Re: [Samba] Workstaion trust account
Hi! I did a new vampire on the NT4 and gott the accounts, I get an error saying "Could not find unix group 513" even though I have that group after running smbldap-populate prior to vampire. This does'nt seem to effect the creation of machine account because the machine account are there when I do a search. The problem now seems to be that the credential challenge is failing. The error log in samba says The part where I think it fails: [2007/01/26 14:21:00, 10] passdb/pdb_get_set.c:pdb_set_user_sid(544) pdb_set_user_sid: setting user sid S-1-5-21-1776119392-1335896148-119103078-1812 [2007/01/26 14:21:00, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1776119392-1335896148-119103078-1812 from rid 1812 [2007/01/26 14:21:00, 10] passdb/pdb_get_set.c:pdb_set_group_sid(580) pdb_set_group_sid: setting group sid S-1-5-21-1776119392-1335896148-119103078-513 [2007/01/26 14:21:00, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100) pdb_set_group_sid_from_rid: setting group sid S-1-5-21-1776119392-1335896148-119103078-513 from rid 513 [2007/01/26 14:21:00, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 513) - sec_ctx_stack_ndx = 0 [2007/01/26 14:21:00, 5] lib/util.c:dump_data(2053) [000] CB 97 46 42 57 0F 6D F6 24 BB F0 C9 64 AC EE A1 ..FBW.m. $...d... [2007/01/26 14:21:00, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_session_key(61) clnt_chal: 70AC8820288ECF8D [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_session_key(62) srv_chal : 3CB84822EABF4CD9 [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_session_key(63) clnt+srv : AC64D142124E1C67 [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_session_key(64) sess_key : 52D509DB5E8010B2 [2007/01/26 14:21:00, 4] libsmb/credentials.c:cred_create(90) cred_create [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_create(92) sess_key : 52D509DB5E8010B2 [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_create(93) stor_cred: 70AC8820288ECF8D [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_create(94) timestamp: 0 [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_create(95) timecred : 70AC8820288ECF8D [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_create(96) calc_cred: 4C5A39005039ED3F [2007/01/26 14:21:00, 4] libsmb/credentials.c:cred_assert(121) cred_assert [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_assert(123) challenge : B6348D471E1F0113 [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_assert(124) calculated: 4C5A39005039ED3F [2007/01/26 14:21:00, 5] libsmb/credentials.c:cred_assert(133) credentials check wrong Any Idea? Thanks! /Sermodi 2007/1/24, Andrew Bartlett <[EMAIL PROTECTED]>: On Wed, 2007-01-24 at 17:09 +0100, sermodi wrote: > Andrew Bartlett skrev: > > On Tue, 2007-01-23 at 17:50 +, Cardon Denis wrote: > > > >> Hi sermodi, > >> > >>> I'm having a problem adding a W2K workstaion to the domain samba+ldap. > >>> I can > >>> add it by logging with the local administartor then add to domain, but I > >>> would like to do it without doing it manually on every workstation. Have > >>> hundrads of workstations, I tried to add them by using smbldap scripts > >>> and I > >>> get an entry for the workstation but it still don't work. Is it even > >>> possible to only add a trust account on the PDC or do I have to do it > >>> from > >>> the windows client? > >>> > >> adding a workstation throught the windows "join a domain" gui does some > >> configuration change on the host computer. Modifying is not enough, in > >> any case you'll have to do a few thing on the windows box. However there > >> a few command line tools available from MS for joining a domain, so you > >> can write a small script to add the boxes. > >> > > > > There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent > > enough time to figure out the crypto. The 524 byte password buffer > > looks like one of the existing uses of this kind of buffer (like SAMR), > > but that didn't apparently work. > > > > Andrew Bartlett > > > > > Thanks for the reply. > About the client modification, on an existing (by existing I mean a > workstaion that have been trusted previously on another PDC, a NT4) the > client has already a password configured to the domain, the domain name > is the same and a net vampire have been done on the NT4. So what is the > different between the challenge made to NT4 and the one made to to the > new samba PDC? The whole purpose of the vampire process is that you s
Re: [Samba] Workstaion trust account
Andrew Bartlett skrev: On Tue, 2007-01-23 at 17:50 +, Cardon Denis wrote: Hi sermodi, I'm having a problem adding a W2K workstaion to the domain samba+ldap. I can add it by logging with the local administartor then add to domain, but I would like to do it without doing it manually on every workstation. Have hundrads of workstations, I tried to add them by using smbldap scripts and I get an entry for the workstation but it still don't work. Is it even possible to only add a trust account on the PDC or do I have to do it from the windows client? adding a workstation throught the windows "join a domain" gui does some configuration change on the host computer. Modifying is not enough, in any case you'll have to do a few thing on the windows box. However there a few command line tools available from MS for joining a domain, so you can write a small script to add the boxes. There is an RPC to do this (wkssvc_NetrJoinDomain2), but we never spent enough time to figure out the crypto. The 524 byte password buffer looks like one of the existing uses of this kind of buffer (like SAMR), but that didn't apparently work. Andrew Bartlett Thanks for the reply. About the client modification, on an existing (by existing I mean a workstaion that have been trusted previously on another PDC, a NT4) the client has already a password configured to the domain, the domain name is the same and a net vampire have been done on the NT4. So what is the different between the challenge made to NT4 and the one made to to the new samba PDC? About the scripts that could be used, any tips on how to write one? I know how to write .bat files my question is what commands should be used. The last question can I just turn of the trust checking? Thanks! /Sermodi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Workstaion trust account
Hi everybody! I'm having a problem adding a W2K workstaion to the domain samba+ldap. I can add it by logging with the local administartor then add to domain, but I would like to do it without doing it manually on every workstation. Have hundrads of workstations, I tried to add them by using smbldap scripts and I get an entry for the workstation but it still don't work. Is it even possible to only add a trust account on the PDC or do I have to do it from the windows client? Thanks! /Sermodi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC, allow only domain logons to use services
Hi! Should be able to be fixed with the share allowing only valid users. Try this [share] comment = data share path = /share valid users = %U guest ok = No browseable = Yes writeable = Yes /Sermed 2007/1/2, Mark de Ruijter <[EMAIL PROTECTED]>: Hi, I am running a nice Samba PDC that caters to a dozen or so Windows XP-SP2 clients. Point is, those clients should login to the domain, then access the shares. But they don't, some of the users are stubborn, refuse to login and just access the shares via direct IP. What I want is such a setup that only those users that are actually logged in to the PDC via domain logon can access the shares, is this possible? regards Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba+ldap windows problem
Hi! Happy new year to you all, I hade the line passwd program = /usr/bin/smbpasswd -r netbiosname -U %u which seems to work when I force the user to change the password. I tried the line you suggested but without any luck. Thanks for the reply. I have been on holiday until today so now it is back to cracking this thing. All ideas are welcome. Thanks /Sermed 2007/1/1, Tim Boneko <[EMAIL PROTECTED]>: Hello Sermodi & happy new year to all! sermodi schrieb: > The logon is working the only trouble is that I > can't get the option for changing the password, when I press the ctrl-alt-del, > the change password button is "unclickable". I`m looking for the declaration of a password change command in smb.conf (global). "passwd program" looks like what you need; a line like passwd program = /usr/bin/smbldap-passwd %u in smb.conf might help. WARNING: unchecked! I'm at home, no windows system available :-] timbo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba+ldap windows problem
Hi! Thanks for the reply Luis, maybe it is a windows issue but I thought maybe somebody in the mail list had some similar setup and if they had been able to change the password in windows. I got it to work in a previous setup once I changed the password encryption to yes. But in the new setup(only domain name change and new LDAP entries) it stopped working. Luis, sorry for sending you an empty replay pushed the wrong button :-) Regards Sermed Luis Daniel Lucio Quiroz skrev: That sounds more a win issue than a samba/ldap Dont you have a policy on changing password from your old win domain? Regards, LD Le jeudi 21 décembre 2006 10:08, sermodi a écrit : Hi everybody! I don't know if this is a samba or ldap problem, so here is the problem and you decide. I've installed Samba+LDAP to replace the windows solution. The workstation in the network are w2k so the need to logon to the samba+ldap for all the setting to be fetched. The logon is working the only trouble is that I can't get the option for changing the password, when I press the ctrl-alt-del, the change password button is "unclickable". If I change the mustchangepasswd to 0 the the users are forced to change the password, it works. I just can't get the changepassword button available. I have searched the web for days and can't find a solution, Thanks I have attached the smb.conf and slapd.conf /Sermed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba+ldap windows problem
Hi everybody! I don't know if this is a samba or ldap problem, so here is the problem and you decide. I've installed Samba+LDAP to replace the windows solution. The workstation in the network are w2k so the need to logon to the samba+ldap for all the setting to be fetched. The logon is working the only trouble is that I can't get the option for changing the password, when I press the ctrl-alt-del, the change password button is "unclickable". If I change the mustchangepasswd to 0 the the users are forced to change the password, it works. I just can't get the changepassword button available. I have searched the web for days and can't find a solution, Thanks I have attached the smb.conf and slapd.conf /Sermed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba