[Samba] inter domain trust not working
Hello, I am trying to make a RHEL6 box (samba-winbind-3.5.10-125.el6.x86_64) accept logins from a trusted domain; all is working fine for the primary domain, pam_winbind+pam_mkhomedir allow logins for domain users, when checking the trusted one though # net rpc trustdom list -Utest%pass Trusted domains list: TRUSTED S-1-2-5-etcetc Unable to find a suitable server for domain TRUSTED domain controller is not responding: NT_STATUS_UNSUCCESSFUL TRUSTED couldn't get domain's sid There are no trusting domains set. A tcpdump while running the above command shows the client connecting to the primary domain controller (which also has all the other roles), then making a DNS query for SRV? _ldap._tcp.pdc._msdcs.TRUSTED. to which it gets a NXDomain This query should not be made, and will not get an answer, the correct one would be SRV? _ldap._tcp.pdc._msdcs.TRUSTED.LOCAL which does exist and returns all the SRV records as expected Windows clients do work in the same network/VLAN; any hints on what makes Samba choke after that query are greatly appreciated. For reference, smb.conf: workgroup = PRIMARY password server = thedc.primary.local winbind use default domain = no realm = PRIMARY.LOCAL security = ads encrypt passwords = yes krb5.conf: [libdefaults] default_realm = PRIMARY.LOCAL dns_lookup_realm = yes dns_lookup_kdc = yes forwardable = false [realms] PRIMARY.LOCAL = { } TRUSTED.LOCAL = { } [domain_realm] .primary.local = PRIMARY.LOCAL primary.local = PRIMARY.LOCAL .trusted.local = TRUSTED.LOCAL trusted.local = TRUSTED.LOCAL (yes, the realm definitions are empty, as everything should work via DNS. I have also tried specifying admin_server,default_domain and kdc for the trusted realm, no dice) thedc.primary.local is set in resolv.conf on the client -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] another one of those "cannot authenticate against AD" posts :(
Hello, I had a perfectly good setup with samba being a domain member, and domain users accessing their shares, since beta1. A month and several updates from M$ later, clients were no longer able to log on to the samba machine. I know this must be related to the updates, since there have been absolutely no configuration / application modifications on the linux box, and clients who forgot to install the patches were still able to login. Hint for the docs: the bloody windows update rewrote the rtfm signorseal registry key, but that can be enforced globally from the domain controller. Now I'm trying with the latest beta - or first stable, as you call it since yesterday :) Status: - linux box joins fine the AD - kinit -v, smbclient -k, net ads whatever work as expected, no errors - no one can login to the samba box. Win 2k/xp report the username/password is incorrect, and the logs state: [2003/09/25 20:20:01, 3] smbd/process.c:process_smb(890) Transaction 10 of length 250 [2003/09/25 20:20:01, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 343) [2003/09/25 20:20:01, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 50 [2003/09/25 20:20:01, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe008b297 [2003/09/25 20:20:01, 3] smbd/process.c:process_smb(890) Transaction 11 of length 338 [2003/09/25 20:20:01, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 343) [2003/09/25 20:20:01, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/09/25 20:20:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/09/25 20:20:01, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[Thatsme] domain=[Mydomain] workstation=[Mine] len1=24 len2=24 [2003/09/25 20:20:01, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2003/09/25 20:20:01, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2003/09/25 20:20:01, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/09/25 20:20:01, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/09/25 20:20:01, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/09/25 20:20:01, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/09/25 20:20:01, 3] auth/auth_util.c:make_server_info_info3(1009) User Thatsme does not exist, trying to add it [2003/09/25 20:20:01, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! ... I don't understand this one .. [2003/09/25 20:20:01, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [Thatsme] -> [Thatsme] FAILED with error NT_STATUS_NO_SUCH_USER ... and I definitely have a domain logon .. [2003/09/25 20:20:04, 3] smbd/process.c:timeout_processing(1099) timeout_processing: End of file from client (client has disconnected). I tried raising the debug level info and got some interesting lines: [2003/09/25 23:03:09, 10] libads/kerberos_verify.c:ads_verify_ticket(310) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2003/09/25 23:03:09, 10] libads/kerberos_verify.c:ads_verify_ticket(303) ads_verify_ticket: enc type [3] decrypted message ! [2003/09/25 23:03:09, 10] passdb/secrets.c:secrets_named_mutex_release(709) secrets_named_mutex: released mutex for replay cache mutex [2003/09/25 23:03:09, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) Got KRB5 session key of length 8 ... [2003/09/25 23:03:09, 3] smbd/sesssetup.c:reply_spnego_kerberos(178) Ticket name is [EMAIL PROTECTED] [2003/09/25 23:03:09, 5] lib/username.c:Get_Pwnam(288) Finding user MYDOMAIN.COM\Thatsme [2003/09/25 23:03:09, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is mydomain.com\thatsme ..and uppercase, and combinations, with and without the domain name appended.. [2003/09/25 23:03:10, 1] smbd/sesssetup.c
[Samba] get file information from smb share
Hello, I (and probably everyone else) noticed that right-clicking on a file located on a remote share (at least in the windows explorer) provides a lot of useful info besides the size & access rights. It does that without transferring the entire file, so what I'm wondering if there is a way to access that info using libsmbclient (meaning: is this part of the smb/cifs protocol specification or just a explorer feature)? Regards, Razvan Cosma -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3b3 + ADS
> I've been trying for a couple of days to get ADS support built into > Samba 3. I've been searching the archives for something that will help > me out, but nothing seems to work. > > Here's what I've tried, first on FreeBSD 4.8: > > FreeBSD 4.8 > Samba 3b3, ./configure --with-ads --with-krb5=/usr (I installed FBSD > krb5 from /usr/src/kerberos5) works like a charm. make works and I see > all the fancy ads stuff fly by the screen like it's compiling. I then > test source/bin/net ads - "ADS support not compiled in". > Same problem here.. linux slackware. Is it necessary to also have the ldap libraries installed? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 active directory
Hello, I'm posting this only in the event somebody else does a search in the mlist archive for such keywords (I know I did), hope you won't mind. Status: IT WORKS! :) Steps taken: Install Slackware (well, that was already in place). Install PAM (Linux-PAM-0.77, plain ./configure) - this I will need later for Postfix SMTP auth against AD. Install Kerberos (krb5-1.2.8, ./configure --prefix=/usr/local/kerberos --without-krb4 --enable-dns --enable-dns-for-kdc --enable-dns-for-realm --enable-shared). Install OpenLDAP (openldap-2.1.22, ./configure --disable-slapd --disable-slurpd). Install Samba (samba-3.0.0beta3, ./configure --prefix=/usr/local/samba --with-smbwrapper --with-dce-dfs --with-ads --with-smbmount --with-pam --with-libsmbclient --with-acl-support --with-winbind --with-krb5=/usr/local/kerberos --without-quotas --with-ldap) joe /etc/krb5.conf [realms] DOM.AIN = { kdc = DC.DOM.AIN } test with kinit [EMAIL PROTECTED] joe /usr/local/samba/lib/smb.conf [global] security = ADS realm = DOM.AIN winbind use default domain = yes wins server = dc.dom.ain encrypt passwords = yes password server = dc.dom.ain net ads join -U Administrator nmbd -D smbd -D winbindd ..that's all I think PS. Thanks to the Samba team for the great work -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ADS authentication.. almost works
Hello, Beta 3, ./configure --with-ads & krb5, slackware system (no PAM). Things seem to be correctly configured, done the net join part without errors, I can use e.g. smbclient -L or wbinfo -u, but users cannot acces shares on the Samba machine. Snip from the log (trying to connect from the domain controller on which I'm logged as administrator): [2003/07/28 14:52:27, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2003/07/28 14:52:27, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/07/28 14:52:27, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/07/28 14:52:27, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(182) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory [2003/07/28 14:52:27, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1284) Unable to open passdb database. [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] auth/auth_sam.c:check_sam_security(439) Couldn't find user 'Administrator' in passdb file. [2003/07/28 14:52:27, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER [2003/07/28 14:52:27, 3] smbd/process.c:process_smb(878) Transaction 3 of length 214 [2003/07/28 14:52:27, 3] smbd/process.c:switch_message(673) switch message SMBsesssetupX (pid 14296) [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(551) wct=12 flg2=0xc807 [2003/07/28 14:52:27, 2] smbd/sesssetup.c:setup_new_vc_session(507) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(448) Doing spnego session setup [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(472) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(353) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_spnego_negotiate(360) Got secblob of size 44 [2003/07/28 14:52:27, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe008b297 [2003/07/28 14:52:27, 3] smbd/process.c:process_smb(878) Transaction 4 of length 310 [2003/07/28 14:52:27, 3] smbd/process.c:switch_message(673) switch message SMBsesssetupX (pid 14296) [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X(551) wct=12 flg2=0xc807 [2003/07/28 14:52:27, 2] smbd/sesssetup.c:setup_new_vc_session(507) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(448) Doing spnego session setup [2003/07/28 14:52:27, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(472) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/07/28 14:52:27, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(283) Got user=[Administrator] domain=[DOMAIN] workstation=[DOMAINCTL] len1=24 len2=24 [2003/07/28 14:52:27, 3] auth/auth.c:check_ntlm_password(216) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2003/07/28 14:52:27, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/07/28 14:52:27, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/07/28 14:52:27, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(182) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory [2003/07/28 14:52:27, 0] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1284) Unable to open passdb database. [2003/07/28 14:52:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/07/28 14:52:27, 3] auth/auth_sam.c:check_sam_security(439) Couldn't find user 'Administrator' in passdb file. [2003/07/28 14:52:27, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STAT