Re: [Samba] Machine account reject - additional troubleshooting
On Sun, 2010-09-12 at 20:11 +0100, Miguel Medalha wrote: > > > (My last suspision is, that win7 is doing the machine authentication > > in a different [encryption)] way as the XP machine are doing > > that as XP machines do not have that problem) > > On each Windows 7 computer, we had to change two settings in "Local > Security Policy -> Local Policies -> Security Options". Those settings > were: > > "Network Security: Do not store LAN Manager hash value on next > password" change from "Enabled" to "Disabled" > "Network Security: LAN Manager authentication level" change from "Not > Defined" to "Send LM & NTLM responses" Hi Miguel, Thanks for the reply. I tried these changing these two settings and it has not made a difference for us. One interesting observation I have made is that the logs are only being flooded from a portion of our Windows 7 machines. This has me really puzzled -- I have built them all following the same steps and using the same software. Go figure. -Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Samba PDC Server Local SID, Domain SID, and GROUP RID Question
On Mon, Dec 13, 2004 at 09:32:27AM -0600, bryanw wrote: > My samba PDC is using the tdbsam backend and, for the most part > is working flawlessly. However, when using smbpasswd to add samba accounts, > I always get the following error: > > tdb_update_sam: Failing to store a SAM_ACCOUNT for [userid] without a primary > group RID > > Now, I've googled a lot on this and have read through the mailing list > archives and know that this often has to do with people not having > group mapping setup. But I do: > > jerry:~# net groupmap list | grep users > Users (S-1-5-32-545) -> users > Domain Users (S-1-5-21-1590455367-7305976-751859383-513) -> users > As it turns out, I had group mapping set up, but "too" thoroughly. Found this in the archives: -- snip -- The problem can be also caused if you already have 'Domain Users -> users' and add 'Users -> users' since Samba mapps gid -> SID by finding the first SID -> gid mapping with the right gid and will fail if 'Users -> users' is the first map it encounters. -- end snip -- Thanks, Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC Server Local SID, Domain SID, and GROUP RID Question
Hi, I have a question regarding an issue I am having with our new Samba PDC. We used to be running an NT domain controller and about two months ago, I made the transition to a Debian linux box running Samba. The PDC is currently running Samba 3.0.8. My samba PDC is using the tdbsam backend and, for the most part is working flawlessly. However, when using smbpasswd to add samba accounts, I always get the following error: tdb_update_sam: Failing to store a SAM_ACCOUNT for [userid] without a primary group RID I have a temporary workaround. I setup my samba accounts using pdbedit and specifying a group RID for the new user: pdbedit -G S-1-5-21-1590455367-7305976-751859383-513 -a Now, I've googled a lot on this and have read through the mailing list archives and know that this often has to do with people not having group mapping setup. But I do: jerry:~# net groupmap list | grep users Users (S-1-5-32-545) -> users Domain Users (S-1-5-21-1590455367-7305976-751859383-513) -> users So, digging deeper, here is something I have discovered and don't know if this might be the source of my trouble: When I was testing my Samba PDC (the hostname is "jerry"), I set up a test domain, called JERRY. When I made the actual transition, the domain was changed to our real domain, WECC-DOMAIN. And yesterday, I noticed this: jerry:~# net getdomainsid SID for domain JERRY is: S-1-5-21-675875985-4049016363-1657815630 SID for domain WECC-DOMAIN is: S-1-5-21-1590455367-7305976-751859383 The domain JERRY technically shouldn't exist anymore, at least I don't need it to. You will notice that the group RID I specify when adding accounts using pdbedit matches WECC-DOMAIN and that my group mapping is also for the domain WECC-DOMAIN. Is it possible that this SID for the JERRY domain is interfering with my setting up accounts with smbpasswd? Thanks! Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Member server won't authenticate against Samba BDC
Just fixed it, had to restart winbind daemon on the member server. The solution was right in front of me the entire time. Sorry. -Bryan On Fri, Oct 01, 2004 at 02:22:08PM -0500, Bryan K. Walton wrote: > For the last few years, we have had a NT4 PDC (without a BDC). > This week I undertook the process of builing a Samba BDC running > Debian linux. This new BDC is running samba version 3.0.7. After > setting up the box, I copied all of the user, group, and machine > accounts over to the new bdc, using "net rpc vampire". > > The BDC is up and running and I see everybody authenticating against > it. I would like to make it the PDC, and take down our old NT domain > controller, but I have one samba member server (running Samba 3.0.4) > that insists on authenticating users against the old nt controller > (wecc-server) and I can't figure out how to make it stop. Oh, I should > also mention that the new BDC is using a tdbsam backend. > > The member server (amanda) has unix and smbpasswd accounts in the BDC > (jerry) that I "vampired" from wecc-server. Here is an excerpt from > Amanda's smb.conf: > > workgroup = WECC-DOMAIN > security = domain > password server = jerry, wecc-server > > And here is an excerpt from Jerry's smb.conf: > > workgroup = WECC-DOMAIN > os level = 34 > local master = Yes > preferred master = Yes > domain master = No > > > If I promote Jerry to a PDC from a BDC, and then shut down the old NT > domain controller, none of our employees can connect to any shares on > Amanda. When they try, they get a message: > > "There are currently no logon servers available to service the logon > request." Now, I've also tried removing the "wecc-server" listing from > Amanda's "password server =" line in its smb.con, in addition to the > above steps, but it doesn't make any difference. > > Can anybody tell me what might be wrong here? I'm sure I'm missing > something but have run out of ideas. In the meantime, I keep the old NT > domain controller up and running. Please let me know if there are > other parts of the smb.conf files that you would like to see. > > Much thanks!! > Bryan Walton > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Bryan K. Walton Wisconsin Energy Conservation Corporation GnuPG Key fingerprint = 42FC 3177 3E63 2490 DF3F 68A1 B565 120C 1EE1 8F37 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Member server won't authenticate against Samba BDC
For the last few years, we have had a NT4 PDC (without a BDC). This week I undertook the process of builing a Samba BDC running Debian linux. This new BDC is running samba version 3.0.7. After setting up the box, I copied all of the user, group, and machine accounts over to the new bdc, using "net rpc vampire". The BDC is up and running and I see everybody authenticating against it. I would like to make it the PDC, and take down our old NT domain controller, but I have one samba member server (running Samba 3.0.4) that insists on authenticating users against the old nt controller (wecc-server) and I can't figure out how to make it stop. Oh, I should also mention that the new BDC is using a tdbsam backend. The member server (amanda) has unix and smbpasswd accounts in the BDC (jerry) that I "vampired" from wecc-server. Here is an excerpt from Amanda's smb.conf: workgroup = WECC-DOMAIN security = domain password server = jerry, wecc-server And here is an excerpt from Jerry's smb.conf: workgroup = WECC-DOMAIN os level = 34 local master = Yes preferred master = Yes domain master = No If I promote Jerry to a PDC from a BDC, and then shut down the old NT domain controller, none of our employees can connect to any shares on Amanda. When they try, they get a message: "There are currently no logon servers available to service the logon request." Now, I've also tried removing the "wecc-server" listing from Amanda's "password server =" line in its smb.con, in addition to the above steps, but it doesn't make any difference. Can anybody tell me what might be wrong here? I'm sure I'm missing something but have run out of ideas. In the meantime, I keep the old NT domain controller up and running. Please let me know if there are other parts of the smb.conf files that you would like to see. Much thanks!! Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Excel 2002, Samba 3.0.2, and "Overwriting Changes"
About two weeks ago on this list, someone posted a problem involving Excel 2002 (from Office XP) and excel files stored on Samba shares. Specifically (from that prior posting): "If a user opens a excel document kept on a samba share and the user makes edits to the file and tries to saves the file he/she is prompted that the file was edited by another user even though the file was never touched by anyone and if they want to overwrite to the file." Someone replied that he should update to the latest Samba. I am having this same problem. However, I am running Samba 3.0.2. The error message my users are getting is specifically: "The file "" may have been changed by another user since you last save it. In that case, what do you want to do?" You are then given the option to save a copy, or to overwrite changes. Again, I am already running Samba 3.0.2. Is anybody else having this problem? Is there a patch/fix for this? Thanks! Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sending samba logs to a central logging server
I am trying to figure out how I can send my samba logs to a central logging server. Everything handled by syslog on my samba box is already being sent to the logging server, but I can't figure out how to send the samba logs to that logging server without having syslog take over the samba logs. Is there some line I can add to my smb.conf to export those logs? Thanks, Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba