RE: [Samba] ntlm_auth question
-Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:31 PM To: Snodgrass, Micah Cc: samba@lists.samba.org Subject: RE: [Samba] ntlm_auth question On Thu, 2005-03-31 at 07:36 -0600, Snodgrass, Micah wrote: Thank you much Andrew, joining the domain did the trick. For the record, doing a net rpc join -U administrator from the Linux/FreeRADIUS box joined the machine to the domain, but still no luck. I took a look at the Win2k3 AD server, and had to check the foolish little check box on the account for the Linux computer that said something like This machine is a Pre-Windows 2000 machine and then we were talking. Had you done a 'net ads join' and set 'security=ads' in your smb.conf, then it would have worked. I'm lining up a micro-patch to make the error message indicate the need for a domain join. Hmmm... no I didn't. I'm not familiar with the net ads command *digs out google and man pages* - At this point, it's safe to say that I have done neither. smb.conf has security = server, and then password server = ip.of.AD.server. Once I sat down at the AD server and checked that foolish this is a pre-windows 2000 computer checkbox, ntlm_auth started working fine, and I moved on to the next hurdle in the project which is a problem with the FreeRADIUS config file. (something totally unrelated to samba, so I won't bore you with the details. thanks again for the help. I'll do some digging into security=ads and net ads ... as it sounds like they may save me future headaches. -MS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ntlm_auth question
Thank you much Andrew, joining the domain did the trick. For the record, doing a net rpc join -U administrator from the Linux/FreeRADIUS box joined the machine to the domain, but still no luck. I took a look at the Win2k3 AD server, and had to check the foolish little check box on the account for the Linux computer that said something like This machine is a Pre-Windows 2000 machine and then we were talking. thanks again for the reply, -MS -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 5:31 AM To: Snodgrass, Micah Cc: samba@lists.samba.org Subject: Re: [Samba] ntlm_auth question On Wed, 2005-03-30 at 08:05 -0600, Snodgrass, Micah wrote: [EMAIL PROTECTED]:~# ntlm_auth --username=msnodgrass --request-nt-key --domain=CECNT password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) [EMAIL PROTECTED]:~# You have to join the domain first - see the documentation on setting up a fileserver as a domain member, and once you are joined you can just run winbindd and nmbd. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth question
Hi guys/gals. I'm brand new to this list, been working with Linux for several years, and have occasionally set up samba file servers before in a hi-i'm-wide-open-so-anyone-can-read/write-to-my-shares mode for temporary storage in data recovery scenarios. At the moment, I'm working on a project that involves FreeRADIUS authenticating against a Win2k/2k3 AD server using the ntlm_auth program. The Free RADIUS folks say that ntlm_auth is a samba-related program and to RTFM or ask a samba mailing list. (ok, they really were nice about it, they just didn't have any suggestions) The machine is running Debian-testing, and is all updated. It's on the same local network/subnet as the AD server, and I can ping/nmap the AD server. The AD server works, as it authenticates enough windows machines on a daily basis to give my stuffed Tux the creeps. When I run ntlm_auth from the command line, just to verify that it does indeed do what it's supposed to do, I get the following: [EMAIL PROTECTED]:~# ntlm_auth --username=msnodgrass --request-nt-key --domain=CECNT password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) [EMAIL PROTECTED]:~# I realize that there's probably been someone asking this exact question sometime in the past, and I've googled my heart out on this one to no avail. Any sort of help/point-in-the-right-direction would be greatly appreciated. -MS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba