[Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'
Hi everybody, I setup squid-2.5.STABLE9 with samba-3.0.13 to use winbind authentication over a Windows 2003 Active Directory. Web users' authentication from my proxy server box succeedes. But when a remote user try to authenticate himself, authentication failes and Squid return the following: authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' I configured samba with (--with-ads --with-ldap --with-winbind --with-winbind-auth-challenge). And I configure squid with (--enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind). I edited my smb.conf and my krb5.conf files to much my AD domain settings. I joined the domain. My squid.conf file containes the following: auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl authUsers proxy_auth REQUIRED http_access allow authUsers http_access deny all Someone told that this is basicly a samba error. Does anyone have an idea? Thanks in advance. __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'
Remarque : message transféré en pièce jointe. __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-Squid-AD: Error returned 'BH NT_STATUS_ACCESS_DENIED'
Thank you for your reply. Are the permissions on the winbind privileged pipe correct, what does the winbindd.log say? log.winbindd does not report any error. I set squid as group owner of the winbindd_privileged file. Permissions I found in the documentation (750)didn't work. I then set 777 as permission, the problem disapeares! --with-winbind-auth-challenge doesn't exist any more. It was a Samba 2.2 hack, the privileged pipe dir handled the access control to this now. And I configure squid with (--enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind). These last two options build helpers in the squid sources which are incompatible with Samba 3.0. They should not be built or used. Do you think that I have to rebuild Samba and squid avoiding latter options? Authentication works well now! __ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba(PDC)+LDAP+XPpro cannot join domain /w XP pro machine
I am runing into a similar problem. The difference is that when I enter the admin passwd to join my domain, a session failes to be opened... For you, I'd suggest that you check your password encryption type if it is set correctly... --- Steven Jacobs [EMAIL PROTECTED] a écrit : I receive an Access is Denied error after provide the Administrator username and password when trying to join my Samba domain. Has anyone run into this?? ---log.smbd- [2005/03/14 19:37:19, 2] lib/interface.c:add_interface(79) added interface ip=192.168.2.4 bcast=192.168.2.255 nmask=255.255.255.0 [2005/03/14 19:37:19, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2005/03/14 19:37:19, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/03/14 19:37:19, 2] smbd/server.c:open_sockets_smbd(324) waiting for a connection [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:05, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:05, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:05, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:05, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_search_domain_info(1373) Searching for:[((objectClass=sambaDomain)(sambaDomainName=SRSCORP))] [2005/03/14 19:38:06, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs [2005/03/14 19:38:06, 1] lib/smbldap.c:add_new_domain_info(1343) failed to add domain dn= sambaDomainName=SRSCORP,dc=srsmanagement,dc=com with: Already exists [2005/03/14 19:38:06, 0] lib/smbldap.c:smbldap_search_domain_info(1392) Adding domain info for SRSCORP failed with NT_STATUS_UNSUCCESSFUL [2005/03/14 19:38:06, 2] passdb/pdb_ldap.c:pdb_init_ldapsam(2959) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs -- ---smb.conf [global] workgroup = SRSCORP netbios name = mail1 enable privileges = yes interfaces = 192.168.2.4 username map = /etc/samba/smbusers server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No #unix password sync = Yes #passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = logon path = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:ldap://127.0.0.1/ ldap://slave.srsmanagement.com; # ldap filter =
[Samba] log.smbd: connection to ldap server failed
Dear all, I have a samba 3 PDC with authentication through an OpenLDAP directory. When I enter the Administrator sername and password to join my domain, I receive a Failer to open a session I check my log.smbd file, it indicates Connection to LDAP server failed for the Xth try. If I try to connect to my LDAP server using ssh (ssh [EMAIL PROTECTED]), I am promted to enter a password for the user user_name but I get a Permission denied, please try again. What would you please have any idea? Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools question
To test, I suggest that you stop your iptables services (by running service iptable stop). Then try to join your domain. On XP clients, you should edit a regtry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] requiresignorseal=dword: Regards --- Misty Stanley-Jones [EMAIL PROTECTED] wrote: When I used smbldap-populate way back when I set up my LDAP server, I got two sambaDomainName objects in my LDAP tree -- one for the domain name (CORP) and one for the PDC Netbios name (CORPSRV). My Windows XP systems complain that they can't find the PDC for the domain CORPSRV. I am wondering if I even need the second sambaDomainName in LDAP at all. Any ideas? Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining a Samba 3 domain - DC can't be contacted
Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted
I changed the domain name but the problem is still here (the reason then is not the name). Now, my PDC can be contacted: I am asked to enter a login and password of a user authorised to join the domain, but when I enter Administrator login and password, they are not accepted. May be the problem is caused by OpenLDAP. Please, how may I fix that? --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: Change the domain name to sambadomain. Having the - in the name prevents the windows machines from joining. I ran into the same problem here. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: fatima riadi [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 16, 2005 12:28 PM To: Mccrory, Kevin B; samba@lists.samba.org Subject: RE: [Samba] Problem joining a Samba 3 domain - DC can't be contac ted My domain name is SAMBA-DOMAIN, I can't join it from a win 2003 machine. Now, if I try to join it from a XP machine, I am asked to enter a username and password for a user allowed to join the domain, however, the info I enter is not accepted!!! Any idea please? Thank you Note: to manage joining my samba domain from a xp machine, I had to change a registry key. --- Mccrory, Kevin B [EMAIL PROTECTED] wrote: What is your domain name? If you have special characters in the domain name the workstations won't join properly. The domain name should be all one word. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of fatima riadi Sent: Wednesday, March 16, 2005 11:59 AM To: samba@lists.samba.org Subject: [Samba] Problem joining a Samba 3 domain - DC can't be contacted Dear all, I configured samba 3.0.11 as PDC with openLDAP. Wehen I try to join my samba domain from a windows machine (XP or 2003) I get this error message a domain controller for the domain my_samba_domain could not be contacted. Do have any idea of what is hapening? Just for reference: I do not have a dns server. Regards. Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html Découvrez nos promotions exclusives destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages : http://fr.travel.yahoo.com/promotions/mar14.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba