[Samba] server drops out of the network 'hood
Every so often my workgroup member Samba file and print server drops out of the network 'hood from my Windows clients point of view. When I restart nmbd (or is it smbd?) via SWAT the box shows up again and all is well. Why does this happen and what to do about it? Also I think these daemons don't start automatically in the rare event of a reboot - is there some connection there? - kaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Could you install Exchange on a Samba PDC's network?
-- From: Matthias Spork [mailto:[EMAIL PROTECTED] -- Sent: Friday, April 23, 2004 7:48 PM -- -- kaze schrieb: -- -- Could you install Exchange on a Samba PDC's network? -- -- What would happen if you tried to run /domainprep? -- -- Could Exchange interact with a LDAP backend? -- -- Would this be some sort of NT4/W2K mixed-mode directory services setup? -- -- -- Would you like to install Exchange on Unix? Does the Exchange-Server -- runs on Unix? I don't think so. -- -- matze Exchange 200x on a Windows 200x member server in a Samba PDC'ed domain was my question; but -- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] -- Sent: Thursday, April 22, 2004 8:22 PM -- People have run Exchange 5.5 on their Samba networks - make sure to use -- a current Samba 3.0 however, as we needed to fix a few bugs. -- -- Andrew Bartlett clearly I have to revert to an NT4 mindset with regard to Samba PDC stuff - but I did post a follow-up question with that answer in mind as a possibility: Could you do some sort of NT4/W2K mixed-mode directory services setup? Like a Samba PDC'ed NT4 style domain with a two way trust to a Windows 200x Server set up as a DC and Exchange 200x server? - kaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Could you install Exchange on a Samba PDC's network?
Could you install Exchange on a Samba PDC's network? What would happen if you tried to run /domainprep? Could Exchange interact with a LDAP backend? Would this be some sort of NT4/W2K mixed-mode directory services setup? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Microsoft Windows Offline Folders headaches
Once working they are great, but getting offline folders to re-synch can sometimes waste many tens of minutes. Right now I have a Windows 2000 laptop with a Samba server's existing public folder share set as offline within network hood on the laptop (\\Emerald\Public). The Windows laptop and the Samba server are in the same workgroup. Other Windows clients can browse to the Samba server, get prompted for and enter their password, and then get to shares and printers. This one laptop can not ever see the Samba server anymore. It can however get to it via IP address (\\192.168.1.5), after a bunch of painful waits for timeouts and various unknown is unaccessable dialogues the laptop can then print to the shared printer. I made sure there are no files in the Windows machine's 'off-line cache', un-checked all the 'Make available offline' checks - nothing. I completely turned off Offline Folders, rebooted - when I setup offline folders again the issue was still there! I think I'd even gone in the registry a few months ago and deleted things like HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\NetCache\Shares \//Emerald/public What to do? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NIS / Samba
Can I take an existing bunch of local users accounts and flip it into a NIS or Samba PDC server? Can a Samba box serve the same directory data as _both_ a NIS server and a Samba PDC? Assuming an environment with a few servers with static DNS and IP info where the clients are not doing any peer to peer file and print sharing, what is the downside to NOT having an Active Directory, i.e. a Samba 3.0 PDC? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join / kinit /.conf syntax
-- Behalf Of Michael Brown -- Sent: Friday, February 20, 2004 1:37 AM -- The path I got was /root/krb5-1.3.1/src/configure, but no -- mater. In order to -- -- Sorry, I should have said - -- # cd krb5-1.3.1/src -- # configure --prefix=/usr -- # make make install -- # ls /usr/bin/kinit -- kinit Ran the configure --prefix=/usr again (as I'd removed and reinstalled all the Samba packages) just to make sure and it worked fine. The make make install worked much better with this syntax. Still no kinit though! And the net ads join still fails the same way, although I tried many variations on it. At one point a new domain showed up in the Windows Network Neighborhood, but with no computers in it, a tweak/correction of /etc/smb.conf fixed that. testparm doesn't seem to find any errors with /etc/smb.conf. I tried with the default 'example' /etc/krb5.conf and also with one with my specific settings. Based on the error message it would seem that my Kerberos client is not working, right? [EMAIL PROTECTED] root]# ls /usr/bin/kinit ls: /usr/bin/kinit: No such file or directory [EMAIL PROTECTED] root]# cd /usr/bin [EMAIL PROTECTED] bin]# ls k* kban kbdrate kermit kill killall krb524init ktest [EMAIL PROTECTED] bin]# locate kinit /root/krb5-1.3.1/doc/kinit.html /root/krb5-1.3.1/src/clients/kinit /root/krb5-1.3.1/src/clients/kinit/Makefile.in /root/krb5-1.3.1/src/clients/kinit/ChangeLog /root/krb5-1.3.1/src/clients/kinit/kinit.M /root/krb5-1.3.1/src/clients/kinit/kinit.c /root/krb5-1.3.1/src/clients/kinit/Makefile /root/krb5-1.3.1/src/clients/kinit/TV /usr/share/man/man8/mkinitrd.8.gz /usr/share/ghostscript/7.07/vflib/kinit.ps /sbin/mkinitrd [EMAIL PROTECTED] bin]# cd [EMAIL PROTECTED] root]# net ads join -U adminzas adminzas password: [2004/02/21 11:21:45, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# ping imediamsft PING imediamsft.imedia.example.com (10.1.1.42) 56(84) bytes of data. 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=0 ttl=128 time=0.162 ms 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=1 ttl=128 time=0.200 ms 64 bytes from imediamsft.imedia.example.com (10.1.1.42): icmp_seq=2 ttl=128 time=0.199 ms --- imediamsft.imedia.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.162/0.187/0.200/0.017 ms, pipe 2 [EMAIL PROTECTED] root]# /etc/krb5.conf specifies imediamsft.imedia.example.com as the KDC, and this machine can see it, and actually has for it's DNS1 and DNS2 the two AD integrated LAN DNS servers. The machine ImediaArchive shows up in the Windows Network Neighborhood as a domain/workgroup member (due to the /etc/smb.conf file?) but when clicked on gets an error I guess is due to it not having a machine account in AD. Why doesn't the kerberos-workstation rpm work? Do I need a /etc/krb5.conf if using the MIT Kerberos client? I do have valid looking DNS records for the Microsoft Kerberos servers. Do I need to compile of 'make' something in the /root/krb5-1.3.1/src/clients/kinit directory to get the kinit command? -- It would be prudent to then install a recent version of -- cyrus-sasl to insure an -- gss-api layer for auth when trying against ms-ad. Hopefully I will move forward enough to get to this stuff later... -- Hope this helps. -- -- Michael Brown -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join / kinit /.conf syntax
-- From: Gary Hostetler [mailto:[EMAIL PROTECTED] -- Sent: Thursday, February 19, 2004 6:06 AM -- To: kaze -- Subject: RE: [Samba] net ads join / kinit /.conf syntax -- -- -- I'd be happy if my net command worked. It tells me unknown -- command. Where do -- I find net. -- thanks -- Gary Install samba-client-3.0.0-15 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join / kinit /.conf syntax
-- From: Michael Brown [mailto:[EMAIL PROTECTED] -- Sent: Thursday, February 19, 2004 2:50 AM ... -- Eliminate your krb5 rpm installation. -- Download the MIT krb5 source tarball from here: -- http://web.mit.edu/kerberos/dist/krb5/1.3/krb5-1.3.1.tar -- -- Extract the tarball/signature: -- $ tar xvf krb5-1.3.1.tar -- krb5-1.3.1.tar.gz.asc -- krb5-1.3.1.tar.gz -- -- Check the sig however you want (this assumes OpenSSL): -- $ openssl md5 krb5-1.3.1.tar.gz.asc -- MD5(krb5-1.3.1.tar.gz.asc)= 06905cdf473cd677e1eabc3bebe9c506 -- -- This better be the sig! Yup. -- $ tar xvfz krb5-1.3.1.tar.gz -- $ cd krb5-1.3.1 -- $ ./configure --prefix=/usr The path I got was /root/krb5-1.3.1/src/configure, but no mater. In order to getting that script working I installed: glibc-kernheaders-2.4-8.36.i386.rpm glibc-headers-2.3.2-101.i386.rpm glibc-devel-2.3.2-101.i386.rpm cpp-3.3.2-1.i386.rpm binutils-2.14.90.0.6-3.i386.rpm gcc-3.3.2-1.i386.rpm It appeared to run without errors. -- $ make make install This got some errors and complained about missing some things. -- kinit klist should now be found under /usr/ Still no kinit and net ads join ... returns failed: Cannot find KDC for requested realm. Interestingly: [EMAIL PROTECTED] root]# locate kinit /usr/share/doc/krb5-workstation-1.3.1/kinit.html /usr/share/man/man8/mkinitrd.8.gz /usr/share/ghostscript/7.07/vflib/kinit.ps /usr/kerberos/bin/kinit /usr/kerberos/man/man1/kinit.1.gz /sbin/mkinitrd [EMAIL PROTECTED] root]# cd /usr/kerberos/bin -bash: cd: /usr/kerberos/bin: No such file or directory [EMAIL PROTECTED] root]# kinit -bash: kinit: command not found [EMAIL PROTECTED] root]# http://www.samba.org/samba/docs/man/domain-member.html#ads-member under Possible Errors details: ADS support not compiled in Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the Kerberos libraries and headers files are installed. rpm -e-ed all of Samba, then installed, and then configured via SWAT again. [EMAIL PROTECTED] root]# net ads join -U Administrator Administrator password: [2004/02/20 00:52:01, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [EMAIL PROTECTED] root]# -- Good lucc! -- -- Michael Brown D'oh - kaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join / kinit /.conf syntax
Hi. HELP! I read: :-) http://www.samba.org/samba/docs/man/domain-member.html#domain-member-server (Which notes, This is a rough guide to setting up Samba-3 with Kerberos authentication against a Windows 200x KDC. A familiarity with Kerberos is assumed. Is there A guide to familiarity with Kerberos as a primer for Samba configuration somewhere?) :-) This thread http://lists.samba.org/archive/samba/2003-October/000180.html :-) http://lists.samba.org/archive/samba/2003-February/062065.html :-) http://lists.samba.org/archive/samba/2003-July/070275.html :-) http://lists.samba.org/archive/samba/2003-October/075166.html Running RedHat Fedora Core 1. :-( Don't have kinit (below) :-( Don't have klist (below) :-( net ads join fails with Cannot find KDC for requested realm (below) :-| /etc/samba/smb.conf (below) :-| /etc/krb5.conf (below) TNX [EMAIL PROTECTED] root]# kinit -bash: kinit: command not found [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# klist -bash: klist: command not found [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# net ads join -U administrator%X [2004/02/18 16:46:40, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# rpm -qa | egrep samba samba-3.0.0-15 redhat-config-samba-1.1.4-1 samba-swat-3.0.0-15 samba-common-3.0.0-15 samba-client-3.0.0-15 [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# rpm -qa | egrep krb krb5-libs-1.3.1-6 krbafs-1.2.2-1 pam_krb5-2.0.4-1 [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# cat /etc/samba/smb.conf # Samba config file created using SWAT # from 10.1.1.42 (10.1.1.42) # Date: 2004/02/16 17:31:51 # Global parameters [global] workgroup = IMEDIA realm = IMEDIAMSFT.IMEDIA.EXAMPLE.COM server string = a work n progess security = ADS password server = imediamsft.imedia.example.com, imediaexch02.imedia.example.com log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No dns proxy = No wins server = 10.1.1.42, 10.1.1.53 ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = test path = /mnt/hde1 valid users = test read list = test guest ok = Yes hosts allow = * [software] comment = Software path = /mnt/hde1/Software [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = IMEDIA.EXAMPLE.COM. dns_lookup_realm = false dns_lookup_kdc = false [realms] IMEDIA.EXAMPLE.COM. = { kdc = IMEDIAMSFT.IMEDIA.EXAMPLE.COM.:88 admin_server = IMEDIAMSFT.IMEDIA.EXAMPLE.COM:749 default_domain = IMEDIA.EXAMPLE.COM } [domain_realm] IMEDIAMSFT.IMEDIA.EXAMPLE.COM. = IMEDIA.EXAMPLE.COM. [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [EMAIL PROTECTED] root]# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads join / kinit /.conf syntax
-- From: Michael Brown [mailto:[EMAIL PROTECTED] -- Sent: Wednesday, February 18, 2004 7:50 PM ... -- On Wed, 18 Feb 2004 18:38:44 -0500 -- kaze [EMAIL PROTECTED] wrote: -- [EMAIL PROTECTED] root]# kinit -- -bash: kinit: command not found -- [EMAIL PROTECTED] root]# -- [EMAIL PROTECTED] root]# klist -- -bash: klist: command not found -- -- You have to install kerberos first (either MIT or Heimdal); it -- seems you don't -- have it on your system. -- You can find the source tarball for MIT Kerberos here: -- -- http://web.mit.edu/kerberos/dist/index.html -- -- Hope this helps. -- -- Michael Brown Yeah! I feel farther along, but it still doesn't work. I installed the krb5-workstation-1.3.1-6.i386.rpm and after re-reading http://www.samba.org/samba/docs/man/domain-member.html#ads-member restored /etc/krb5.conf to its original state. [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# rpm -qa | egrep krb5 krb5-libs-1.3.1-6 pam_krb5-2.0.4-1 krb5-workstation-1.3.1-6 [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# kinit -bash: kinit: command not found [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# ls -laF /usr/local/bin total 8 drwxr-xr-x2 root root 4096 Oct 7 07:16 ./ drwxr-xr-x 11 root root 4096 Feb 11 11:33 ../ [EMAIL PROTECTED] root]# /usr/local/bin is where the Installing and Configuring UNIX Client Machines section of http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.1/doc/krb5-install.html says kinit and the rest will be. Is there some other package I need to install or some script to run? Of course net ads join ... still returns failed: Cannot find KDC for requested realm What to do? - kaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba