Re: [Samba] bind failure: can't contact ldap server
Did you specify the LDAP administrator to bind as in smb.conf? I believe the option line is "ldap admin dn", but you should double check that. Then you also have to store the admin's password in the secrets.tdb file with a "smbpasswd -w adminpw" command. That's what fixed the problem for me. Dan "Fatemi, Afsheen" <[EMAIL PROTECTED]> wrote: Hi list, I have installed samba 2.2.8 on my linux rh 9. with Openldap rmps. I am trying to setup a PDC server using Samba with ldap as the backend. The samba server can not connect to the ldap server. I am getting the following error when I run any smb commands: LDAPS option set...! ldap_connect_system: Binding to ldap server as "" Bind failed: Can't contact ldap server I don't think the problem is at the ldap because before I decided to install samba tools to use it as a PDC, I was able to add users and authenticate using my MAC clients. I have checked my /etc/samba/smb.conf and smbldap_conf.pm files and nothing seems to be wrong. Do you have any idea why would samba try to connect to null "" instead of my fully qualified name? Thanks for your time and help, afsheen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Migration
I'm thinking about moving from a Samba server that currently has encrypted passwords off to a server with encryption that hits up an LDAP server for login information. I know that there is an option in smb.conf called "update encrypted" that you can use to migrate a server from unencrypted to encrypted passwords, but when I specify "encrypted passwords = no" and "update encrypted = yes", I cannot login. I'm running Samba 2.2.8 on a Redhat 7.3 server. Is there a way to do what I'm trying to do, be it in 2.2.8 or 3.0? Thanks, Dan - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8 w/ Netscape Directory 4.1
Hi All, I've searched for a guide on how to configure Samba and ND 4.1 to work with each other to authenticate logins to the Samba server using LDAP, but I can't seem to find anything. All the guides I've come across deal only with OpenLDAP. Does anybody know of a guide specifically geared towards Netscape Directory? Thanks a bunch. Dan - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8a w/ LDAP enabled RPMs
Hi All, I was wondering if anybody could point me in the direction of an RPM for Redhat 7.3 of a build of Samba 2.2.8a with LDAP enabled? I can't seem to get the RPM compiled from either raw source or from an SRPM for the life of me - I keep getting errors that read: "checking configure summary... configure: error: summary failure. Aborting config error: Bad exit status from /var/tmp/rpm-tmp.129 (%build) RPM Build errors: Bad exit status from /var/tmp/rpm-tmp.129 (%build)" I'm nowhere near knowledgeable enough about building binaries to be able to solve this problem on my own. If anybody has any tips to fix my errors, or if anybody can point me to a downloadable RPM, I'd be very happy. Thanks! Dan - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 Beta and Encryption Issues
Hi All, This is an update/question about the new beta release of Samba. I installed it onto a test bay. One machine is Redhat 7.3, one is XP. For our purposes, the clients need to have encryption turned off (IE: we enabled cleartext passwords). With Samba 2.2.7, I had PDC support, including roving profiles and login scripts working when ecryption was turned on, both server-side and client-side. Unfortunately, I need to have encryption turned off due to server issues that are unavoidable at the moment. Now, with the new beta release, I have the exact same connectivity level working, only with encryption turned on server side, but turned OFF client side. As somebody else posted - is this a bug, or a feature? :) Our ideal solution would be to have encryption turned off server side and use an LDAP backend for authentication. With Samba 3, will it be possible to do so and still support roving profiles and true domain logins? Migrating passwords would be a huge hassle. Thanks for your help! Dan - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 Beta and Encryption Issues
Hi All, This is an update/question about the new beta release of Samba. I installed it onto a test bay. One machine is Redhat 7.3, one is XP. For our purposes, the clients need to have encryption turned off (IE: we enabled cleartext passwords). With Samba 2.2.7, I had PDC support, including roving profiles and login scripts working when ecryption was turned on, both server-side and client-side. Now, with the new beta release, I have the exact same connectivity level working, only with encryption turned on server side, but turned OFF client side. As somebody else posted - is this a bug, or a feature? :) Our ideal solution would be to have encryption turned off server side and use an LDAP backend for authentication. With Samba 3, will it be possible to do so and still support roving profiles and true domain logins? If not, we can always migrate passwords from the LDAP server, but it's an extra step and it'd be best if we could avoid it entirely. Thanks for your help! I'll keep playing with the beta and post if I find anything else interesting. Dan - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printsharing and Drivers for 2000/98/95
Hi All,
I'm attempting to set up print-sharing on a Samba 2.2.7 running on Redhat 7.3. Both
98 and 2000 clients can print fine and dandy if I install the drivers I downloaded
from HP (I'm using a LaserJet 5MP for reference). What I want to do is install the
drivers to the Linux box so future clients can download the drivers painlessly. I
believe I've followed the instructions in the current Samba HowTo manual correctly,
but perhaps not. When I browse my server computer (from W2K as root), I double-click
the printer listing, and then right-click and go to properties. Click no for the
message "Device settings cannot be displayed. The driver for the specified printer is
not installed. Only spooler properties will be displayed. Do you want to install a
driver now?" Go to sharing, additional drivers, and then highlight both "Windows
2000" and "Windows 95 or 98". Click "ok", and then I get an error message saying
"Unable to install Intel, Windows 2000 driver. Operation could not
be completed." Then a similar one pops up for 95/98.
The relevant error message in my samba.log file is as follows:
[2003/06/09 10:17:17, 0] smbd/service.c:make_connection(251)
cns-dank (143.195.4.178) couldn't find service id
[2003/06/09 10:17:17, 0] smbd/service.c:make_connection(251)
cns-dank (143.195.4.178) couldn't find service id
[2003/06/09 10:48:50, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(134)
connect_to_client: machine CNS-DANK rejected the tconX on the IPC$ share. Error was
: NT_STATUS_ACCESS_DENIED.
[2003/06/09 10:48:50, 0] smbd/service.c:make_connection(251)
cns-dank (143.195.4.178) couldn't find service
::{2227a280-3aea-1069-a2de-08002b30309d}
I'm almost positive my [print$] share is set up correctly - it has write access for
root and the directories are set up properly. Permissions should be okay because I
can create directories from the client computers with no problems.
Any light you all could shed on the problem would be much appreciated. Thanks!
-
Do you Yahoo!?
Free online calendar with sync to Outlook(TM).
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Running Windows 2000 Login Scripts Without PasswordEncryption
Hi Again, Same old same old. Here's a different spin on the question, though. Now I'm wondering if there's a way to run login scripts automatically on a 2000 machine. I've got Samba set up properly (I think). It's running as a PDC, without password encryption (due to the way the rest of our network is set up - as of now it's not going to change, so I have to find a work around). Obviously, this is a bit of a pain, but I can't do much about it. I did have everything working well when encryption was turned on, so I'm fairly certain I know what I'm doing. In any case, we've decided that backing off to simply running login scripts without doing roving profiles (our original goal) is acceptable for now. This would be fine, but I keep running into the same problem. The [netlogon] share has guest access turned on, but when I logon with a 2000 machine, no script runs. When I access the share by either running \\server\netlogon or \\server\netlogon\logon.bat (logon.bat is the simple test script I'm using) on my 2000 machine, an authentication window pops up asking for a username and password. Since guest access is on, I can just hit enter and access to the share is granted. The problem is having to input that blank username and password and I have no idea how to get around that. Further problems lie in trying to get the shares that REQUIRE a username and password authenticated in the script, but I've managed a workaround for that with a heavy-handed VBscript that asks the user for their username and password again. Irregardless, this isn't the point of this question, just an indication of where I'm trying to take this. Oh, and I can logon to the domain in Windows 95 and run a logon script there, so I know that it works sometimes. It's not a syntax problem with the script either, because once I authenticate as a guest user under 2000 the script runs fine there as well. Sorry for the lengthy e-mail and thanks for your help! Dan - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC/Roving Profiles/and Password Encryption
Buchan, So you're saying that it IS possible for my setup to work? I'll definitely give those guides a read through and maybe I'll be able to work through them. I want to be sure I understand you correctly, though - I can enable password encryption on the samba server, keep password encryption OFF on the clients, and use the LDAP database and migrate the passwords stored there to the samba server? Thanks, Dan Buchan Milne <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No, no Windows clients will join a domain with clear-text passwords. Not totally true, you can have samba authenticate against the NT password has stored in LDAP, and use synchronisation tools to keep the unix hash and the NT hash in sync. Well, you won't be able to join new machines to the domain either. See http://www.mandrakesecure.net/en/docs/samba-pdc.php for details in getting samba running on an LDAP backend the easy way, and http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php (not totally complete yet) for adding in some cool features. Buchan - -- |--Another happy Mandrake Club member--| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+3dJxrJK6UGDSBKcRAia0AJ4sqR+pjH+cu9f1YVtuKCgXqMe4iwCeOS99 yMeZmFDPQvMY134Ye1UOY5E= =63VC -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ** - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC/Roving Profiles/and Password Encryption
Hi All, Well, despite my general idiocy I've managed to get PDC and roving profiles working perfectly in my test situation. Obviously, this isn't good enough since computers are the devil, so I've run into some more problems. Fortunately for the Samba team, this isn't a problem with Samba - I think it's more a problem with how our network is set up here. Basically, I'm wondering if there's a way to enable PDC and roving profiles using UNencrypted passwords. I have it working WITH encrypted passwords, but this presents a problem as we're using an LDAP database that takes unencrypted passwords, and then when we actually login to a server (say the student server), the actual student server does the password hashing. I'm not sure if that explanation makes sense, but the important thing is that each client computer MUST have cleartext passwords enabled or they cannot login to the student server. As far as I can tell, this is what happens when I login to the domain from my 2K box using unencrypted passwords. I get into the domain just fine - if I have a profile path declared, I get an error saying that the profile cannot be loaded. This stems from the client not getting a true PDC authentication with the server, as the server's shares are not viewable until I run a "NET USE" command that includes a valid username and password. Once that is done, I can view any of the shares fine. If there's a way to circumvent this problem or if I've managed to screw yet another thing up, let me know. And a preemptive thanks to John - you've been a lot of help :) Thanks! Dan - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roving Profile Issues
Hi Again, I figured out what my problem was with the encrypted passwords - it's sufficient to say that it was an error on my part, not the software. Oops. However, now I'm completely baffled. I can login to the domain perfectly (encryption is on, by the way), my home drive maps correctly, the login script runs as it is supposed to, but I'm getting an error about my remote profile. Specifically, Windows 2000 tells me that "Windows cannot create profile directory //servername/profile/username.pdt" and that it will use a local profile that will not be updated to the server at log off. I cannot for the life of me figure this one out. I believe that I've changed permissions correctly as well as group ownership of the profile directory. Perhaps I've configured smb.conf incorrectly. I'm really not sure what the problem is here. Below is my smb.conf file - hopefully that will help determine the error. [global] workgroup = mytest netbios name = CNS-11438 security = user encrypt passwords = yes wins support = yes os level = 64 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\cns-11438\profile\%u logon drive = f: logon home = \\cns-11438\%U logon script = logon.cmd log file = /var/log/samba/samba.log max log size = 0 log level = 2 [netlogon] path = /home/netlogon read only = yes write list = ntadmin guest ok = yes [profiles] path = /home/profile read only = no create mode = 0600 directory mode = 0700 ; writeable = yes ; browseable = no ; csc policy = disable ; profile acls = yes [homes] ; guest ok = yes read only = no valid users = %S create mode = 0600 directory mode = 0700 [public] path = /tmp guest ok = yes writeable = yes - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba pdc/roving profiles/encrypted passwords
It is my understanding that roving profiles cannot be implemented without using encrypted passwords. It is also my understanding that encrypted passwords cannot be implemented without pointing smb.conf to a windows password server. I'm trying to set up a samba server on a Linux (RedHat 7.3) to act as a PDC and a provider for roving profiles - when I do things with cleartext (encryption off), I can connect to drives and such fine from Windows 2000 using the typical "net use \\server\share /user:myuser". However, when I connect to the domain, it will not automatically load my profile. I'm thinking it's because of the password encryption, but perhaps I'm wrong. If anybody can help, I'd be very appreciative! Thanks so much. - Do you Yahoo!? Free online calendar with sync to Outlook(TM). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
