Re: [Samba] Problems making use of 2K PDC
Em Thu, Jan 30, 2003 at 10:37:29AM -0600, Kenny Mann escreveu: > I'm able to "join" the comain. I'm not, still getting errors... smbpasswd -j says I joined the domain. I can confirm that the samba machine shows up in the w2k AD. Nothing unusual in the logs but the excerpt below from the smbpasswd -j run: (...) Domain=[DISTRO] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] lsa_io_sec_qos: length c does not match size 8 <--- what is this? Joined domain DISTRO. Immediately afterwards I run: smbpasswd -t DISTRO -r TESTE011 -D 4 and get: (...) cli_net_req_chal: LSA Request Challenge from TESTE011 to PANDORA: 934D0AA570E6938A cred_session_key cred_create cli_net_auth2: srv:\\TESTE011 acct:PANDORA$ sc:6 mc: PANDORA chal C72569B51FC1D884 neg: 1ff cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine TESTE011. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2003/01/30 16:21:20 : change_trust_account_password: Failed to change password for domain DISTRO. Event viewer says: "The session setup from the computer PANDORA failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is PANDORA$." Now, is this a bug? Where should the missing $ be? mc? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems making use of 2K PDC
I'm able to "join" the comain. Wbinfo -t says secret is good. Wbinfo -u shows me 0xc22 Wbinfo --sequence says CDROBOT: DISCONNECTED The catchy thing is that I joined via smbpasswd and it said I joined. 'Joined domain CDROBOT' Very odd. Thanks! --KM > -Original Message- > From: Gaffey, Mike [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 29, 2003 4:06 PM > To: Kenny Mann > Cc: '[EMAIL PROTECTED]' > Subject: RE: [Samba] Problems making use of 2K PDC > > > I had the same problem except mine was working for several > months then decided to quit ... deleted the computers from > the domain and re-added them > using: > > smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password > > Works again, but I still don't understand what caused it. > > > -Original Message- > From: Kenny Mann [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 29, 2003 3:47 PM > To: [EMAIL PROTECTED] > Subject: [Samba] Problems making use of 2K PDC > > > I'm having problems with samba using the 2K PDC. > I've gotten it to successfully join the 2K PDC via smbpasswd. > Winbindd is running and I can ping it. I've tried googling, > but was unsuccessful at finding something useful. The Windows > 2K event viewer shows: > > The session setup from the computer DATASRV failed to > authenticate. The name of the account referenced in the > security database is DATASRV$. The following error occurred: > Access is denied. > > On my linux box, I'm using datasrv, does case matter? > My box is Lunar-Linux. > AMB Athlon XP 1700+ > 256MB PC2100 DDR Memory > 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 > Everything is installed on the 3.5GB > > PDC is Windows 2000 Server > Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and > 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the > big HD is just for stale data... Mostly backup) > > wbinfo -u gives > 0xc022 > > Wbinfo -t gives > Secret is good > > Smb.conf is > [global] > security = domain > encrypt passwords = yes > netbios name = Datasrv > workgroup = CDROBOT > log file = /var/log/samba/%m.log > password server = mainsrv > domain master = yes > os level = 65 > > winbind separator = + > winbind uid = 1-2 > winbind gid = 1-2 > winbind enum users = yes > winbind enum groups = yes > > template homedir = /home/winnt/%D/%U > > > [public] > comment = public > path = /home/tmp > read only = no > public = yes > > Testparm complains that the winbind separator might cause > problems with group memobship. I've tried using '-' and it > stopped complaining, but didn't fix the problem. I use '+' > because it's used in the docs. > > Has anyone experianced this? > Sometimes the users have problems signing on the the PDC > saying that no domain controller exist. Very weird, because > after a few tries it seems to work on 98/ME machines. 2K & XP > seem to experience this as well, but logon anyway. > > > If anyone needs more info, feel free to ask. TIA! > > --KM > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems making use of 2K PDC
It said command completed successfully. However still the same issue. Now tha tyo uhave said that, it sounds like that could be the problem. Would I need to reboot? Win98 machines can login sometimes. Sometimes It says cannot find domain controller. If Win2K is in native mode ,I would think it would deny access all the time. I'm going to hop to the MS mail list/news groups. You'r most likely right that this Is a 2K issue and not Samba. THANKS! > -Original Message- > From: Jan Chorowski [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 30, 2003 12:39 AM > To: Kenny Mann > Subject: Re: [Samba] Problems making use of 2K PDC > > > On Wed, Jan 29, 2003 at 03:47:09PM -0600, Kenny Mann wrote: > > > wbinfo -u gives > > 0xc022 > > > > Wbinfo -t gives > > Secret is good > > > your problem lies in the win2k native mode (denying access to > machines older than win2k). It's a security feature enabled > with the installation of windows. To disable it use: net > localgroup "Pre-Windows 2000 Compatible Access" everyone /add > > --KM > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > Jan Chorowski > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems making use of 2K PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 29 Jan 2003, Kenny Mann wrote: > Smb.conf is > [global] > security = domain > encrypt passwords = yes > netbios name = Datasrv > workgroup = CDROBOT > log file = /var/log/samba/%m.log > password server = mainsrv > domain master = yes don't mix security = domain and domain master = yes. Bad mojo. Set domaion master = no so smbd/winbindd can find the real Windows PDC. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+OT4DIR7qMdg1EfYRAvyBAKCVpQgE8G3Zfg9BQ81R+yeZjDHd0ACg8J5k oRET5v8nwFo6ooqHTSeTkyw= =agp8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems making use of 2K PDC
I had the same problem except mine was working for several months then decided to quit ... deleted the computers from the domain and re-added them using: smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password Works again, but I still don't understand what caused it. -Original Message- From: Kenny Mann [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 3:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Problems making use of 2K PDC I'm having problems with samba using the 2K PDC. I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd is running and I can ping it. I've tried googling, but was unsuccessful at finding something useful. The Windows 2K event viewer shows: The session setup from the computer DATASRV failed to authenticate. The name of the account referenced in the security database is DATASRV$. The following error occurred: Access is denied. On my linux box, I'm using datasrv, does case matter? My box is Lunar-Linux. AMB Athlon XP 1700+ 256MB PC2100 DDR Memory 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is installed on the 3.5GB PDC is Windows 2000 Server Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for stale data... Mostly backup) wbinfo -u gives 0xc022 Wbinfo -t gives Secret is good Smb.conf is [global] security = domain encrypt passwords = yes netbios name = Datasrv workgroup = CDROBOT log file = /var/log/samba/%m.log password server = mainsrv domain master = yes os level = 65 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U [public] comment = public path = /home/tmp read only = no public = yes Testparm complains that the winbind separator might cause problems with group memobship. I've tried using '-' and it stopped complaining, but didn't fix the problem. I use '+' because it's used in the docs. Has anyone experianced this? Sometimes the users have problems signing on the the PDC saying that no domain controller exist. Very weird, because after a few tries it seems to work on 98/ME machines. 2K & XP seem to experience this as well, but logon anyway. If anyone needs more info, feel free to ask. TIA! --KM -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems making use of 2K PDC
Reset the computer account in the 2k domain and rejoin the domain using: smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password Once that's done try: wbinfo -t If it says "Secret is good" then you're set to go.. Glenn Glenn --On Wednesday, January 29, 2003 3:47 PM -0600 Kenny Mann <[EMAIL PROTECTED]> wrote: I'm having problems with samba using the 2K PDC. I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd is running and I can ping it. I've tried googling, but was unsuccessful at finding something useful. The Windows 2K event viewer shows: The session setup from the computer DATASRV failed to authenticate. The name of the account referenced in the security database is DATASRV$. The following error occurred: Access is denied. On my linux box, I'm using datasrv, does case matter? My box is Lunar-Linux. AMB Athlon XP 1700+ 256MB PC2100 DDR Memory 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is installed on the 3.5GB PDC is Windows 2000 Server Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for stale data... Mostly backup) wbinfo -u gives 0xc022 Wbinfo -t gives Secret is good Smb.conf is [global] security = domain encrypt passwords = yes netbios name = Datasrv workgroup = CDROBOT log file = /var/log/samba/%m.log password server = mainsrv domain master = yes os level = 65 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U [public] comment = public path = /home/tmp read only = no public = yes Testparm complains that the winbind separator might cause problems with group memobship. I've tried using '-' and it stopped complaining, but didn't fix the problem. I use '+' because it's used in the docs. Has anyone experianced this? Sometimes the users have problems signing on the the PDC saying that no domain controller exist. Very weird, because after a few tries it seems to work on 98/ME machines. 2K & XP seem to experience this as well, but logon anyway. If anyone needs more info, feel free to ask. TIA! --KM -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Glenn E. Sieb System Administrator Lumeta Corporation +1 732 357-3514 (V) +1 732 564-0731 (Fax) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems making use of 2K PDC
I'm having problems with samba using the 2K PDC. I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd is running and I can ping it. I've tried googling, but was unsuccessful at finding something useful. The Windows 2K event viewer shows: The session setup from the computer DATASRV failed to authenticate. The name of the account referenced in the security database is DATASRV$. The following error occurred: Access is denied. On my linux box, I'm using datasrv, does case matter? My box is Lunar-Linux. AMB Athlon XP 1700+ 256MB PC2100 DDR Memory 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is installed on the 3.5GB PDC is Windows 2000 Server Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for stale data... Mostly backup) wbinfo -u gives 0xc022 Wbinfo -t gives Secret is good Smb.conf is [global] security = domain encrypt passwords = yes netbios name = Datasrv workgroup = CDROBOT log file = /var/log/samba/%m.log password server = mainsrv domain master = yes os level = 65 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U [public] comment = public path = /home/tmp read only = no public = yes Testparm complains that the winbind separator might cause problems with group memobship. I've tried using '-' and it stopped complaining, but didn't fix the problem. I use '+' because it's used in the docs. Has anyone experianced this? Sometimes the users have problems signing on the the PDC saying that no domain controller exist. Very weird, because after a few tries it seems to work on 98/ME machines. 2K & XP seem to experience this as well, but logon anyway. If anyone needs more info, feel free to ask. TIA! --KM -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
