Rippl [mailto:rip...@woodlandschools.org] Sent: Friday, April 03, 2009 9:49 AM To: Avron Gray Cc: samba@lists.samba.org Subject: Re: [Samba] Hostname or alias question There's a global 'netbios aliases' parameter in smb.conf. Take a look at man smb.conf, might be what you need... Avron Gray wrote: > Rephrasing my original question... > > > I have a Red Hat host: > Hostname - snswiki.domain.com > I have samba 3.3.3 installed using ADS for authentication > > How can I make this host be available to Windows users as a different > hostname? > > Actual hostname \\snswiki\docs > AND Also Known As > Alias hostname\\webservice\cocs > > > Any suggestions that you can provide, would be great. This is similar to > a question that I asked in January, but still do not have a solution. > Prior to upgrade, a DNS alias provided this functionality. The security > model does not seem to support it, but that does not change it's > requirement. > > Just looking for ideas, folks... > > > > Here's my smb.conf: > > [global] > realm= DOMAIN.COM > security = ADS > workgroup= DOMAIN > encrypt passwords= yes > server string= %h Samba %v > smb ports= 445 > disable netbios = yes > name resolve order = host > idmap uid= 1-2 > idmap gid= 1-2 > log file = /var/log/samba/samba_log.%m > log level= 2 > include = /usr/local/samba/lib/smb.conf.%h > > > - Avron > -- Steve Rippl Technology Director Woodland School District 360 225 9451 x326 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Hostname or alias question
Rephrasing my original question... I have a Red Hat host: Hostname - snswiki.domain.com I have samba 3.3.3 installed using ADS for authentication How can I make this host be available to Windows users as a different hostname? Actual hostname \\snswiki\docs AND Also Known As Alias hostname\\webservice\cocs Any suggestions that you can provide, would be great. This is similar to a question that I asked in January, but still do not have a solution. Prior to upgrade, a DNS alias provided this functionality. The security model does not seem to support it, but that does not change it's requirement. Just looking for ideas, folks... Here's my smb.conf: [global] realm= DOMAIN.COM security = ADS workgroup= DOMAIN encrypt passwords= yes server string= %h Samba %v smb ports= 445 disable netbios = yes name resolve order = host idmap uid= 1-2 idmap gid= 1-2 log file = /var/log/samba/samba_log.%m log level= 2 include = /usr/local/samba/lib/smb.conf.%h - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Hostname or alias question
Sorry - the line indicating the hostname was inadvertantly deleted: Hostname - snswiki.domain.com - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Avron Gray Sent: Thursday, April 02, 2009 4:56 PM To: samba@lists.samba.org Subject: [Samba] Hostname or alias question Hi folks, I was forced to upgrade samba from 3.0.25b to 3.3.3 on a Red Hat Enterprise Linux ES release 4 host. This host was previously using "security = domain" In the course of testing, the original AD object for this host was deleted. This server runs an apache instance called "webservice" (webservice.domain.com) The samba share was previously mounted on Windows as \\webservice\smbshare The host is currently using "security = ADS" Attempts to connect with the old alias result in: \\webservice is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The trust relationship between this workstation and the primary domain failed. Attempting a direct connection to the full path of the share: \\webservice\smbshare The trust relationship between this workstation and the primary domain failed And yet I can still mount it as \\snswiki and \\snswiki\smbshare Any tips on where this can be resolved? If it's as simple as smb.conf, great. Adding a "netbios name = webservice" did not resolve anything. Here's my smb.conf: [global] realm= DOMAIN.COM security = ADS workgroup= DOMAIN encrypt passwords= yes server string= %h Samba %v smb ports= 445 disable netbios = yes name resolve order = host idmap uid= 1-2 idmap gid= 1-2 log file = /var/log/samba/samba_log.%m log level= 2 include = /usr/local/samba/lib/smb.conf.%h - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Hostname or alias question
Hi folks, I was forced to upgrade samba from 3.0.25b to 3.3.3 on a Red Hat Enterprise Linux ES release 4 host. This host was previously using "security = domain" In the course of testing, the original AD object for this host was deleted. This server runs an apache instance called "webservice" (webservice.domain.com) The samba share was previously mounted on Windows as \\webservice\smbshare The host is currently using "security = ADS" Attempts to connect with the old alias result in: \\webservice is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The trust relationship between this workstation and the primary domain failed. Attempting a direct connection to the full path of the share: \\webservice\smbshare The trust relationship between this workstation and the primary domain failed And yet I can still mount it as \\snswiki and \\snswiki\smbshare Any tips on where this can be resolved? If it's as simple as smb.conf, great. Adding a "netbios name = webservice" did not resolve anything. Here's my smb.conf: [global] realm= DOMAIN.COM security = ADS workgroup= DOMAIN encrypt passwords= yes server string= %h Samba %v smb ports= 445 disable netbios = yes name resolve order = host idmap uid= 1-2 idmap gid= 1-2 log file = /var/log/samba/samba_log.%m log level= 2 include = /usr/local/samba/lib/smb.conf.%h - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [ADS]Trust relationship 'expires'
Anyone?
Hi folks,
I have an issue that has me shaking my head.
Once a workstation has made the initial connection to a host, things
seem to work well for a day or so. However, if the resource hasn't been
accessed in a while, and then a connection is retried, this following
message is returned:
"\\hostname is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.
The trust relationship between this workstation and the primary domain
failed."
I'm not sure exactly where I should begin looking - any help would be
welcome!
Thanks!
The particulars of my install follow:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
samba 3.0.33 on Solaris 8, 9 and 10
Using 'ads' for authentication to Active Directory on a pool of Windows
2003 domain controllers
Samba is used strictly for file access from Windows workstations to UNIX
file systems No other magic required
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Kerberos5 1.5.4 was compiled without options using gcc 3.4.6 ./configure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
samba 3.0.33 was compiled with the following options using gcc 3.4.6
./configure --with-ldap --with-ads=yes --with-pam
--enable-socket-wrapper --with-krb5=/usr/local/include/krb5.h
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
smb.conf:
[global]
security = ads
realm = .COM
workgroup =
encrypt passwords = yes
server string = %h Samba %v
smb ports = 445
disable netbios = yes
name resolve order = hosts
# In practice, avoid using log levels greater than 3 unless you are
working on the Samba source code # or temporarily debugging a specific
problem. Ensure that this directory exists before starting samba
log file = /var/log/samba/samba_log.%m
log level = 2
# This include statement will grab the share configuration information
from an external file
include = /usr/local/samba/lib/smb.conf.%h
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
smb.conf.hostname
[Test 1]
read only= no
browseable = yes
public = no
force directory mode = 0770
create mask = 0770
path = /opt/samba/test1
comment = %h Samba %v test1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
krb5.conf
[libdefaults]
ticket_lifetime = 2400
default_realm = MYDOMAIN.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
dns_lookup_realm = true
dns_lookup_kds = true
[realms]
MYDOMAIN.COM = {
kds = dc01.mydomain.com
admin_server = dc01.mydomain.com
default_domain = MYDOMAIN.COM
}
[domain_realms]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[reamls]
MYDOMAIN.COM = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] [ADS]Trust relationship 'expires'
Hi folks,
I have an issue that has me shaking my head.
Once a workstation has made the initial connection to a host, things
seem to work well for a day or so. However, if the resource hasn't been
accessed in a while, and then a connection is retried, this following
message is returned:
"\\hostname is not accessible. You might not have permission to use this
network resource. Contact the administrator of this server to find out
if you have access permissions.
The trust relationship between this workstation and the primary domain
failed."
I'm not sure exactly where I should begin looking - any help would be
welcome!
Thanks!
The particulars of my install follow:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
samba 3.0.33 on Solaris 8, 9 and 10
Using 'ads' for authentication to Active Directory on a pool of Windows
2003 domain controllers
Samba is used strictly for file access from Windows workstations to UNIX
file systems
No other magic required
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
Kerberos5 1.5.4 was compiled without options using gcc 3.4.6
./configure
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
samba 3.0.33 was compiled with the following options using gcc 3.4.6
./configure --with-ldap --with-ads=yes --with-pam
--enable-socket-wrapper --with-krb5=/usr/local/include/krb5.h
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
smb.conf:
[global]
security = ads
realm = .COM
workgroup =
encrypt passwords = yes
server string = %h Samba %v
smb ports = 445
disable netbios = yes
name resolve order = hosts
# In practice, avoid using log levels greater than 3 unless you are
working on the Samba source code
# or temporarily debugging a specific problem. Ensure that this
directory exists before starting samba
log file = /var/log/samba/samba_log.%m
log level = 2
# This include statement will grab the share configuration information
from an external file
include = /usr/local/samba/lib/smb.conf.%h
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
smb.conf.hostname
[Test 1]
read only= no
browseable = yes
public = no
force directory mode = 0770
create mask = 0770
path = /opt/samba/test1
comment = %h Samba %v test1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
krb5.conf
[libdefaults]
ticket_lifetime = 2400
default_realm = MYDOMAIN.COM
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
aes256-cts arcfour-hmac-md5
dns_lookup_realm = true
dns_lookup_kds = true
[realms]
MYDOMAIN.COM = {
kds = dc01.mydomain.com
admin_server = dc01.mydomain.com
default_domain = MYDOMAIN.COM
}
[domain_realms]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
kdc.conf
[kdcdefaults]
kdc_ports = 88,750
[reamls]
MYDOMAIN.COM = {
profile = /etc/krb5/krb5.conf
database_name = /var/krb5/principal
admin_keytab = /etc/krb5/kadm5.keytab
acl_file = /etc/krb5/kadm5.acl
kadmind_port = 749
max_life = 8h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = +preauth
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Resilience inquiry: What happens to samba clients if a domain controller fails?
Hello folks,
I have been asked about the resilience of samba clients when faced with
a domain controller failure. My client's environment has multiple
Windows Domain Controllers (we'll call them dc1 - dc9).
Assuming that domain replication operates as expected (and does, from
Windows workstation point of view), what should I expect if (when) the
domain controller that initiated a kerberos ticket or provided active
directory authentication fails? I have not been able to test this
properly, as my dev domain is too disimilar to my production domain...
Support Information:
- My UNIX environment is running kerberos 5.
- Kerberos5 configuration information:
kdc.conf has my domain listed in realms
krb5.conf has my domain listed in realms like this:
[realms]
DOMAINNAME.CA = {
kdc = dc1.domainname.ca
admin_server = dc1.domainname.ca
default_domain = DOMAINNAME.CA
}
- Samba 3.0.33 configuration information:
[global]
security = ads
realm = DOMAINNAME.CA
workgroup = DOMAINNAME
encrypt passwords = yes
server string = %h Samba %v
smb ports = 445
disable netbios= yes
name resolve order = hosts
- Hosts were joined to the domain using:
net ADS join -U administrator
administrator's password:
Using short domain name -- DOMAINNAME
Joined 'HOST' to realm 'DOMAINNAME.CA'
host|/#
- DNS information
r...@oradbp1# nslookup domainname.ca
Server: dc2.domainname.ca
Address: 1.1.1.2
Name:domainname.ca
Addresses: 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4
10.10.10.10, 10.10.10.11, 10.10.10.12, 100.100.100.100,
100.100.100.101
** IP addresses changed for ambiguity
- Avron
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] mv errors.
I'd be interested to see how you are declaring the share points in smb.conf. One possible explaination is that each group is being given differing permission types for the same volume. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Athunye Sent: Thursday, January 29, 2009 3:58 PM To: samba@lists.samba.org Subject: Re: [Samba] mv errors. Sure. That is very odd. And that is driving me crazy because I have this problem in an business environment. The employees are willing to kill me already. :D -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21737939.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Host with multiple names
... I lied... It is not connecting via IP address... -Original Message- From: Avron Gray Sent: Wednesday, January 14, 2009 12:47 PM To: Avron Gray; samba@lists.samba.org Subject: RE: [Samba] Host with multiple names I should add the following: The host has been joined to ADS with the actual hostname The host is sharing fine via this hostname/IP Attempting to connect via the host's alias / alternate IP address results in the following error message: "The trust relationship between this workstation and the primary domain failed." Cheers, - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Avron Gray Sent: Wednesday, January 14, 2009 12:38 PM To: samba@lists.samba.org Subject: [Samba] Host with multiple names Hi folks, I'm running samba 3.0.33 on Solaris 9 hosts. I have a host that has two hostnames (actual + alias). I would like to be able to connect to this host via either hostname and be able to access this samba data. Note: I would prefer not to run multiple samba instances... Has anyone else experienced this sort of issue, and have you been able to resolve it? - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Host with multiple names
I should add the following: The host has been joined to ADS with the actual hostname The host is sharing fine via this hostname/IP Attempting to connect via the host's alias / alternate IP address results in the following error message: "The trust relationship between this workstation and the primary domain failed." Cheers, - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Avron Gray Sent: Wednesday, January 14, 2009 12:38 PM To: samba@lists.samba.org Subject: [Samba] Host with multiple names Hi folks, I'm running samba 3.0.33 on Solaris 9 hosts. I have a host that has two hostnames (actual + alias). I would like to be able to connect to this host via either hostname and be able to access this samba data. Note: I would prefer not to run multiple samba instances... Has anyone else experienced this sort of issue, and have you been able to resolve it? - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Host with multiple names
Hi folks, I'm running samba 3.0.33 on Solaris 9 hosts. I have a host that has two hostnames (actual + alias). I would like to be able to connect to this host via either hostname and be able to access this samba data. Note: I would prefer not to run multiple samba instances... Has anyone else experienced this sort of issue, and have you been able to resolve it? - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + Windows 2003 AD
I have two domains. One is production and one is development. - - - - - - Development domain: bash-2.05# cat /etc/resolv.conf domain dev.ca search dev.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C - - - - - - Production domain: bash-2.05# cat /etc/resolv.conf doamin prod.ca search prod.ca nameserver xxx.xxx.xxx.xx nameserver xxx.xxx.xxx.yy bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - I have one host that sees BOTH domains: # cat /etc/resolv.conf doamin dev.ca search dev.ca prod.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy nameserver xxx.xxx.xxx.xx bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - Can you ping XXX.UNDERVISNING.LOCAL by IP address? Can you nslookup XXX.UNDERVISNING.LOCAL? - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:48 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD When I run mail:~# ping -I eth3 bgdc.birke-gym.dk PING bgdc.birke-gym.dk (10.3.17.1) from 10.3.16.1 eth3: 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.142 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.230 ms but if I just type: mail:~# ping -I eth3 birke-gym.dk ping: unknown host birke-gym.dk and no, I cant ping anything with XXX.UNDERVISNING.LOCAL How do I set this up in my resolv.conf ? If it's possible can you then post your resolv.conf ? Solaris an Debian is much alike :P Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:36:51 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Is the name of the existing Windows Domain "UNDERVISNING.LOCAL"? On my host: tstsmb08|/#ping -I 1 domain.ca PING domain.ca: 56 data bytes 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms ^C Now, if you run: ping -I 1 birke-gym.dk the domain controller should respond Can you ping any hosts on the undervisning.local domain? ie: ping -I 1 hostname1.undervisning.local ping -I 1 hostname2.undervisning.local - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:24 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 10:22:05 -0700 > From: ag...@aeso.ca > To: hendig...@hotmail.com; samba@lists.samba.org > > Are you trying to join an existing Windows domain? Or create a new domain? > > - Avron > > -Original Message- > From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark > Sent: Thursday, January 08, 2009 10:16 AM > To: Samba list > Subject: RE: [Samba] Samba + Windows 2003 AD > > > > How can I ping > UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine > > > > My resolv.conf > --- > search birke-gym.dk > nameserver 127.0.0.1 > > > My nsswitch.conf > --- > passwd: files winbind compat > group: files winbind compat > shadow: files winbind compat > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > networks: files > > protocols: files winbind db files > services: files winbind db files > > ethers: db files > rpc: db files > > netgroup: files winbind nis > automount: files winbind > > is I'm missing something ? > > > > Med Venlig Hilsen / Best regards > > Henrik Dige Semark > > > > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 09:54:22 -0700 > From: ag...@aeso.ca > To: hendig...@hotmail.com > > > > > > > > > > > Can you : >
RE: [Samba] Samba + Windows 2003 AD
Is the name of the existing Windows Domain "UNDERVISNING.LOCAL"? On my host: tstsmb08|/#ping -I 1 domain.ca PING domain.ca: 56 data bytes 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms ^C Now, if you run: ping -I 1 birke-gym.dk the domain controller should respond Can you ping any hosts on the undervisning.local domain? ie: ping -I 1 hostname1.undervisning.local ping -I 1 hostname2.undervisning.local - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:24 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 10:22:05 -0700 > From: ag...@aeso.ca > To: hendig...@hotmail.com; samba@lists.samba.org > > Are you trying to join an existing Windows domain? Or create a new domain? > > - Avron > > -Original Message- > From: samba-bounces+agray=aeso...@lists.samba.org > [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige > Semark > Sent: Thursday, January 08, 2009 10:16 AM > To: Samba list > Subject: RE: [Samba] Samba + Windows 2003 AD > > > > How can I ping > UNDERVISNING.LOCAL when its just the domain ? the windows server that runs > the domain is bgdc.birke-gym.dk and I can ping that just fine > > > > My resolv.conf > --- > search birke-gym.dk > nameserver 127.0.0.1 > > > My nsswitch.conf > --- > passwd: files winbind compat > group: files winbind compat > shadow: files winbind compat > > hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 > networks: files > > protocols: files winbind db files > services: files winbind db files > > ethers: db files > rpc: db files > > netgroup: files winbind nis > automount: files winbind > > is I'm missing something ? > > > > Med Venlig Hilsen / Best regards > > Henrik Dige Semark > > > > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 09:54:22 -0700 > From: ag...@aeso.ca > To: hendig...@hotmail.com > > > > > > > > > > > Can you : > ping -I 1 UNDERVISNING.LOCAL > > No? Check resolv.conf or nsswitch.conf > > (I have a SUN Solaris background - not much > Debian) > > For more help, please include samba@lists.samba.org in to: or > cc: > > Good luck (held og lykke)! > (Sorry, I don't speak Danish... ) > > - Avron > > > > From: Henrik Dige Semark [mailto:hendig...@hotmail.com] > > Sent: Thursday, January 08, 2009 9:48 AM > To: Avron > Gray > Subject: RE: [Samba] Samba + Windows 2003 AD > > > > > > > Hey thanx for the quick answer > :) > > When I try the net ads testjoin its not very informative :P > > # > net ads testjoin ma...@undervisning.local's password: > [2009/01/08 > 17:39:52, 0] utils/net_ads.c:ads_startup(289) > ads_connect: Operations > error > Join to domain is not valid > > > > > > I have also tried wbinfo --all-domains > but it can't see the domain I try to connect to, will this say that my > smb.conf > I rung in some point ? > > > > I have an older SMB witch is running a > Domain it self, and it can see the domain when I run this command > > > Med Venlig Hilsen / Best regards > Henrik Dige Semark > > > > > > Subject: RE: [Samba] Samba + Windows 2003 AD > > Date: Thu, 8 Jan 2009 > 09:25:47 -0700 > > From: ag...@aeso.ca > > To: hendig...@hotmail.com; > samba@lists.samba.org > > > > Have you run: > > net ads > testjoin > > > > Does it say "Join is OK"? > > > > > > > This might not be related... > > > > I had to compile samba 3.0.33 to > get around a Windows Domain restriction > > issue: > > > https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that > > > if the \NETLOGON pipe is opened up on the Windows AD server, the join > > > works fine. As soon as it is restricted via domain policies, it > > > restricts anonymous access to the ports. As soon as this happens, we are > > > unable to complete a net join ads successfully. > > > > - Avron > > > > > -Original Message- > > From: > samba-bounces+agray=aeso...@lists.samba.org > > > [m
RE: [Samba] Samba + Windows 2003 AD
Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc:db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 09:25:47 -0700 > From: ag...@aeso.ca > To: hendig...@hotmail.com; samba@lists.samba.org > > Have you run: > net ads testjoin > > Does it say "Join is OK"? > > > This might not be related... > > I had to compile samba 3.0.33 to get around a Windows Domain restriction > issue: > https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that > if the \NETLOGON pipe is opened up on the Windows AD server, the join > works fine. As soon as it is restricted via domain policies, it > restricts anonymous access to the ports. As soon as this happens, we are > unable to complete a net join ads successfully. > > - Avron > > -Original Message- > From: samba-bounces+agray=aeso...@lists.samba.org > [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik > Dige Semark > Sent: Thursday, January 08, 2009 9:13 AM > To: Samba list > Subject: [Samba] Samba + Windows 2003 AD > > > Hey, I don't know if this is the right list to ask this question in, but > I have tried on the IRC (irc.freenode.net #samba) and people on there > advised me to try here instead. > > > I have: > Debian 4.0r4 > Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 > krb5 Version 1.4.4-7etch6 > Kernel Version 2.6.18-6-amd64 > > A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 > > > -- > > When I try to connect my samba to the DC I get this output: > > # net ads join -U Administrator --debuglevel=10 > [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) > lp_load: refreshing parameters > [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) > Initialising global parameters > [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2009/01/08 17:10:15, 3] param/loadpa
RE: [Samba] Samba + Windows 2003 AD
Have you run: net ads testjoin Does it say "Join is OK"? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) Processing section "[global]" doing parameter server string = Debian 4.0 - Samba %v - BDC doing parameter netbios name = mail [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) handle_netbios_name: set global_myname to: MAIL doing parameter workgroup = UNDERVISNING doing parameter display charset = ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX doing parameter unix charset = UTF-8 doing parameter dos charset = ASCII doing parameter Inherit permissions = yes doing parameter Inherit owner = yes doing parameter security = ADS doing parameter idmap uid = 500-1000 doing parameter idmap gid = 500-1000 doing parameter template shell = /bin/bash doing parameter winbind use default domain = yes doing parameter winbind separator = % doing parameter winbind enum users = yes doing parameter winbind enum group
[Samba] [Solaris 9][ads] net ads testjoin error
Hello folks, I have been able to successfully compile (MIT) kerberos (1.5.4) and samba (3.0.28a) on a Solaris 9 (Kernel version: SunOS 5.9 Generic 122300-31 Aug 2008) host. I was able to successfully join this host to a DEVDOMAIN This is the smb.conf file that I used: [global] # If there are no settings here, Samba uses the default values for all global settings security = ads realm = DEVDOMAIN.CA workgroup = DEVDOMAIN encrypt passwords = yes server string = %h Samba %v smb ports = 445 disable netbios = yes name resolve order = hosts log file = /var/log/samba/samba_log.%m log level = 2 # This include statement will grab the share configuration information from an external file include = /usr/local/samba/lib/smb.conf.%h Tested, and everything worked as expected. Shares listed in /usr/local/samba/lib/smb.conf.hostname were available, and all was good. Next step, was to join the host to the production domain... I changed all mention of DEVDOMAIN to DOMAIN in smb.conf. However, when I run "net ads testjoin", I'm getting the following error... bash-2.05# net ads testjoin [2009/01/07 09:27:34, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password tstsmb...@domain.ca failed: Cannot resolve network address for KDC in requested realm [2009/01/07 09:27:34, 0] libads/kerberos.c:ads_kinit_password(228) kerberos_kinit_password tstsmb...@domain.ca failed: Cannot resolve network address for KDC in requested realm Join to domain is not valid: Undetermined error Is this related to the host having belonged to a different domain to begin with? Or am I missing something bigger? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Solaris 8+9][ads] Is there a package built?
Hi folks, Has anyone created a samba package for Solaris 8 and/or Solaris 9 with ads support built-in? I'm currently using 3.0.28 on Solaris 10, and it works exactly the way that I need (using the default package that ships from SUN with the OS). The default samba that ships with Solaris 9 is in the 2.2.12 (too old), and I havent checked which version might have shipped with Solaris 8... I'm hoping to find a nice little package compiled for installation on Solaris 8 and one compiled for installation on Solaris 9. Ideally this will be version 3.0.28 (to be consistant), but I'll be happy with anything more recent. If you've built your own package and are willing to share the gory details, please let me know what you did and why! The reason that I'm so intent on a package, is that I need to be able to deploy this to older hosts "on a whim", without the luxury of a complete compile from scratch on each occasion. I thank you all for your comments and suggestions, - Avron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems upgrading SAMBA
I have a series of hosts (Solaris 8,9 & 10) that are successfully providing samba shares. They are all using Samba 3.0.2a, and authentication is via a Windows 2000 password server. Everything breaks when the password server is patched beyond the first Windows Service pack. Here are the contents of smb.conf # Global parameters [global] workgroup = WINTEL security = DOMAIN password server = windowspdc.domain.com log level = 3 syslog = 4 log file = /var/log/samba.%m name resolve order = host bcast hostname lookups = Yes ldap ssl = start tls # use uids from 1 to 2 for domain users idmap uid = 1-2 # use gids from 1 to 2 for domain groups idmap gid = 1-2 # Get specific share information from external files: include = /usr/local/etc/smb.conf.%h We need to be able to continue to provide samba shares (for oracle logs, etc.), even after the domain controllers are patched. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
