[Samba] password authentication stops but can be restarted
I have several Sun Solaris systems that share directories via SAMBA. After some period (I think 30 days, which the password expiration period) the authentication stops with the following messages (all names changed to protect the guilty): li_rpc_pipe_open_schannel: failed to get schannel session key from server W3K_SERVER for domain DOMAINX. connect_to_domain_password_server: unable to open the domain client session to machine W3K_SERVER. Error was : NT_STATUS_ACCESS_DENIED. After successfully running the 'net join' command every thing works fine for another 30 days. My smb.conf and smb.users are: smb.conf [global] security = domain workgroup = DOMAINX netbios name = sun-system-y password server = W3K_SERVER domain master = no local master = no preferred master = no username map = /etc/sfw/smb.users [homes] writeable = yes valid users = +sysadmin wide links = no [app] path = /var/data_path writeable = yes valid users = app_id wide links = no smb.users id_1 = DOMAINX\win_id_1 id_2 = DOMAINX\win_id_2 app_id = DOMAINX\win_id_app Note that the Windows password server is Win3K and that I have various versions of Sun supplied SAMBA. I do have some SAMBA share that use Win2K authentication and those do not seem to have this issue. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SUMMARY: username map
It turned out that the Windows ID was 9 characters and for some reason the Unix system was truncating it. I'm guessing that it is because the Unix box has a 8 character ID limit. We changed the Windows ID to 7 characters and everything worked. JC -- Original Message -- Received: Wed, 08 Aug 2007 05:10:15 PM EDT From: JESSE CARROLL [EMAIL PROTECTED] To: samba@lists.samba.org Subject: username map Forgive me for being new - but you've got start somewhere. I've setup SAMBA on a Unix server that talks to AD. Almost everything works save for a user name map. From my configuration (names changed)below I can attach from windusr1 on PC1 to the Unix system and it sets up as unxusr1 no problems and clean. I can access all three shares. However, when I try to do the same thing from PC2 for appusrwin I am prompted for a name/password. No matter what I put in (windows ID/password or Unix ID/password, or combinations of these)I can't connect. The message in the log.smbd is domain_client_validate: unable to validate password for user appusru in domain XXXGLOBAL to Domain controller USORSDC00. Error was NT_STATUS_NO_SUCH_USER. Note that in reality the Unix ID and Windows are very similar, with the difference being that the Windows ID is the same as the Unix ID but with 2 more characters. What am I doing incorrectly? :: smb.conf :: [global] security = domain workgroup = XXXGLOBAL netbios name = unix01 password server = adserver01, adserver02 domain master = no local master = no preferred master = no username map = /usr/local/samba/lib/smb.users [homes] writeable = yes # +sysadmin is a Unix group which unxusr1 is a member valid users = +sysadmin wide links = no [trax] path = /var/data_files writeable = yes valid users = unxusr1, appusru wide links = no [test] path = /var/tmp writeable = yes valid users = unxusr1, appusru wide links = no :: smb.users :: unxusr1 = XXXGLOBAL\windusr1 appusru = XXXGLOBAL\appusrwin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] username map
Forgive me for being new - but you've got start somewhere. I've setup SAMBA on a Unix server that talks to AD. Almost everything works save for a user name map. From my configuration (names changed)below I can attach from windusr1 on PC1 to the Unix system and it sets up as unxusr1 no problems and clean. I can access all three shares. However, when I try to do the same thing from PC2 for appusrwin I am prompted for a name/password. No matter what I put in (windows ID/password or Unix ID/password, or combinations of these)I can't connect. The message in the log.smbd is domain_client_validate: unable to validate password for user appusru in domain XXXGLOBAL to Domain controller USORSDC00. Error was NT_STATUS_NO_SUCH_USER. Note that in reality the Unix ID and Windows are very similar, with the difference being that the Windows ID is the same as the Unix ID but with 2 more characters. What am I doing incorrectly? :: smb.conf :: [global] security = domain workgroup = XXXGLOBAL netbios name = unix01 password server = adserver01, adserver02 domain master = no local master = no preferred master = no username map = /usr/local/samba/lib/smb.users [homes] writeable = yes # +sysadmin is a Unix group which unxusr1 is a member valid users = +sysadmin wide links = no [trax] path = /var/data_files writeable = yes valid users = unxusr1, appusru wide links = no [test] path = /var/tmp writeable = yes valid users = unxusr1, appusru wide links = no :: smb.users :: unxusr1 = XXXGLOBAL\windusr1 appusru = XXXGLOBAL\appusrwin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba