[Samba] Auth problem with AD member server

2009-02-10 Thread Jeff Thurston 
I am having trouble with certain versions of Windows accessing shares
provided by our Samba (3.0.24) servers which are AD members (Windows Server
2003 AD Controller).
 
The problem seems to be with the hyphen in the domain name; if a (domain)
user of XP, Server2003, or Linux accesses a share, everything works.
If a domain user on Vista or Windows7 tries to access the same share (same
user as above), they get permission denied.
HOWEVER, if the user provides the credentials as DOMAIN\User instead of
DOMAIN-NAME\User, then everything works.
We're using the LM/NTLM settings in Vista, not NTLM2.
 
Does anyone have an idea how to resolve this?
 
THANKS!
 
Our smb.conf file is below;
 
[global]
workgroup = DOMAIN-NAME
realm = DOMAIN-NAME.COM
preferred master = no
server string = Debian
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
allow trusted domains = No
idmap backend = idmap_rid:DOMAIN-NAME=10-1
idmap uid = 10-1
idmap gid = 10-1
template shell = /bin/bash
winbind enum users = yes
winbind enum groups = yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

RE: [Samba] Joining Samba 3.24 to 2003 ADS

2007-04-27 Thread Jeff Thurston 
'hostname -f'
host.fqdn.com

Entry is also in the hosts file: host, and DC

I've looked in the winbind logs as well as the samba logs and don't see
anything that immediately indicates a problem.

Incidentally, I am able to setup shares and access them as a
@"ADGROUP+domain users" or specific domain user on this server.

Should I even worry about the fact that getent doesn't work "correctly"?


-Original Message-
From: paul karrel [mailto:[EMAIL PROTECTED] 
Sent: Friday, April 27, 2007 10:23 AM
To: Jeff Thurston
Subject: Re: [Samba] Joining Samba 3.24 to 2003 ADS

Jeff Thurston wrote:
> I'm hoping someone can give me a clue what I am doing wrong here,
>
> Running Debian Etch AMD64, I followed the samba wiki at:
> http://wiki.samba.org/index.php/Samba_
> <http://wiki.samba.org/index.php/Samba_&_Active_Directory#Prerequisites>
> &_Active_Directory#Prerequisites.
>
> I get mostly good results, except when I try to run 'getent passwd' or
> 'getent group' only local users/groups are listed.
>
>  
>
> I was able to join the domain: net ads join -U admin_user
>
> The system shows up in AD under computers on the PDC.
>
> Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
> ad_user%password
>
> All of those appear to work correctly. 
>
>  
>
> This however seems somewhat fishy, it says "Active Directory: No":
>
>  
>
> 'wbinfo -D domain.com'
>
> Name  : DOMAIN
>
> Alt_Name  : DOMAIN.COM
>
> SID   : S-XX
>
> Active Directory  : No
>
> Native: No
>
> Primary   : Yes
>
> Sequence  : 2008
>
>  
>
> My nsswitch.conf looks correct:
>
> passwd: files winbind
>
> shadow: files winbind
>
> group: files winbind
>
> hosts: files dns wins
>
>  
>
>  
>
> -Jeff
>
>   
check that the local pc has the correct fqdn; use the hostname command. 
You want the server fqdn to match the local machine fqdn.
Look in the messages file in /var/log for extra info.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba & CUPS: only banner-page gets printed

2007-04-26 Thread Jeff Thurston 
First, I apologize if this gets posted twice, it is not intentional,
after sending it the first time and not seeing it after half an hour I am
trying again...

I'm hoping someone can give me a clue what I am doing wrong here,
Running Debian Etch AMD64, I followed the samba wiki at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory#Prerequisites.

I get mostly good results, except when I try to run 'getent passwd' or
'getent group' only local users/groups are listed.

I was able to join the domain: net ads join -U admin_user
The system shows up in AD under computers on the PDC.

Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
ad_user%password 

All of those appear to work correctly. 

However this seems somewhat fishy, it says "Active Directory: No":

'wbinfo -D domain.com'
Name  : DOMAIN
Alt_Name  : DOMAIN.COM
SID   : S-XX
Active Directory  : No
Native: No
Primary   : Yes
Sequence  : 2008

My nsswitch.conf looks correct:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins


-Jeff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining Samba 3.24 to 2003 ADS

2007-04-26 Thread Jeff Thurston 
I'm hoping someone can give me a clue what I am doing wrong here,

Running Debian Etch AMD64, I followed the samba wiki at:
http://wiki.samba.org/index.php/Samba_

&_Active_Directory#Prerequisites.

I get mostly good results, except when I try to run 'getent passwd' or
'getent group' only local users/groups are listed.

 

I was able to join the domain: net ads join -U admin_user

The system shows up in AD under computers on the PDC.

Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
ad_user%password

All of those appear to work correctly. 

 

This however seems somewhat fishy, it says "Active Directory: No":

 

'wbinfo -D domain.com'

Name  : DOMAIN

Alt_Name  : DOMAIN.COM

SID   : S-XX

Active Directory  : No

Native: No

Primary   : Yes

Sequence  : 2008

 

My nsswitch.conf looks correct:

passwd: files winbind

shadow: files winbind

group: files winbind

hosts: files dns wins

 

 

-Jeff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba