[Samba] station can t join domain due to wins cache
Hello, A problem that might be usefull to mention (or not). Sometimes, I encountered a problem with some stations that couldn t join the samba domain. It was due to the wins cache. (the samba conf was configured to provide wins service) I had already joined the domain with those stations before during tests. The solution was to stop samba and erase the wins cache (by default on debian lenny /var/lib/samba/wins.dat). Then I had to restart samba and the file was regenerated. In my opinion, the best bet is probably to turn off wins service while stations join the domain but I am not an expert. -- Stephane Durieux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba domain member server
Hello, I would like someone to confirm my understanding of winbind use in a samba domain member server . First, I think (correct me if I am wrong) that winbind create dynamically association between unix id and windows sid. The domain we use is a samba, openldap domain and the samba server domain use for the moment ldap authentification and resolution. The problem is that I have declared local idmap on the samba member server. So, I think a collision between ldap id and unix id may appear unless I dismiss ldap resolution. (You confirm it?) Otherwise, is that possible to declare an idmap refering to ldap samba accounts (unix and linux) in the ldap. Thanks for help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] linux windows synchronisation account : linux client configuration
Hello, I m trying to make unix and linux password synchronisation with samba using ldap backend, the only question that remains : How can I make passwd command use the samba server ? I have tried pam_smbpass.so librairy in /etc/pam.d/common-password but it only works on the samba server not on the linux client. I have noticed in the documentation it s because synchronisation is made in the local smb backend Besides, when I tried the "net rpc password" command on the client it try to connect to 127.0.0.1. However I am almost sure that I have already make it work on a client but I can remember how ... Does another pam librairy exist or is winbind the only solution Thanks for reply -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] linux unix passwd synchronisation : linux client configuration
Hello, I m trying to make unix and linux password synchronisation with samba using ldap backend, the only question that remains : How can I make passwd command use the samba server ? I have tried pam_smbpass.so librairy in /etc/pam.d/common-password but it only works on the samba server not on the linux client. I have noticed in the documentation it s because synchronisation is made in the local smb backend Besides, when I tried the "net rpc password" command on the client it try to connect to 127.0.0.1. However I am almost sure that I have already make it work on a client but I can remember how ... Does another pam librairy exist or is winbind the only solution Thanks for reply -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profile and home share on a remote server
Hello Is it possible to configure profile and home share on a remote server in smb.conf of a PDC (a NAS server member of the domain for example) thanks for reply Stephane Durieux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] utility of winbind on a pdc ?
Hi I can t see the utility of winbind on a PDC if the ldap backend contains users accounts belongs to sambasamaccount, posix and shadowaccount classes Can someone tell me more about this ? Thanks Stephane Durieux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] interest of winbind
Hello I plan to make unification between unix and windows accounts I have configured a samba pdc with local linux accounts I will create ldap accounts So my understanding of the interest of windbind in my situation is the following: - it will avoid me to create an account for linux and for windows in the ldap server and to synchronise passwd by only creating one windows account in the ldap and an idmap table. Thus I will have to configure pam and libnss to use windbind on each client. Am I right ? Can someone give me a short advice Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] newbie : mapping problem between linux and samba users
Hello
I have a mapping problem between linux and samba users
logged as a domain user steph under windows, I try to update the
password but a message like
"you don't have the right to do that operation" appeals.
Logged as root I can do it.
When I dismiss the synchronisation between linux and windows users,
it works !!
I have also noticed that I can only make mapping between pre defined
windows
with "net groupmap set" and not "net groupmap add sid= unixgroup= "
which started to fail each time.
(don t know if it s a normal behaviour)
So I have though it was due to a problem in my tdb database file and I
run a check tools giving no problem.
So I put here my mappings :
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-3113648812-2111614216-3829755549-512) -> root
Domain Guests (S-1-5-21-3113648812-2111614216-3829755549-514) -> -1
Power Users (S-1-5-32-547) -> users
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-3113648812-2111614216-3829755549-513) -> users
the logs I have obtained (noticing there is a problem with a share
secret between the window host and the server but which secret ? a
secret for trusted domain ?? no relation with my problem !!!) :
[[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info_map(224)
make_user_info_map: Mapping user [GII]\[steph] from workstation [ESSAI]
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/02/03 15:53:35, 5] auth/auth_util.c:is_trusted_domain(1560)
is_trusted_domain: Checking for domain trust with [GII]
[2006/02/03 15:53:35, 5]
passdb/secrets.c:secrets_fetch_trusted_domain_password(333)
secrets_fetch failed!
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 10] lib/gencache.c:gencache_get(285)
Cache entry with key = TDOM/GII couldn't be found
[2006/02/03 15:53:35, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch(184)
no entry for trusted domain GII found.
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(132)
attempting to make a user_info for steph (steph)
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(142)
making strings for steph's user_info struct
[2006/02/03 15:53:35, 5] auth/auth_util.c:make_user_info(184)
making blobs for steph's user_info struct
[2006/02/03 15:53:35, 10] auth/auth_util.c:make_user_info(200)
made an encrypted user_info for steph (steph)
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2006/02/03 15:53:35, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by NTLMSSP
callback (NTLM2)
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2006/02/03 15:53:35, 5] lib/util.c:dump_data(1995)
[000] 25 C6 28 63 8E 66 60 20 %.(c.f`
[2006/02/03 15:53:35, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: guest had nothing to say
[2006/02/03 15:53:35, 8] lib/util.c:is_myname(1815)
is_myname("GII") returns 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/02/03 15:53:35, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_nt_user_token(485)
NT user token: (NULL)
[2006/02/03 15:53:35, 5] auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 0
here is my smb.conf
-
[global]
netbios name = samba-1
workgroup = GII
server string = %h server
wins support = yes
dns proxy = no
log file = /var/log/samba/log.%m
syslog=0
log level = 200
max log size = 1000
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd chat = "*Enter\snew\sUNIX\spassword:*" %n\n
"*Retype\snew\sUNIX\spassword:*" %n\n "*"
[Samba] NT4 to samba ldap
Hello, so as to migrate a NT4 domain to a another samba domain I need to know one thing: once the migration is done if I change the name of the domain will it work, is there any problem with the SID Thanks for reply -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP: get samba user sid
Hi so as to populate a ldap backend database (samba SID field in sambaSamaccount class) I need to get samba users SID, I ve tried net usersidlist but it doesn t give anything (it seems to be usefull only with winbind) , can someone help me thanks Stephane -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
