[Samba] Logon fails
Hello List, I have a network consisting of several Win2K Pro, WinXp Home, WinXp Pro Clients, a Linux Server with Samba 3 and a MS Small Business Server 2003. The Linux Server authenticates domain users using winbind. That works fine and all users can Login to the linux box using FTP, SSH, ... The only thing that doesn't work is connecting to samba shares. For some time I got the messages that there are no logon servers available until I set domain logons = Yes. Now the client gets a logon window but the password is rejected. If they try to connect to the ADS server everything works fine. Maybe a hint: On my notebook the username/password are the same as in active directory and it works. It also worked when domain logons wasn't switched on. I think it's an encryption issue. Could it be that windows uses another default encryption if I don't authenticate through the logon popup window but on boot? Here's a short dump of a logon sequence with loglevel 10: [2005/09/14 13:11:38, 10] lib/util_sock.c:read_data(517) read_data: read of 4 returned 0. Error = Success [2005/09/14 13:11:38, 10] lib/util_sock.c:receive_smb_raw(666) receive_smb_raw: length 0! [2005/09/14 13:11:38, 3] smbd/process.c:timeout_processing(1366) timeout_processing: End of file from client (client has disconnected). [2005/09/14 13:11:38, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2005/09/14 13:11:38, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2005/09/14 13:11:38, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/09/14 13:11:38, 5] auth/auth_util.c:debug_nt_user_token(452) NT user token: (NULL) [2005/09/14 13:11:38, 5] auth/auth_util.c:debug_unix_user_token(473) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/09/14 13:11:38, 5] smbd/uid.c:change_to_root_user(319) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/09/14 13:11:38, 2] smbd/server.c:exit_server(608) Closing connections [2005/09/14 13:11:38, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/09/14 13:11:38, 5] smbd/oplock.c:receive_local_message(110) receive_local_message: doing select with timeout of 1 ms [2005/09/14 13:11:38, 3] smbd/server.c:exit_server(652) Server exit (normal exit) Thanks for your help mit freundlichen Grüssen, | with best regards, -- Daniel Khan Technische Leitung | CTO Geschäftsführender Gesellschafter | Managing Partner ventigo Werbung . IT . Marketing GmbH Kornstrasse 10 4060 Leonding T. +43 (0) 732 37 09 60 | F. +43 (0) 732 37 09 60 10 http://www.ventigo.com | [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind/ windows ad issues FIXED!
Hello List, Daniel Khan wrote: When I try to sign on (su) with a windows account the follwoing happens: # su dkhan su: Authentication service cannot retrieve authentication info. (Ignored) For the archives. I was finally able to solve this problem. It simply was 1.) a wrong order inside the pams system-auth configuration. I now have: # cat /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_winbind.so debug use_first_pass auth required pam_deny.so accountsufficient pam_winbind.so debug accountrequired pam_unix.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so sessionrequired pam_limits.so sessionrequired pam_unix.so sessionoptional pam_winbind.so debug sessionoptional pam_mkhomedir.so This works fine and even creates the homedir as expected. 2.) a missing smb.conf shell setting for the ad users (which defaulted to /bin/false) I added template shell= /bin/bash to smb.conf Now I'm done! greetings -- Daniel Khan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind/ windows ad issues
Hello, I want to do a single signon setup with samba/winbind and a windows2003 SBS. I have nearly everything up and running. wbinfo gives what I expected. When I try to sign on (su) with a windows account the follwoing happens: # su dkhan su: Authentication service cannot retrieve authentication info. (Ignored) So it recognizes me as windows account and pam somehow tries to authenticate the user but the something wents wrong. nsswitch: passwd: compat winbind shadow: compat winbind group: compat winbind Any hints would be really appreciated. greetings -- Daniel Khan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC/profile Migration to new Host (Domain)
Hello, I have to migrate a network with a samba 2.2 PDC to a new host with a Samba 3.0 PDC. Samba 3.0 is up and running now. The only thing that makes me nervous is how to migrate the profiles of the old PDC to the new PDC. Unfortunately usernames/machine names will also change. The profiles are per user (not per machine) and will stay this way. The clients are win2K pro, winXP pro. Is it possible to logon to the old domain, join the new domain and have the current users profile copied to the new PDC? Or better, what is the best way to do it? Thanks in advance -- Daniel Khan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
