RE: [Samba] Active Directory
Newbie...Does Samba clients support Win 2003 Active Directory domains? What would be the minimum release of Samba? Is there a documentation site to say how to setup samba for active directory? Yes, you need the most recent version with the following bugfix: https://bugzilla.samba.org/show_bug.cgi?id=1315 You also need Kerberos installed and configured on your machine (not covered by this mailing list). Once that is done you can modify your smb.conf file with the following lines: workgroup = MYDOMAIN security = ADS realm = MYKERBEROSREALM password server = MYDOMAINCONTROLLER BACKUPDOMAINCONTROLLER -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cannot connect MacOSX domain member to PDC
What is it that you have tried so far? Post your server and client smb.conf files as well as the exact error so we can get a better grasp of the problem. You should also take a look at the Directory Access application in /Applications/Utilities if you haven't already. It will allow you to use Active Directory or LDAP to authenticate your username/password when you login. Before you do that, though, you do need to join the domain with samba using net ads|rpc join -S servername -U username. You might be getting the master browser errors because you are not specifying the server. -Original Message- From: Tony Baker [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 8:51 AM To: [EMAIL PROTECTED] Subject: [Samba] Cannot connect MacOSX domain member to PDC I have a PDC which is a Sun280R with Solaris 8 running PCNetlink2.0 (effectively a WindowsNT4.0 server) I want to join a Apple G5 with MacOSX10.3.3 (Samba 3.0) as a domain member of the above PDC. It will not allow me to do this and has lots of master browser - unknown in the logs of the Apple. I have the IP address in the same range as the PDC and have the netmask set the same also. I can make the Apple a standalone server and can then map a drive in a windows client, but it is still not seen in Network Neighbourhood. Has anybody had/seen these issues with Apples before and can pass on any help. Regards Tony -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cannot connect MacOSX domain member to PDC
There are several things wrong with your smb.conf file... First, you should not have a netbios name and a workgroup with the same name...I think you may be confusing yourself. There is nothing wrong with it, but I don't think that is what you intend. Think of the workgroup as the domain name and the netbios name as the machine name. Your PDC Solaris machine should at least have the following: (substitute HOME for your preferred domain name) netbios name = Sun280 workgroup = HOME security = domain domain logons = Yes domain master = Yes preferred master = Yes encrypt passwords = yes And your domain member OSX machine should AT LEAST have the following: (substitute HOME for the domain name you used above) netbios name = G5server workgroup = HOME security = domain domain logons = No domain master = No encrypt passwords = yes password server = Sun280 Once you set all that up you should be able to simply call: net join -S Sun280 -U username%password You do not need to specify both the server name and ip address, and it will pick up the workgroup/domain from the server which will be the same as HOME in the above examples anyway. The username and password should be of an account that has privileges to add machines to the domain. Also, depending on your PDC settings, you may have to create a machine account before running net join ~ Chris -Original Message- From: Tony Baker [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 12:15 PM To: Huyler, Christopher M Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Cannot connect MacOSX domain member to PDC I am not running LDAP or AD on the PDC (Sun running PCNetlink) Is that the problem?? Will an Apple (Samba3.0) only join a domain runing LDAP or AD?? # ##excerpt from logs from Apple## 2004/05/18 10:32:42, 0] /SourceCache/samba/samba-56/samba/source/nmbd/nmbd.c:process(540) Got SIGHUP dumping debug info. [2004/05/18 10:32:42, 0] /SourceCache/samba/samba-56/samba/source/nmbd/nmbd_workgroupdb.c:dump_wo rkgroups(266) dump_workgroups() dump workgroup on subnet 10.1.1.61: netmask= 255.255.240.0: G5SERVER(2) current master browser = UNKNOWN G5SERVER 40009a03 (Mac OS X) [2004/05/18 10:32:42, 0] /SourceCache/samba/samba-56/samba/source/nmbd/nmbd_workgroupdb.c:dump_wo rkgroups(266) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask=0.0.0.0: WORKGROUP(1) current master browser = UNKNOWN G5SERVER 40009a03 (Mac OS X) [2004/05/18 10:32:42, 0] /SourceCache/samba/samba-56/samba/source/nmbd/nmbd_browsesync.c:collect_ all_workgroup_names_from_wins_server(585) collect_all_workgroup_names_from_wins_server: Cannot find my workgroup G5SERVER on subnet UNICAST_SUBNET. ## ##following when trying to join domain## # net join -S Sun280 -I x.x.x.x -w domainname root password: could not initialise lsa pipe could not obtain sid for domain ## ##smb.conf from Apple## # more smb.conf [global] workgroup = G5server display charset = UTF-8-MAC print command = /usr/sbin/PrintServiceAccess printps %p %s lprm command = /usr/sbin/PrintServiceAccess remove %p %j security = user guest account = unknown encrypt passwords = yes printing = BSD allow trusted domains = no preferred master = no lppause command = /usr/sbin/PrintServiceAccess hold %p %j netbios name = G5server wins support = no max smbd processes = 0 printcap = wins server = x.x.x.x server string = Mac OS X lpresume command = /usr/sbin/PrintServiceAccess release %p %j client ntlmv2 auth = no domain logons = no lpq command = /usr/sbin/PrintServiceAccess jobs %p passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC auth methods = guest opendirectory local master = no use spnego = no map to guest = Bad User domain master = no printer admin = @admin, @staff log level = 2 [homes] comment = User Home Directories root preexec = /usr/sbin/inituser %U create mode = 0750 read only = no browseable = no [Public] comment = macosx inherit permissions = no path = /Shared Items/Public directory mask = 0755 map archive = no guest ok = 1 read only = no create mask = 0644 [Users] comment = macosx inherit permissions = no path = /Users directory mask = 0755 map archive = no guest ok = 1 read only = no create mask = 0644 [Groups] comment = macosx inherit permissions = no path = /Groups directory mask = 0755
[Samba] RE: Bug 1315 -- wrong schannel auth len 24 -- am I having same problem on my Mac?
Can someone verify that I am having the same problem with Mac OS X Panther (10.3.3) using Samba 3.0.2 based on my log below? I get this trying to connect from my WinXP machine to my Mac which is configured with ADS. If so, can you point me to a set of instructions on upgrading from 3.0.2 to 3.0.4 with this patch? I don't have control over the server I authenticate with...it is about 300 miles away, so upgrading my own machine would be the only option. Here's the log... [2004/05/17 09:43:34, 2] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:setup_new_vc_s ession(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_sesssetu p_and_X_spnego(518) Doing spnego session setup [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_sesssetu p_and_X_spnego(549) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_n egotiate(427) Got OID 1 2 840 48018 1 2 2 [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_n egotiate(427) Got OID 1 2 840 113554 1 2 2 [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_n egotiate(427) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_n egotiate(430) Got secblob of size 1583 [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/passdb/secrets.c:secrets_named_ mutex(698) secrets_named_mutex: got mutex for replay cache mutex [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [23] failed to decrypt with error Decrypt integrity check failed [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(323) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2004/05/17 09:43:34, 10] /SourceCache/samba/samba-56/samba/source/passdb/secrets.c:secrets_named_ mutex_release(710) secrets_named_mutex: released mutex for replay cache mutex [2004/05/17 09:43:34, 3] /SourceCache/samba/samba-56/samba/source/libads/kerberos_verify.c:ads_ve rify_ticket(330) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2004/05/17 09:43:34, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! # -Original Message- # # The fix for 3.0.4 is attached to # # https://bugzilla.samba.org/show_bug.cgi?id=1315 # # Anders, I posted this previsouly in response to one of # the threads you referred to. # # http://lists.samba.org/archive/samba/2004-May/085842.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issues with Samba 3.0.2 on OSX using ADS.
Can anyone help me with this? -Original Message- From: Huyler, Christopher M Sent: Friday, April 23, 2004 3:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Issues with Samba 3.0.2 on OSX using ADS. We have a Win2K network at work and I've been trying to integrate my Mac 10.3 machine into the network. It seems that once one thing is working, something else is not. I have read through various Mac tutorials found on the web but none seem to solve my problem. Right now I have Active Directory Domain Logons working successfully but Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep getting the following entries in the /var/log/samba/log.smbd log: [2004/04/23 15:07:03, 0] /SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747) smbd version 3.0.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/04/23 15:07:19, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! I can't figure it out. I'm positive that Kerberos is configured correctly because I can run kinit and klist successfully and I can log in using my domain account. Here is some more info: [EMAIL PROTECTED] root]# net ads leave -S usildc03 -U huych02% Removed 'USFROSX1' from realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% [2004/04/23 15:33:27, 0] /SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas sword(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database Join to domain is not valid [EMAIL PROTECTED] root]# net ads join -S usildc03 -U huych02% [2004/04/23 15:33:42, 0] /SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a cct(1086) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- TANT-A01 Joined 'USFROSX1' to realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% Join is OK After all that, I still get the reply_spnego_kerberos(173) errors. Any help would be appreciated, I have searched the net up and down and nothing seems to help. Below is a copy of my smb.conf file for reference: [global] netbios name = usfrosx1 workgroup = TANT-A01 server string = Mac OS X security = ads realm = CA.COM password server = USILDC03 USILDC05 encrypt passwords = yes use spnego = yes client use spnego = yes printer admin = @admin, @staff unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 guest account = unknown level2 oplocks = no [homes] comment = User Home Directories browseable = no read only = no [public] path = /tmp public = yes writable = no printable = no [printers] path = /tmp printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Issues with Samba 3.0.2 on OSX using ADS.
We have a Win2K network at work and I've been trying to integrate my Mac 10.3 machine into the network. It seems that once one thing is working, something else is not. I have read through various Mac tutorials found on the web but none seem to solve my problem. Right now I have Active Directory Domain Logons working successfully but Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep getting the following entries in the /var/log/samba/log.smbd log: [2004/04/23 15:07:03, 0] /SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747) smbd version 3.0.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/04/23 15:07:19, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! I can't figure it out. I'm positive that Kerberos is configured correctly because I can run kinit and klist successfully and I can log in using my domain account. Here is some more info: [EMAIL PROTECTED] root]# net ads leave -S usildc03 -U huych02% Removed 'USFROSX1' from realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% [2004/04/23 15:33:27, 0] /SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas sword(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database Join to domain is not valid [EMAIL PROTECTED] root]# net ads join -S usildc03 -U huych02% [2004/04/23 15:33:42, 0] /SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a cct(1086) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- TANT-A01 Joined 'USFROSX1' to realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% Join is OK After all that, I still get the reply_spnego_kerberos(173) errors. Any help would be appreciated, I have searched the net up and down and nothing seems to help. Below is a copy of my smb.conf file for reference: [global] netbios name = usfrosx1 workgroup = TANT-A01 server string = Mac OS X security = ads realm = CA.COM password server = USILDC03 USILDC05 encrypt passwords = yes use spnego = yes client use spnego = yes printer admin = @admin, @staff unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 guest account = unknown level2 oplocks = no [homes] comment = User Home Directories browseable = no read only = no [public] path = /tmp public = yes writable = no printable = no [printers] path = /tmp printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba