Re: [Samba] Compile Problem with libs
You need to compile with LDFLAGS, for example if your ldap libs are in /usr/local/openldap/lib you would type the following, tcsh syntax, setenv LDFLAGS "$LDFLAGS -R/usr/local/openldap/lib" What this does is append "-R/usr/local/openldap/lib" to the LDFLAGS environment variable. Then you need to recompile the whole samba source. make distclean; ./configure --withyouroptions; make On Fri, Oct 24, 2003 at 04:35:29PM -0600, Schwartz, William H wrote: > I'm trying to build samba 3 for Solaris 9 and I'm having trouble with the > libraries. > > > > Everything seems to build fine but when I try to run one of the binaries I > get: > > ld.so.1: /appl/samba/bin/net: fatal: liblber.so.2: open failed: No such file > or directory > > > > If I add the path for my ldap and gcc libs to my LD_LIBRARY_PATH environment > then I can run the commands and they seem fine but I can't figure out how to > build them so I don't have to set my environment variables up first. > > > > I could probably just set these in my samba startup script but that won't > help for swat which runs from inetd.conf > > > > I've tried messing with the --enable-shared and --enable-static flags for > the configure script but either I'm not setting those right or that's not my > problem. > > > > Can anyone point me in the right direction? > > > > thanks, > > Bill > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3: is LDAP required?
OK a little more on the mit krb5 one, [EMAIL PROTECTED] ~]# smbclient //kenny.cs.umd.edu/c$ -k -U derek%passwd -d 10 [2003/10/22 16:33:06, 2] libsmb/cliconnect.c:cli_session_setup_spnego(635) Doing spnego session setup (blob length=108) [2003/10/22 16:33:06, 3] libsmb/cliconnect.c:cli_session_setup_spnego(660) got OID=1 2 840 48018 1 2 2 [2003/10/22 16:33:06, 3] libsmb/cliconnect.c:cli_session_setup_spnego(660) got OID=1 2 840 113554 1 2 2 [2003/10/22 16:33:06, 3] libsmb/cliconnect.c:cli_session_setup_spnego(660) got OID=1 2 840 113554 1 2 2 3 [2003/10/22 16:33:06, 3] libsmb/cliconnect.c:cli_session_setup_spnego(660) got OID=1 3 6 1 4 1 311 2 2 10 [2003/10/22 16:33:06, 3] libsmb/cliconnect.c:cli_session_setup_spnego(667) got [EMAIL PROTECTED] [2003/10/22 16:33:06, 0] libsmb/cliconnect.c:cli_session_setup_spnego(683) Kinit failed: Decrypt integrity check failed [2003/10/22 16:33:06, 10] intl/lang_tdb.c:lang_tdb_init(135) session setup failed: NT_STATUS_OK [EMAIL PROTECTED] ~]# ldd `which smbclient` libreadline.so.4 => /usr/lib/libreadline.so.4 (0x40033000) libncurses.so.5 => /usr/lib/libncurses.so.5 (0x4006) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4009f000) libresolv.so.2 => /lib/libresolv.so.2 (0x400cc000) libnsl.so.1 => /lib/libnsl.so.1 (0x400de000) libdl.so.2 => /lib/libdl.so.2 (0x400f4000) libpopt.so.0 => /usr/lib/libpopt.so.0 (0x400f7000) libcrypto.so.2 => /lib/libcrypto.so.2 (0x4010) libgssapi_krb5.so.2 => /usr/local/krb5-1.3.1/lib/libgssapi_krb5.so.2 (0x401d4000) libkrb5.so.3 => /usr/local/krb5-1.3.1/lib/libkrb5.so.3 (0x401e5000) libk5crypto.so.3 => /usr/local/krb5-1.3.1/lib/libk5crypto.so.3 (0x40243000) libcom_err.so.3 => /usr/local/krb5-1.3.1/lib/libcom_err.so.3 (0x40263000) libldap.so.2 => /usr/lib/libldap.so.2 (0x40265000) liblber.so.2 => /usr/lib/liblber.so.2 (0x4029) libc.so.6 => /lib/i686/libc.so.6 (0x4200) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) libsasl.so.7 => /usr/lib/libsasl.so.7 (0x4029b000) libssl.so.2 => /lib/libssl.so.2 (0x402a6000) libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x402d6000) libpam.so.0 => /lib/libpam.so.0 (0x402dd000) Also attached is the smbd -d 10 log for a session running the mit krb5 1.3.1 version. On Wed, Oct 22, 2003 at 03:38:03PM -0400, Derek T. Yarnell wrote: > On Tue, Oct 21, 2003 at 09:43:03PM +, John H Terpstra wrote: > > > Alright, does samba support joining a Samba Win2k3 domain in native 2003 > > > mode? I have asked this before and not gotten a straight answer. The > > > HOWTO does not cover this specific topic, I get "Decrypt Integrity > > > Failed" errors for the kerberos tickets from said domain. I see > > > something about heimdal less than version 0.6 not working with Win2k3 > > > (no mention of native 2k3 or native or whatever). > > > > It will work if Samba-3 has been compiled with MIT Kerberos 1.3.x, not > > 1.2.x. Alternately, Samba-3 compiled with Heimdal 0.6.1 or later should > > work fine with Win2003 Native ADS. > > Alright background, Windows 2003 running in Native 2003 Mode (the > highest one). Samba 3.0.1pre1 , two version compiled one with mit krb5 > 1.3.1 and one with the latest snapshot of heimdal 0.6-20031022. > > Ok I don't think that you are correct, with Heimdal (0.6 release > 20031022, there is no 0.6.1 that I can find) I get this, > > [2003/10/22 15:22:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) > krb5_cc_get_principal failed (No such file or directory) > [2003/10/22 15:22:46, 0] libads/kerberos.c:ads_kinit_password(133) > kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown error -1765328332 > > The error is KRB5KRB_ERR_RESPONSE_TOO_BIG. > > [EMAIL PROTECTED] heimdal-0.6-20031022]# grep -r "1765328332" * > include/krb5_err.h: KRB5KRB_ERR_RESPONSE_TOO_BIG = -1765328332, > lib/krb5/krb5_err.h:KRB5KRB_ERR_RESPONSE_TOO_BIG = -1765328332, > > This is when running `net ads join -U derek` and typing in my windows > administrator password. > > I can get further with mit krb5-1.3.1, I can do a net ads join and > successfully join the domain. But then get the decrypt integrity failed > error when a client tries to connect. > > The log for heimdal is attached, I will send the one for mit krb5 after. > > -- > --- > Derek T. Yarnell > University of Maryland > Computer Science Department Unix Staff > [EMAIL PROTECTED] > [2003/10/22 15:31:49, 5] lib/debug.c:debug_dump_status(359) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 >
Re: [Samba] Samba 3: is LDAP required?
On Tue, Oct 21, 2003 at 09:43:03PM +, John H Terpstra wrote: > > Alright, does samba support joining a Samba Win2k3 domain in native 2003 > > mode? I have asked this before and not gotten a straight answer. The > > HOWTO does not cover this specific topic, I get "Decrypt Integrity > > Failed" errors for the kerberos tickets from said domain. I see > > something about heimdal less than version 0.6 not working with Win2k3 > > (no mention of native 2k3 or native or whatever). > > It will work if Samba-3 has been compiled with MIT Kerberos 1.3.x, not > 1.2.x. Alternately, Samba-3 compiled with Heimdal 0.6.1 or later should > work fine with Win2003 Native ADS. Alright background, Windows 2003 running in Native 2003 Mode (the highest one). Samba 3.0.1pre1 , two version compiled one with mit krb5 1.3.1 and one with the latest snapshot of heimdal 0.6-20031022. Ok I don't think that you are correct, with Heimdal (0.6 release 20031022, there is no 0.6.1 that I can find) I get this, [2003/10/22 15:22:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No such file or directory) [2003/10/22 15:22:46, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown error -1765328332 The error is KRB5KRB_ERR_RESPONSE_TOO_BIG. [EMAIL PROTECTED] heimdal-0.6-20031022]# grep -r "1765328332" * include/krb5_err.h: KRB5KRB_ERR_RESPONSE_TOO_BIG = -1765328332, lib/krb5/krb5_err.h:KRB5KRB_ERR_RESPONSE_TOO_BIG = -1765328332, This is when running `net ads join -U derek` and typing in my windows administrator password. I can get further with mit krb5-1.3.1, I can do a net ads join and successfully join the domain. But then get the decrypt integrity failed error when a client tries to connect. The log for heimdal is attached, I will send the one for mit krb5 after. -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] [2003/10/22 15:31:49, 5] lib/debug.c:debug_dump_status(359) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 [2003/10/22 15:31:49, 3] param/loadparm.c:lp_load(3914) lp_load: refreshing parameters [2003/10/22 15:31:49, 3] param/loadparm.c:init_globals(1301) Initialising global parameters [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UCS-2LE [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(95) Registered charset UCS-2LE [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UTF8 [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(95) Registered charset UTF8 [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset ASCII [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(95) Registered charset ASCII [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset 646 [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(95) Registered charset 646 [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(87) Attempting to register new charset UCS2-HEX [2003/10/22 15:31:49, 5] lib/iconv.c:smb_register_charset(95) Registered charset UCS2-HEX [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 5] lib/charcnv.c:charset_name(74) Substituting charset 'ISO-8859-1' for LOCALE [2003/10/22 15:31:49, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/usr/local/samba-3.0.1pre1/lib/smb.conf" [2003/10/22 15:31:49, 3] param/loadparm.c:do_section(3417) Processing section "[global]" doing parameter workgroup = UMD-CSD-NT
Re: [Samba] Samba 3: is LDAP required?
On Fri, Oct 17, 2003 at 09:00:48PM +, John H Terpstra wrote: > On Wed, 15 Oct 2003, tvsjr wrote: > > > >Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for > > >Active Directory support to work? Active Directory support == "security = > > >ads". > > > > Are you trying to make Samba act as an Active Directory server? If so, then > > Samba won't do that, you're SOL. > > If you're trying to make your Samba machine join an Active Directory, no, > > OpenLDAP is not required. The Active Directory must be running in Mixed or > > Native mode, not in Native 2003 (2k3 Server only) mode. Alright, does samba support joining a Samba Win2k3 domain in native 2003 mode? I have asked this before and not gotten a straight answer. The HOWTO does not cover this specific topic, I get "Decrypt Integrity Failed" errors for the kerberos tickets from said domain. I see something about heimdal less than version 0.6 not working with Win2k3 (no mention of native 2k3 or native or whatever). Am I screwed? > Not quite! Samba-3.0.x can join a Win2K3 AD Domain that is in Native Mode. > This is documented in the Samba-HOWTO-Collection.pdf available with > Samba-3 in the chapter on "Domain Membership". > > PS: You can obtain this document from: > http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf > > It is also available from Amazon.Com as "The Official Samba-3 HOWTO and > Reference Guide" for those who want a hard copy. The book has more > information in it than the HOWTO. > > - John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and Windows Server 2003
On Sun, Oct 12, 2003 at 03:32:51PM -0500, tvsjr wrote: > At 03:12 PM 10/12/2003 -0500, Bryan Haro wrote: > >Okay, I'm trying to get my samba server to talk to my Windows 2003 domain > >running in native 2003 mode. First, while trying to add the samba server > >with the "net ads join" command, it just wouldn't work. I wouldn't get an > >error or a confirmation, I'd just be sent back to the command prompt. My > >krb5.conf file is setup properly and when I run a kinit command, it runs > >fine. Anyway, I gave up on that as I really don't need full ADS domain > >membership. > > If the directory is running in Windows Server 2003 mode (a superset of > native mode) then it won't work, from what I understand. I believe this is > stated in the HOWTOs. You'll need to reconfigure your server and use native > mode rather than native 2003 mode. > > Disclaimer: I have successfully joined a few Red Hat 9 boxes to my Active > Directory in Native 2000 mode. Can anyone really confirm this, I am having trouble with verifying tickets with a 2003 Server in Native 2003 Mode. But what I have read is that you can't change back from native 2003 mode, to just native mode. Is this true? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: bad encryption type when accessing AD member server
So understanding that, I get this error, [2003/10/02 17:10:23, 3] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed Any suggestions to where to look to find this one? Could it be something with the Win2k3 server? [EMAIL PROTECTED] samba]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/02/03 17:06:16 10/03/03 03:06:20 krbtgt/[EMAIL PROTECTED] renew until 10/02/03 18:06:16, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached So I am getting ArcFour tickets by default here. On Thu, Oct 02, 2003 at 03:53:34PM -0500, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jeremy Allison wrote: > > > |>14 rc4-hmac-exp > |>15 arcfour-hmac-md5-exp > |>16 aes128-cts-hmac-sha1-96 > |>17 aes128-cts > |>18 aes256-cts-hmac-sha1-96 > |>19 aes256-cts > | > | > | I think the enc-type you need is type 23 which I believe is rc4-md4. > > I think you mean RC4-HMAC > > > > > > jerry > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/fJBOIR7qMdg1EfYRAuefAJ4nvtyRxA7kwJ6l3VgO3eQAbwXtvwCg0ffI > DTqh5cC2hfbbHEcBcuBqazE= > =HIcx > -END PGP SIGNATURE- -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: bad encryption type when accessing AD member server
But that is not working correctly,
[EMAIL PROTECTED] samba]# cat /etc/krb5.conf
[libdefaults]
default_realm = PC.CS.UMD.EDU
[realms]
PC.CS.UMD.EDU = {
kdc = krycek.pc.cs.umd.edu:88
}
Still won't work correctly,
[2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type
[2003/10/02 16:11:13, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type
[2003/10/02 16:11:13, 3] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity
check failed
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] libads/kerberos_verify.c:ads_verify_ticket(310)
ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type
[2003/10/02 15:40:25, 10] passdb/secrets.c:secrets_named_mutex_release(709)
secrets_named_mutex: released mutex for replay cache mutex
[2003/10/02 15:40:25, 3] libads/kerberos_verify.c:ads_verify_ticket(317)
ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
Anyone know that the encryption types [1,2,3] etc... are?
Built with krb5-1.3.1, as far from the krb5 source I find that these are
the encryption types,
0 des-cbc-crc
1 des-cbc-md4
2 des-cbc-md5
3 des
4 des-cbc-raw
5 des3-cbc-raw
6 des3-cbc-sha1
7 des3-hmac-sha1
8 des3-cbc-sha1-kd
9 des-hmac-sha1
10 arcfour-hmac
11 rc4-hmac
12 arcfour-hmac-md5
13 arcfour-hmac-exp
14 rc4-hmac-exp
15 arcfour-hmac-md5-exp
16 aes128-cts-hmac-sha1-96
17 aes128-cts
18 aes256-cts-hmac-sha1-96
19 aes256-cts
On Thu, Oct 02, 2003 at 07:11:43PM +0200, Alexander List wrote:
> On Thu, 2 Oct 2003, Derek T. Yarnell wrote:
>
> > Can you send me your working krb5.conf file? I am having the same
> > problem (not running debian) and trying to figure out what I need to
> > have in it is a pain.
>
> Less is more in this case.
>
> Try _removing_ anything about the enctypes in krb5.conf and only define
> the realm, like mentioned in the Samba HOWTO collection:
>
> http://www.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#id2877790
>
> If you use the mentioned minimal config, everything should work fine.
>
> Alex
>
> --
> "They that can give up essential liberty to obtain a little temporary safety
> deserve neither liberty not safety."
> --Benjamin Franklin, 1759
>
>
>
>
--
---
Derek T. Yarnell
University of Maryland
Computer Science Department Unix Staff
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bad encryption type when accessing AD member server
Can you send the default debian krb5.conf? I would like to see what the differences are with my krb5.conf. Thanks. On Tue, Sep 30, 2003 at 11:45:35AM +0200, Henning Holtschneider wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Monday 29 September 2003 17:59, Henning Holtschneider wrote: > > > I'm trying to access a Samba 3.0 server (running on Debian unstable) in an > > Active Directory environment. I successfully joined the domain, klist shows > > my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 > > server. However, when I try to access a share on the Samba machine from a > > Windows 2000 client, I'm being asked for the password and Samba logs: > > [...] > > [2003/09/29 13:17:02, 3] libads/kerberos_verify.c:ads_verify_ticket(317) > > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > > I replaced Debian's default krb5.conf (which looks like MIT Kerberos' sample > file) with the minimum configuration described in the Samba documentation and > finally the connection from the Windows clients works! Don't know why I > didn't try that earlier ... > > Sorry about the noise, > > <-gninneH<- > - -- >__ _ ____ Henning Holtschneider > / / ___ ___ _/ |/ /__ / /_ <[EMAIL PROTECTED]> > / /__/ _ \/ __/ _ `// -_) __/ > //\___/\__/\_,_/_/|_/\__/\__/ ...net happens! > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/eVC/P9goCV2uudcRArZOAJ9RWeUl/H8umC19zZLZy8NZ58UHCACfcI3q > M0tr3nsdEy02fli9vC+2MAY= > =mnRw > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication problems
Ok I spoke too soon, I am also having this problem, [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2003/09/29 11:43:28, 10] passdb/secrets.c:secrets_named_mutex_release(709) secrets_named_mutex: released mutex for replay cache mutex [2003/09/29 11:43:28, 3] libads/kerberos_verify.c:ads_verify_ticket(317) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2003/09/29 11:43:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! Argh, ads is not working correctly with windows 2k3. Anyone get this working with a 2k3 domain? What is your krb5.conf file look like? Are you in native server 2k3 mode for the domain? On Mon, Sep 29, 2003 at 09:48:46AM -0400, Derek T. Yarnell wrote: > Can you kinit correctly? > > kinit [EMAIL PROTECTED] > > If that gives you an error 52 then what I have found that if you are in > Native W2k3 mode for the domain then you will have to upgrade kerberos > to version 1.3.x to get it to work correctly (and link with the 1.3.x > libs) > > Just something to try. > > On Sat, Sep 27, 2003 at 04:29:41PM -0500, [EMAIL PROTECTED] wrote: > > My samba server is a member of my w2k3 mixed mode domain via 'net ads join' > > > > all users and groups can be seen with wbinfo + getent > > > > net ads commands show proper information > > > > I can connect to my local machine using winbind via /etc/pam.d/login > > > > but when my windows clients try to connect to any share, I receive: > > > > ads_verify_ticket: krb5_rd_req with auth failed (bad encryption) > > > > The machine account looks fine from both sides. > > > > I have signing turned off on the w2k3 server, and I have allowed anonymous > > queries. > > > > I've run out of clues on this one. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > --- > Derek T. Yarnell > University of Maryland > Computer Science Department Unix Staff > [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication problems
Can you kinit correctly? kinit [EMAIL PROTECTED] If that gives you an error 52 then what I have found that if you are in Native W2k3 mode for the domain then you will have to upgrade kerberos to version 1.3.x to get it to work correctly (and link with the 1.3.x libs) Just something to try. On Sat, Sep 27, 2003 at 04:29:41PM -0500, [EMAIL PROTECTED] wrote: > My samba server is a member of my w2k3 mixed mode domain via 'net ads join' > > all users and groups can be seen with wbinfo + getent > > net ads commands show proper information > > I can connect to my local machine using winbind via /etc/pam.d/login > > but when my windows clients try to connect to any share, I receive: > > ads_verify_ticket: krb5_rd_req with auth failed (bad encryption) > > The machine account looks fine from both sides. > > I have signing turned off on the w2k3 server, and I have allowed anonymous > queries. > > I've run out of clues on this one. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba cups point'n print for 3.0.0
I am having trouble getting point n' print working under 3.0.0. I get these [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy [2003/09/26 12:57:32, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy On the client side it just requests me to send my password (which it shouldn't because I am using ads security which seems to work for the home directories fine) [EMAIL PROTECTED] samba]# cat /etc/samba/smb.conf [global] workgroup = UMD-CSD-NT server string = printer security = ads realm = PC.CS.UMD.EDU load printers = yes printing = cups printcap name = cups log file = /var/log/samba/log.%m max log size = 500 log level = 2 socket options = TCP_NODELAY local master = no wins server = 128.8.130.59 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = derek [print$] comment = Printer Drivers path = /etc/samba/drivers browseable = yes guest ok = no read only = no write list = derek cupsaddsmb ran without any problems and the drivers are in place in, /etc/samba/drivers. Any help? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in rc4
I see this problem too. I thought that I was going crazy. On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > After upgrading rc2 -> rc4 (suse binary packages) > > > > line 'valid users = %S' in [homes] section prevents user getting to his > > homedirectory > > Same change occured here when upgrading from 2.2.7a to the 3.0.0 release. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.0 compiling solaris
I am having trouble compiling 3.0.0 (release) on solaris 2.8 I am getting this, Using FLAGS = -g -O2 -I/usr/local/cups-1.1.18/include -I/usr/local/krb5-1.3.1/include -I./popt -Iinclude -I/usr/local/src/samba/samba-3.0.0/source/include -I/usr/local/src/samba/samba-3.0.0/source/ubiqx -I/usr/local/src/samba/samba-3.0.0/source/smbwrapper -I. -I/usr/local/openldap-2.1.22/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/krb5-1.3.1/include -I/usr/local/src/samba/samba-3.0.0/source LIBS = -lsec -lgen -lresolv -lsocket -lnsl LDSHFLAGS = -G -L/usr/local/openldap-2.1.22/lib -R/usr/local/openldap-2.1.22/lib -L/usr/local/cups-1.1.18/lib LDFLAGS = -L/usr/local/openldap-2.1.22/lib -R/usr/local/openldap-2.1.22/lib -L/usr/local/cups-1.1.18/lib Linking bin/smbd rpc_server/srv_pipe.o(.text+0x4248): In function `get_pipe_fns': /usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1567: undefined reference to `lsa_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x425c):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1570: undefined reference to `lsa_ds_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x4270):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1573: undefined reference to `samr_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x4284):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1576: undefined reference to `netlog_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x42ac):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1582: undefined reference to `wkssvc_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x42c0):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1585: undefined reference to `reg_get_pipe_fns' rpc_server/srv_pipe.o(.text+0x42e8):/usr/local/src/samba/samba-3.0.0/source/rpc_server/srv_pipe.c:1591: undefined reference to `netdfs_get_pipe_fns' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 Here are my configure args, ./configure --prefix=/usr/local/samba-3.0.0 --with-privatedir=/etc/samba/private --with-lockdir=/var/samba/locks --with-piddir=/var/run --with-swatdir=/etc/samba/swat --with-configdir=/etc/samba --with-logfilebase=/var/adm/samba --with-krb5=/usr/local/krb5-1.3.1 --with-included-popt --enable-shared --with-libsmbclient Any clues? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] no charset ver. 3.0.0beta3 on solaris
I too am having this charset problem, can anyone acknowledge that this is a problem with samba and not a problem with my compile environment? It has been almost 3 weeks since the first messages about this and I still can't figure out why samba is choking on the charset stuff. On Tuesday, July 29, 2003, at 08:28 AM, Paul Coray wrote: Hi all This question came up several times in this list in the last couple of weeks, but nobody seems to have found a solution... so I post this again, hoping that anybody out there has the answer. I compiled Samba 3.0.0beta3 on Solaris 9 with the following options: --with-winbind --with-acl-support --with-included-popt --with-pam Starting the daemon or doing testparm gives me always: Error loading module '/usr/local/samba/lib/charset/.so': ld.so.1: testparm: fatal: /usr/local/samba/lib/charset/646.so: open failed: No such file or directory or: Error loading module '/usr/local/samba/lib/charset/ISO8859.so': ld.so.1: testparm: fatal: /usr/local/samba/lib/charset/ISO8859-1.so: open failed: No such file or directory The /usr/local/samba/lib/charset directory is empty. Then I added the path to my GNU iconv libraries for configure : --with-libiconv=/opt/csw, but still no success... I use gcc 3.3. I tried gmake as well as Solaris make in /usr/ccs/bin. Here is a list of installed iconv and locale packages on the compiling system (Sun Blade 150 Sparc): (ub-blade1):~ # pkginfo | grep iconv system CSWiconv libiconv - GNU iconv library ALE SUNWciu8 Simplified Chinese (EUC) iconv modules for UTF-8 ALE SUNWciu8xSimplified Chinese (EUC) iconv modules for UTF-8 (64-bit) ALE SUNWhiu8 Traditional Chinese iconv modules for UTF-8 ALE SUNWhiu8xTraditional Chinese (EUC) iconv modules for UTF-8 (64-bit) system SUNWiniu8Indic UTF-8 iconv modules for UTF-8 system SUNWiniu8x Indic UTF-8 iconv modules for UTF-8 (64-bit) system SUNWislcx64-bit iconv conversion for Eastern European locales system SUNWisolx64-bit iconv conversion for ISO Latin character sets system SUNWjiu8 Japanese iconv modules for UTF-8 system SUNWjiu8xJapanese iconv modules for UTF-8 (64-bit) ALE SUNWkiu8 Korean UTF-8 iconv modules for UTF-8 ALE SUNWkiu8xKorean (UTF-8) iconv modules for UTF-8 (64-bit) system SUNWtiu8 Thai UTF-8 iconv modules for UTF-8 system SUNWtiu8xThai UTF-8 iconv modules for UTF-8 (64-bit) (ub-blade1):~ # pkginfo | grep locale system SUNWctlu Print utilities for CTL locales system SUNWislccXSH4 conversion for Eastern European locales system SUNWislcx64-bit iconv conversion for Eastern European locales system SUNWplowrRoot pkg partial locales. Remove 'spamblock.' from the reply address. Thanks in advance for any hint Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] charset problem
When I compile samba on Solaris 8 wich gcc, [EMAIL PROTECTED]:/usr/local/samba-3.0.0beta3/bin# ./net [2003/07/21 16:25:56, 0] lib/module.c:smb_load_module(40) Error loading module '/usr/local/samba-3.0.0beta3/lib/charset/646.so': ld.so.1: ./net: fatal: /usr/local/samba-3.0.0beta3/lib/charset/646.so: open failed: No such file or directory [2003/07/21 16:25:56, 0] lib/module.c:smb_load_module(40) Error loading module '/usr/local/samba-3.0.0beta3/lib/charset/646.so': ld.so.1: ./net: fatal: /usr/local/samba-3.0.0beta3/lib/charset/646.so: open failed: No such file or directory [2003/07/21 16:25:56, 0] lib/module.c:smb_load_module(40) That file does not exist, but why is samba looking for something that it did not install? Any clues? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling 3.0.0beta1
Figured this out, make sure you don't have any rouge headers in /usr/local/include. This can cause all sorts of wierd headaches and compile problems. On Mon, Jun 09, 2003 at 11:12:02PM -0400, Derek T. Yarnell wrote: > Preface, running redhat 8.0 (pretty standard and up2date) > > [atlantis 158] uname -a > Linux atlantis.cs.umd.edu 2.4.18-27.8.0 #1 Fri Mar 14 06:45:49 EST 2003 > i686 i686 i386 GNU/Linux > [atlantis 159] gcc --version > gcc (GCC) 3.2 20020903 (Red Hat Linux 8.0 3.2-7) > Copyright (C) 2002 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There > is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR > PURPOSE. > > I am getting wierd errors trying to compile 3.0b1, and getting here and > it is dying, > > Linking bin/smbd > tdb/tdbutil.o: In function `tdb_search_keys': > /tmp/samba-3.0.0beta1/source/tdb/tdbutil.c:791: undefined reference to > `ap_fnmatch' > collect2: ld returned 1 exit status > make: *** [bin/smbd] Error 1 > > ap_fnmatch is an apache thing as far as I can find, why is smbd linking > against it? This is just a straight > ./confiure --prefix=/opt/samba-3.0.0b1 > > No wierd CPPFLAGS,LDFLAGS or any other environmental variables. > > -- > --- > Derek T. Yarnell > University of Maryland > Computer Science Department Unix Staff > [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling 3.0.0beta1
Preface, running redhat 8.0 (pretty standard and up2date) [atlantis 158] uname -a Linux atlantis.cs.umd.edu 2.4.18-27.8.0 #1 Fri Mar 14 06:45:49 EST 2003 i686 i686 i386 GNU/Linux [atlantis 159] gcc --version gcc (GCC) 3.2 20020903 (Red Hat Linux 8.0 3.2-7) Copyright (C) 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. I am getting wierd errors trying to compile 3.0b1, and getting here and it is dying, Linking bin/smbd tdb/tdbutil.o: In function `tdb_search_keys': /tmp/samba-3.0.0beta1/source/tdb/tdbutil.c:791: undefined reference to `ap_fnmatch' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 ap_fnmatch is an apache thing as far as I can find, why is smbd linking against it? This is just a straight ./confiure --prefix=/opt/samba-3.0.0b1 No wierd CPPFLAGS,LDFLAGS or any other environmental variables. -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
