[Samba] wbinfo -t fails but other wbinfo and getent items work.
parameters are only for Heimdal Kerberos. # v4_instance_resolve = false ## v4_name_convert = { # host = { # rcmd = host # ftp = ftp # } # plain = { # something = something-else # } # } [realms] TEST.COM = { kdc = server03test.test.com admin_server = server03test.test.com default_domain = test.com } [domain_realm] .test.com = TEST.COM -- Michael Wray AimConnect, an S4F Inc. Company 918.524.1010 ext 106 [EMAIL PROTECTED] http://www.aimconnect.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shared network printer on linksys print server
Well, what's the command it's asking for? If it's lpr or lpq it's probably because that has been obsoleted by CUPS. You should read info on lpr compatability, CUPS, and samba. first get the printer working from the command line without samba...(through cups...) Then you can worry about getting samba to use it. On Wednesday 20 April 2005 6:56 pm, Sean Fichera wrote: I have a samba server running samba 3. I am not actually sure that this is samba not working or a linux printing thing. I have a Linksys PPSX1 Pocket Print Server and I am unable to print to the network printer. There are directions on the Linksys site but I get so far and the directions tell me to type a command that is not found. Is anyone printing to a Linksys Pocket Print Server? I need this to be queue based. Any suggestions? Sean Fichera Salem School District Media -- Michael Wray AimConnect, an S4F Inc. Company 918.524.1010 ext 106 [EMAIL PROTECTED] http://www.aimconnect.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] \PIPE\NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)
113554 1 2 2 [2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup_ntlmssp(615) Failed to send NTLMSSP/SPNEGO blob to server! [2005/04/18 13:40:46, 3] libsmb/cliconnect.c:cli_session_setup(861) SPNEGO login failed: Undetermined error [2005/04/18 13:40:46, 3] nsswitch/winbindd_cm.c:new_cm_connection(755) Could not open a connection to S4FTEST for \PIPE\NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/04/18 13:40:46, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68) could not open handle to NETLOGON pipe [2005/04/18 13:40:46, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98) Checking the trust account password returned NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND -- Michael Wray AimConnect, an S4F Inc. Company 918.524.1010 ext 106 [EMAIL PROTECTED] http://www.aimconnect.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share Group Access
Easy fix: Make group D and add GROUP A and B as members, but not C, then make the subfolders group ownership GROUP D, with GROUP Access. On Tuesday 15 March 2005 5:43 pm, Bruno Quintas wrote: Hi, i have 3 groups in Samba PDC. One Folder called Geral (with rwx access to all of them), and i want to create anothe folder inside it with rwx access by groups A and B, and no access by group C, is this possible? What should i do?I got a bit confused after looking at the Howto. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
Take the DASH out of your domain name. While allowed at creation time most clients cant use this name properly..windows, samba, or otherwise. On Wednesday 16 March 2005 11:28 am, fatima riadi wrote: My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS question
On Wednesday 09 March 2005 8:56 am, Marcus Franke wrote: Hi, [public] comment = Backup Verzeichnis path = /mnt/backup admin users = DOMAIN+Administrator, root valid users = DOMAIN+Administrator, root The administrator of my Windows domain now should be able to access the public share. But when I try to access the box I am asked for a username and a password. I found, that getent passwd and group does not list the domain users and groups, just my local users and groups from /etc/passwd and /etc/groups. After some more searching, I tuned the loglevel up to 10 and found these entries in winbindd.log: [2005/03/09 15:37:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed [2005/03/09 15:38:12, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'marcus' does not exist [2005/03/09 15:38:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:40:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed kinit failed? I can use wbinfo -[sgu] even from the local user marcus and get positive info from it, why not when invoked from the server? I can mail the smbd log for the machine I am trying to connect to the server. But the output is huge (41k) and I would not like to post it directly to the list :) Any suggestions? I would be happy for every hint. Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth (Samba build) stops responding.
when using the samba 3.0.x (Any 3.0.x build) ntlm_auth helper program for authentication, it will authenticate for a week, and then stop responding. Does this mean that it uses a persistant connection that's never respawned? It seems to me, it would be nice if it occassionally would disconnect and reconnect, as suddenly stopping responses causes production environments to fail. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active Directory, Listing Users in Groups.
I have samba 3.0.8, as a member of 2000AD and 2003AD. I would like to get groups and the members in each group. The purpose is to maintain a set of Filtering profiles on squidGuard that are based on AD groups. I will have a script that reads a config file with the groupnames to fetch from Active Directory and a Precedence order to set them in. One of the groups will be designated a NO Access group which will get priority over all other groups. The script then based on group priority will only allow a username to occur in the highest priority group the user belongs to. groupfiles in squidguard are src files with Domain/username\n as a line. Are there any utilities to get the list of groups, and the users in each group. Attempting to do wbinfo -r username always fails. wbinfo -g DOMAIN\Groupname DOMAIN\Groupname2 wbinfo -u unable to get domain users wbinfo -t success ntlmauth works both cleartext and encrypted (My browsers are able to authenticate successfully using ntlmauth) I suspect I want some perl utility with LDAP... any hints would be greatly appreciated..as I seem to have hit a roadblock...I would prefer not to have to get to deeply involved in the internals of LDAP if possible...as I seem to remember seeing scripts for this earlier..I just am unable to come up with how I found them to begin with. Michael Wray S4F Technologies, Inc. 2448 S. 81st St. Tulsa, OK 74137 http://www.s4f.com mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD2003 +Squid NTLM Auth.
host:~ # wbinfo -t checking the trust secret via RPC calls succeeded ---ntlm_auth-- filtercube:~ / # /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic gooduser goodpass OK domain\gooduser goodpass OK - ---krb5.conf [libdefaults] ticket_lifetime = 24000 default_realm = DOMAIN dns_lookup_realm = yes dns_lookup_kdc = yes [realms] DOMAIN = { kdc = DOMAIN.com } -nsswitch.conf-- passwd: files winbind group: files winbind hosts: dns winbind -pam conf -- Not Sure which files needed to modify for ntlm_auth to work. Have tried passwd and login by adding lines listed in squid FAQ. I am using a newer version of pam that uses /etc/pam.d/service for authentication directions. Do I need to create a new auth file called ntlm_auth? ---smb.conf:--- #Global Settings [global] workgroup = DOMAIN server string = Filtering Server log file = /var/log/log.%m max log size = 50 security = ads password server = * encrypt passwords = yes socket options = TCP_NODELAY dns proxy = no winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind separator = \\ realm = DOMAIN.com winbind use default domain = yes --- Package List: apache+mod_ssl-1.3.28+2.8.15_1 The Apache 1.3 webserver with SSL/TLS functional bash-2.05b.007 The GNU Bourne Again Shell bind9-9.2.2 Completely new version of the BIND DNS server bison-1.75_1A parser generator from FSF, (mostly) compatible with Yacc bsdftpd-ssl-0.6.3 FTP server with TLS/SSL support curl-7.10.7 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) cvsup-16.1h General network file distribution system optimized for CVS cvsup-without-gui-16.1h General network file distribution system optimized for db-2.7.7_1 The Berkeley DB package, revision 2 db3-3.3.11,1The Berkeley DB package, revision 3 db4-4.0.14_1,1 The Berkeley DB package, revision 4 db41-4.1.25_1 The Berkeley DB package, revision 4.1 db42-4.2.52_3 The Berkeley DB package, revision 4.2 expat-1.95.6_1 XML 1.0 parser written in C ezm3-1.1Easier, more portable Modula-3 distribution for building CV gd-2.0.15_1,1 A graphics library for fast creation of images gdbm-1.8.3 The GNU database manager gettext-0.12.1 GNU gettext package glib-1.2.10_9 Some useful routines of C programming (previous stable vers gmake-3.80_1GNU version of 'make' utility heimdal-0.6.1 A re-implementation of Kerberos V help2man-1.33.1 Automatically generating simple manual pages from program o imake-4.3.0 Imake and other utilities from XFree86 libiconv-1.8_2 A character set conversion library libltdl-1.5 System independent dlopen wrapper linux_base-7.1_4The base set of packages needed in Linux mode nspr-4.4.1_1A platform-neutral API for system level and libc like funct nss-3.9.2 Libraries to support development of security-enabled applic openldap-client-2.2.15 Open source LDAP client implementation openldap-server-2.2.15 Open source LDAP server implementation openssh-3.6.1_5 OpenBSD's secure shell client and server (remote login prog openssl-0.9.7d_1SSL and crypto library pf_freebsd-2.03 OpenBSD pf as a kldmodule samba-3.0.7,1 A free SMB and CIFS client and server for UNIX squid-2.5.6_10 The successful WWW proxy cache and accelerator squidGuard-1.2.0_1 A fast redirector for squid sudo-1.6.7.4Allow others to run commands as root - Michael Wray S4F Technologies, Inc. 2448 S. 81st St. Tulsa, OK 74137 http://www.s4f.com mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Am running samba-3.0.7,1 on freebsd 5.2. How do I get wbinfo to pass plain text auth on a 2003 AD server? It passes the NTLM challenge/response just fine...but plain text fails and claims No Such User as well as complaining about a null winbind separator. All examples I have seen have no definition for the winbind separator, is this important for plain text auth or is it not supported in 2003? Here is the session: /usr/ports/www/squid # wbinfo -a admintest%pa\$\$word plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user admintest%pa$$word with plaintext password winbind separator was NULL! challenge/response password authentication succeeded You have new mail. machine:~ /usr/ports/www/squid # Michael Wray S4F Technologies, Inc. 2448 S. 81st St. Tulsa, OK 74137 http://www.s4f.com mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Changing domains...causes wbinfo -t to fail.
smb.conf obey pam restrictions = No workgroup = mydomain server string = server security = domain password server = passserver.mydomain.com socket options = TCP_NODELAY dns proxy = no winbind uid = 1-2 winbind guid = 1-2 winbind use default domain = yes using samba-2.2.8a on FreeBSD 5.1 smbpasswd -j mydomain -r 192.168.1.3 -U admin%pass Joined mydomain successfully wbinfo -t secret is good Reconfigure smb.conf for new location as doing above is to verify that joining a domain is possible. smb.conf obey pam restrictions = No workgroup = newdomain server string = server security = domain password server = passserver.newdomain.com socket options = TCP_NODELAY dns proxy = no winbind uid = 1-2 winbind guid = 1-2 winbind use default domain = yes using samba-2.2.8a on FreeBSD 5.1 cd /usr/local/private rm secrets.tdb smbpasswd -j mydomain -r 192.168.1.3 -U admin%pass Joined mydomain successfully wbinfo -t error cannot check secret (0xe5f) Am I missing something...this happens frequently...apparently uninstalling samba, removing the secrets database, reinstalling samba, rebooting, then rejoining, rebooting then doing wbinfo -t works. But it seems like an awful lot to go through. Any suggestions? Incidentally could it have anything to do with my resolver library refusing to use the hosts file reguardles of host.conf and nsswitch.conf settings? (Winbindd shows good comms with the server but doesn't receive the secrets..so I don't think it would unless there's a shared underlying library...) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba