[Samba] samba password- from remote machine
Hi Everybody, we are using samba 3.0.3 with sun one directory server(ldap) as PDC. Is it possible to change the smbpassword of a user from a remote windows/unix machine. Do we have install the samba client modules on the remote machines to change samba passwords.If so where could i get those samba client modules Thanx in advance eccsamba __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba with sun's ldap
aarumuga arumugam <[EMAIL PROTECTED]> wrote:Hi, We have also got the samba and sun's ldap working. Now we are trying to get the samba user getting authenticated by the SEAM. I would like to know if it is possible to use the PAM module pam_krb5 for the samba service, for a samba user to get authenticated by the SEAM server. so the flow might be windows client contacting samba server Authorization: sambaserver-> Sun's ldap Authentication: samba server-> pam_krb5_so -> SEAM server we are now trying for the second step. we have compiled the samba server with pam support. In the pam.conf we have mentioned the service as "samba" . we would like to know if that is right because the samba server never contacts the kerberos server for the authenctication. Thanx in advance aarumuga ww m-pubsyssamba <[EMAIL PROTECTED]> wrote: >> Yes I have this working in a test environment, although please be clear that you >> must use openldap libldap for Samba to talk to your LDAP server, your LDAP server can be any LDAP v3 compatible server in theory and does definately work with Sun Directory Server 5.x, simply load the samba schema included with the Samba 3.x source code in your Sun LDAP config/schema directory then follow the Samba how to instructions. I had no significant problems except where the syntax of my smb.conf was wrong (for example do not put quotes around LDAP DN's etc.) cheers Andy<< Dear aarumuga I've been reading your questions in Samba mailing list about SMB & Sun LDAP. I'm working with a same project and I would like to know only if is it posible or have you achieved your goal to link samba and Sun LDAP? Thanks in advance and excuse me for my english. Best regards, Ramon Aznar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th - Do you Yahoo!? Yahoo! Tax Center - File online by April 15th -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbd functional details
Hi, I would like run a truss on the smbd daemon and would like to know what exactly happens when a win xp machine connects to the solaris samba server. I have a peculiar case of a samba user account fails on pam authentication with the kerberos server. i tried starting the smbd daemon with the truss command but it just hangs up and fails to proceed. Somebody please help me in understanding the internal working of the smbd daemon during a connection regards eccsamba. - Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway - Enter today -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-pam authentication
Hi Everybody, We are upgrading to samba-3.0.2a with SEAM kerberos and iPlanet Directory ldap server support. All the three servers runs in three different physical solaris machies. We are able to connect the samba and ldap. We are trying with security=user option in samba . For kerberos support, we thought of a solution of authentication via pam -pamkrb5 module. but samba fails for a pam authentication and it never contacts the kerberos server. actually we traced out the function calls which tries for authentication, which sends a pam handler with null passwords for authentication. pls refer source/auth/auth.c and source/auth/pampass.c which has functions like smb_pam_accountcheck in which pam_acctmgmt() sending a pamhandler pointer pamh. The samba code has pointer pamh referring to the sturucture called pam_handle_t . For the structure pam_handle_t , we found a type definition pam_handle in security/pam_appl.h . and no more information in pam_handle is available. Is the solaris pam modules lacks some files or our installation of solaris lacks some files? Any suggestions to proceed with pam authentication would be really helpful regards eccsamba - Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway - Enter today -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba pam kerberos
Hi Everybody, We are working on samba 3.0.2a with sun kerberos SEAM and Netscape iDirectory Server support. We are able to integrate samba with ldap support. we tried integrater kerberos for authentication. We found a solution using pam via pam_krb5 module provided by the sun solaris 8. One important fact we found out using samba pam authentication, it directly calls for an account management function instead of an authentication function. Please refer pam_smb_accountcheck function () in pampass.c in source/auth . We have included options like obey pam instructions and pam password change to be positive in smb.conf and we have included information about samba service in the pam configuration file. we have included information about pam in the krb5.conf of kerberos. I have also set the encrypt password to be positive in smb.conf file. I am able to get a solaris machine getting authenticated by the kerberos server.The problem is when i try to join a Win xp computer to the samba server . I get access denied error. when i check the samba logs, i could find the samba sam authentication succeded but when the pam authentication takes place , It says authentication failed , User rejected etc., I could not find any information about samba server contacting in the kerberose server logs. SAMBA server is not contacting the KERBEROS server for authentication. Please any suggestions is appreciated. I could send the configuration of samba and pam and kerberos if the information is not sufficient. eccsamba __ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba,ldap and kerberos
Hi , In the configuration file , which has been posted , the password server is mentioned as kerbere.eng.utoledo.edu. It is an old configuration file.In the new one the server name is changed to kerby.eng.utoledo.edu , otherwise everything remains the same. we dont use ADS . but we need the samba and ldap to be authenticated with kerberos. Any suggestions apprecited Thanx in advance aarumugam aarumuga arumugam <[EMAIL PROTECTED]> wrote: Hi Everybody, We are integrating samba,kerberos and ldap samba-3.0.2a sun kerberos sun ldap all the three servers are on three different solaris machines. we were able to successfully integrate samba and ldap and works fine. When trying to bring in kerberos support , we changed the samba configuration file as follows interfaces = 131.183.20.96 bind interfaces only= true workgroup = SAMBA_200X server string = ECC Samba3.02a Secure Server #adding kerberos security ADS security =ADS realm =ENG.UTOLEDO.EDU password server=kerbere.eng.utoledo.edu # ldap parameters ldap admin dn ="cn=mgradmin" ldap ssl= no passdb backend = ldapsam:ldaps://sunldap.eng.utoledo.edu:389 ldap suffix = dc=eng,dc=utoledo,dc=edu ldap user suffix = ou=People ldap machine suffix= ou=machines ldap group suffix = ou=Group ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))" ldap delete dn =no hosts allow = 131.183.16. 131.183.17. 131.183.18. 131.183.19. \ 131.183.20. 131.183.21. 131.183.22. 131.183.22. \ 131.183.23. \ 131.183.117. 127.0.0.1 deadtime= 0 # idle time out getwd cache = yes create mode = 0600 log file= /servers/sambatest/%v/var/logs/%m max log size= 1000 # KB utmp = true utmp directory = /var/adm/ wtmp directory = /var/adm/ lock directory = /servers/sambatest/%v/var/locks/ pid directory = /servers/sambatest/%v/var/ encrypt passwords = yes # enforcing case sensitivity username= 0 # See speed.txt and the manual pages for details socket options = TCP_NODELAY I am able to obtain a kerberos ticket for a user who has administrative right in the samba server.and when i use net ads join -U [EMAIL PROTECTED] -d10 It tries to obtain ldap information. but it looks into the kerberos server on port 389 and fails with no error. The debug information is as follows. [2004/03/18 17:15:46, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'ENG.UTOLEDO.EDU' [2004/03/18 17:15:46, 8] libsmb/namequery.c:get_sorted_dc_list(1240) get_sorted_dc_list: attempting lookup using [ads] [2004/03/18 17:15:46, 10] libsmb/namequery.c:internal_resolve_name(1006) internal_resolve_name: looking up kerby.eng.utoledo.edu#20 [2004/03/18 17:15:46, 5] lib/gencache.c:gencache_init(59) Opening cache file at /servers/sambatest/3.0.2a/var/locks//gencache.tdb [2004/03/18 17:15:46, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/KERBY.ENG.UTOLEDO.EDU#20, value = 131.183.18.105:0, timeout = Thu Mar 18 17:25:28 2004 [2004/03/18 17:15:46, 5] libsmb/namecache.c:namecache_fetch(201) name kerby.eng.utoledo.edu#20 found. [2004/03/18 17:15:46, 10] libsmb/namequery.c:remove_duplicate_addrs2(312) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/03/18 17:15:46, 4] libsmb/namequery.c:get_dc_list(1389) get_dc_list: returning 1 ip addresses in an ordered list [2004/03/18 17:15:46, 4] libsmb/namequery.c:get_dc_list(1390) get_dc_list: 131.183.18.105:389 [2004/03/18 17:15:46, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '131.183.18.105' port 389 [2004/03/18 17:15:46, 10] libsmb/conncache.c:add_failed_connection_entry(132) add_failed_connection_entry: added domain ENG.UTOLEDO.EDU (131.183.18.105) to failed conn cache [2004/03/18 17:15:46, 1] utils/net_ads.c:ads_startup(181) ads_connect: Transport endpoint is not connected [2004/03/18 17:15:46, 2] utils/net.c:main(767) return code = -1 can some one help me in proceeding the kerberos. thanx in advance eccsamba Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba,ldap and kerberos
Hi Everybody, We are integrating samba,kerberos and ldap samba-3.0.2a sun kerberos sun ldap all the three servers are on three different solaris machines. we were able to successfully integrate samba and ldap and works fine. When trying to bring in kerberos support , we changed the samba configuration file as follows interfaces = 131.183.20.96 bind interfaces only= true workgroup = SAMBA_200X server string = ECC Samba3.02a Secure Server #adding kerberos security ADS security =ADS realm =ENG.UTOLEDO.EDU password server=kerbere.eng.utoledo.edu # ldap parameters ldap admin dn ="cn=mgradmin" ldap ssl= no passdb backend = ldapsam:ldaps://sunldap.eng.utoledo.edu:389 ldap suffix = dc=eng,dc=utoledo,dc=edu ldap user suffix = ou=People ldap machine suffix= ou=machines ldap group suffix = ou=Group ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))" ldap delete dn =no hosts allow = 131.183.16. 131.183.17. 131.183.18. 131.183.19. \ 131.183.20. 131.183.21. 131.183.22. 131.183.22. \ 131.183.23. \ 131.183.117. 127.0.0.1 deadtime= 0 # idle time out getwd cache = yes create mode = 0600 log file= /servers/sambatest/%v/var/logs/%m max log size= 1000 # KB utmp = true utmp directory = /var/adm/ wtmp directory = /var/adm/ lock directory = /servers/sambatest/%v/var/locks/ pid directory = /servers/sambatest/%v/var/ encrypt passwords = yes # enforcing case sensitivity username= 0 # See speed.txt and the manual pages for details socket options = TCP_NODELAY I am able to obtain a kerberos ticket for a user who has administrative right in the samba server.and when i use net ads join -U [EMAIL PROTECTED] -d10 It tries to obtain ldap information. but it looks into the kerberos server on port 389 and fails with no error. The debug information is as follows. [2004/03/18 17:15:46, 6] libads/ldap.c:ads_find_dc(147) ads_find_dc: looking for realm 'ENG.UTOLEDO.EDU' [2004/03/18 17:15:46, 8] libsmb/namequery.c:get_sorted_dc_list(1240) get_sorted_dc_list: attempting lookup using [ads] [2004/03/18 17:15:46, 10] libsmb/namequery.c:internal_resolve_name(1006) internal_resolve_name: looking up kerby.eng.utoledo.edu#20 [2004/03/18 17:15:46, 5] lib/gencache.c:gencache_init(59) Opening cache file at /servers/sambatest/3.0.2a/var/locks//gencache.tdb [2004/03/18 17:15:46, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/KERBY.ENG.UTOLEDO.EDU#20, value = 131.183.18.105:0, timeout = Thu Mar 18 17:25:28 2004 [2004/03/18 17:15:46, 5] libsmb/namecache.c:namecache_fetch(201) name kerby.eng.utoledo.edu#20 found. [2004/03/18 17:15:46, 10] libsmb/namequery.c:remove_duplicate_addrs2(312) remove_duplicate_addrs2: looking for duplicate address/port pairs [2004/03/18 17:15:46, 4] libsmb/namequery.c:get_dc_list(1389) get_dc_list: returning 1 ip addresses in an ordered list [2004/03/18 17:15:46, 4] libsmb/namequery.c:get_dc_list(1390) get_dc_list: 131.183.18.105:389 [2004/03/18 17:15:46, 5] libads/ldap.c:ads_try_connect(56) ads_try_connect: trying ldap server '131.183.18.105' port 389 [2004/03/18 17:15:46, 10] libsmb/conncache.c:add_failed_connection_entry(132) add_failed_connection_entry: added domain ENG.UTOLEDO.EDU (131.183.18.105) to failed conn cache [2004/03/18 17:15:46, 1] utils/net_ads.c:ads_startup(181) ads_connect: Transport endpoint is not connected [2004/03/18 17:15:46, 2] utils/net.c:main(767) return code = -1 can some one help me in proceeding the kerberos. thanx in advance eccsamba Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba with sun's ldap
Hi all, I am trying to deploy samba-3.0.2a with sun's ldap. Sun's ldap server has been sucessfully installed and it is functional. I read from the forum mails that samba can be compiled only with openldap. So I have configured , compiled and installed the samba server with openldap 2.1.25 support. Now Is it possible to integrate the installed samba server with the sun's ldap server? regards aarumuga __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] make fails dynconfig.0 error1
Hi all, I am compiling samba 3.0.2a with openldap and kerberos support openldap version 2.1.25 with bdb support (ver 4.2) kerberos version 1.3.2 ./configure --prefix=/servers/sambatest/3.0.2a --with-ldap=/servers/openldap/2.1.25/lib --with-ads --with-krb5=/servers/kerberos/1.3.2/lib --with-ldapsam configure suceeds but make fails with the following error Using FLAGS = -O -I/servers/kerberos/1.3.2/lib/include -I./popt -Iinclude -I/var/tmp/aarumuga/samba-3.0.2a/source/include -I/var/tmp/aarumuga/samba-3.0.2a/source/ubiqx -I/var/tmp/aarumuga/samba-3.0.2a/source/smbwrapper -I. -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/servers/kerberos/1.3.2/lib/include -I/var/tmp/aarumuga/samba-3.0.2a/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl LDSHFLAGS = -G -L/servers/openldap/2.1.25/lib -L/servers/kerberos/1.3.2/lib/lib LDFLAGS = -L/servers/openldap/2.1.25/lib -L/servers/kerberos/1.3.2/lib/lib Compiling dynconfig.c In file included from include/includes.h:892, from dynconfig.c:21: include/proto.h:554: error: parse error before "LDAP_CONST" make: *** [dynconfig.o] Error 1 Any help appreciated aarumuga - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with Sun's ldap
Hi, I am trying to compile Samba-3.0.2a with ldap,ads and kerberos support. I am trying to use sun's ldap instead of openldap. Here is my config.log excerpt . checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... yes checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no The compilation breaks with an error "libldap is need for ldap support" Is there any changes to be made to the configure script for successful compilation. Thanks in advance aarumuga __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba