Re: [Samba] problem joining AD domain

2013-01-23 Thread Paolo Supino 
Hi Nico

It's not up to me to decide (and implement) the OS updates :-( and
thus cannot do anything about the status of security of the systems.
Though I completely agree with you :-)

Now to the Samba ADS integraztion problem. I only need to execute the
net ads command, I need the windows domain membership for a service
running on this system not for local logins.



TIA
Paolo



On Wed, Jan 23, 2013 at 1:12 AM, Nico Kadel-Garcia nka...@gmail.com wrote:
 On Tue, Jan 22, 2013 at 6:44 AM, Paolo Supino paolo.sup...@gmail.com wrote:
 Hi

 I'm trying to make a Linux server (RHEL 5.3) join my company's ADS
 domain. The company's domain is built from serveral kerberos realms

 Stop *right* there. If you have RHEL, and you've been regularly
 applying updates, you've automatically updated to RHEL 5.9 since its
 release a few weeks ago. RHEL 5.3 is now 4 yours old and you should
 *not* use it for any security sensitive functions like the critical
 Kerberos authentication in an ADS domain, without the Red Hat
 published system updates. So do the system updates first.

 and Windows domain. the Linux FQDN resolves to the name of one of the
 kerberos realms we have, but I was asked to to have the linux server
 join a different kerberos realm and windows Domain. When  I attempt to
 run the command: 'net ads join -U [account] -w [domain]. I get the
 following error:
 Failed to set servicePrincipalNames. Please ensure that
 the DNS domain of this server matches the AD domain,
 Or rejoin with using Domain Admin credentials.

 I know it's possible because it was done in the company in the past
 (unfortunately) the sysadmin that did it no longer works here and no
 one else knows how to reproduce how he did it.

 Are you using the built-in Samba 3.0.33, the available samba3x tool
 that is Samba 3.6.6, or a hand-built up-to-date Samba toolsuite? If
 you're using the built-in Samba 3.0.33 or the samba3x package, you
 should be able to use authconfig to set all of this in PAM,a nd only
 need net ads to register the particular host with AD credentials.

 And are you making sure to use net ads join -U 'admin@remotedomain'
 -w 'remotedomain', if the DNS domain does not match the AD domain?

 You might also install, and try working with, the X-based version of
 the system-config-authentication command which provides reasonable
 GUI options for most of this.


 I know this email is scarce on helpfull information. I simply don't
 know what information to supply (I have the output of join with -d 4
 and -d 10 debug levels).
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] problem joining AD domain

2013-01-22 Thread Paolo Supino 
Hi

I'm trying to make a Linux server (RHEL 5.3) join my company's ADS
domain. The company's domain is built from serveral kerberos realms
and Windows domain. the Linux FQDN resolves to the name of one of the
kerberos realms we have, but I was asked to to have the linux server
join a different kerberos realm and windows Domain. When  I attempt to
run the command: 'net ads join -U [account] -w [domain]. I get the
following error:
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.

I know it's possible because it was done in the company in the past
(unfortunately) the sysadmin that did it no longer works here and no
one else knows how to reproduce how he did it.

I know this email is scarce on helpfull information. I simply don't
know what information to supply (I have the output of join with -d 4
and -d 10 debug levels).




TIA
Paolo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] mimicking Active directory

2003-08-04 Thread Paolo Supino 

Hi 

  Has anyone on the mailing list succeeded in mimicking
Microsoft's Active directory using OSS software (such as 
Heimdal, OpenLDAP, Samba etc ...)? 









Paolo 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] drive mapping's connection problems

2003-07-29 Thread Paolo Supino 
Hi 

 My company network is built from a series of Solaris 
machines running samba (2.2.x) and windows 2000 clients. 
The domain controller is samba 2.2.8a. When someone logs
on the login script maps a few shares to drive letters. 
Recently the drive mappings started getting disconnected
and when pressed they print out the error: 
An error occurred while reconnecting to [Drive Letter]: 
to \\server\share. Microsoft Windows Network: The local 
device name is already in use. This connection has not been
restored. 
 Can anyone please explain why this happens and how I 
can prevent it? 


TIA 

Paolo 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba