Re: [Samba] Repost: Cached credentials not working
Saturday, December 27, 2003, 5:51:31 AM, Andrew wrote: > On Fri, 2003-12-26 at 15:47, Beast wrote: >> Friday, December 26, 2003, 11:07:54 AM, John wrote: >> >> > On Fri, 26 Dec 2003, Beast wrote: >> >> >> Friday, December 19, 2003, 4:15:40 PM, John wrote: >> >> >> >> > Roel, >> >> >> >> > To the best of my knowledge, Samba does not trigger the Win XPP Caching of >> >> > domain logon credentials. >> >> >> >> Hi, >> >> >> >> Is there any way to ask samba to trigger caching domain logon? i have >> >> many (>20) laptop users, so it would be headache if caching is not >> >> many (>possibel. >> >> Tks. >> >> > The caching involves the use of pure kerberos based authentication. Samba >> > does not do that as this is solely supported by Active Directory. >> >> Caching is working on Win NT4.0 domain which (afaik) did not use kerberos. >> Tested clients: Win 2000 (SP0-SP3) WinXP (SP0-SP1). > So now you just need to figure out what we do differently :-) Hello Andrew, I've just try it myself. I was able to login even when i take out the network cable. It seems that domain logon caching is client side issue, nothing todo with smb domain server. Try it on Win2000 Sp0 and SP3. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repost: Cached credentials not working
On Fri, 2003-12-26 at 15:47, Beast wrote: > Friday, December 26, 2003, 11:07:54 AM, John wrote: > > > On Fri, 26 Dec 2003, Beast wrote: > > >> Friday, December 19, 2003, 4:15:40 PM, John wrote: > >> > >> > Roel, > >> > >> > To the best of my knowledge, Samba does not trigger the Win XPP Caching of > >> > domain logon credentials. > >> > >> Hi, > >> > >> Is there any way to ask samba to trigger caching domain logon? i have > >> many (>20) laptop users, so it would be headache if caching is not > >> many (>possibel. > >> Tks. > > > The caching involves the use of pure kerberos based authentication. Samba > > does not do that as this is solely supported by Active Directory. > > Caching is working on Win NT4.0 domain which (afaik) did not use kerberos. > Tested clients: Win 2000 (SP0-SP3) WinXP (SP0-SP1). So now you just need to figure out what we do differently :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repost: Cached credentials not working
Friday, December 26, 2003, 11:07:54 AM, John wrote: > On Fri, 26 Dec 2003, Beast wrote: >> Friday, December 19, 2003, 4:15:40 PM, John wrote: >> >> > Roel, >> >> > To the best of my knowledge, Samba does not trigger the Win XPP Caching of >> > domain logon credentials. >> >> Hi, >> >> Is there any way to ask samba to trigger caching domain logon? i have >> many (>20) laptop users, so it would be headache if caching is not >> many (>possibel. >> Tks. > The caching involves the use of pure kerberos based authentication. Samba > does not do that as this is solely supported by Active Directory. Caching is working on Win NT4.0 domain which (afaik) did not use kerberos. Tested clients: Win 2000 (SP0-SP3) WinXP (SP0-SP1). --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repost: Cached credentials not working
On Fri, 26 Dec 2003, Beast wrote: > Friday, December 19, 2003, 4:15:40 PM, John wrote: > > > Roel, > > > To the best of my knowledge, Samba does not trigger the Win XPP Caching of > > domain logon credentials. > > Hi, > > Is there any way to ask samba to trigger caching domain logon? i have > many (>20) laptop users, so it would be headache if caching is not > many (>possibel. > Tks. The caching involves the use of pure kerberos based authentication. Samba does not do that as this is solely supported by Active Directory. I know of no way to incite a Windows XP client to do this when Samba is providing the Domain control. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repost: Cached credentials not working
Friday, December 19, 2003, 4:15:40 PM, John wrote: > Roel, > To the best of my knowledge, Samba does not trigger the Win XPP Caching of > domain logon credentials. Hi, Is there any way to ask samba to trigger caching domain logon? i have many (>20) laptop users, so it would be headache if caching is not many (>possibel. Tks. > - John T. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repost: Cached credentials not working
Roel, To the best of my knowledge, Samba does not trigger the Win XPP Caching of domain logon credentials. - John T. On Fri, 19 Dec 2003, Roel van Os wrote: > Hello all, > > I'm setting up a domain using Samba 3.0 as PDC, with WinXP clients. One > of these clients is a laptop, which should be able to use cached > profiles of the domain users. Online logon is working fine, however when > the domain server is not available it cannot logon, whereas it should be > able to use cached credentials to access the cached profile. Windows > says it cannot log on because the domain is unavailable. > > The policy setting controlling the number of cached credentials is set > to 10 (which is the default), so that shouldn't be the problem. > > I'm using Windows XP with the latest updates, and Samba 3.0 on a fresh > installation of Debian unstable. I've also tested Windows 2000 as a > client: same problem. I've tested Windows NT Server as a domain > controller: it works fine, so the problem appears to be something > samba-related. > > > I don't know if it's related, but the following message keeps appearing > in the logs when I log off a domain user: > > get_domain_user_groups: primary gid of user [roel] is not a Domain group > get_domain_user_groups: You should fix it, NT doesn't like that > > The UNIX user roel is a member of users (gid 100), and I've set up the > group mapping as follows (using net groupmap): > > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Users (S-1-5-21-3779735966-2028519041-1045582398-513) -> users > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Domain Admins (S-1-5-21-3779735966-2028519041-1045582398-512) -> ntadmin > Domain Guests (S-1-5-21-3779735966-2028519041-1045582398-514) -> nogroup > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> users > > Can anyone help me with these problems? I've searched the archives and > the web, and found no indication that anyone is having similar problems. > > Thanks in advance, > Roel van Os. > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Repost: Cached credentials not working
Hello all, I'm setting up a domain using Samba 3.0 as PDC, with WinXP clients. One of these clients is a laptop, which should be able to use cached profiles of the domain users. Online logon is working fine, however when the domain server is not available it cannot logon, whereas it should be able to use cached credentials to access the cached profile. Windows says it cannot log on because the domain is unavailable. The policy setting controlling the number of cached credentials is set to 10 (which is the default), so that shouldn't be the problem. I'm using Windows XP with the latest updates, and Samba 3.0 on a fresh installation of Debian unstable. I've also tested Windows 2000 as a client: same problem. I've tested Windows NT Server as a domain controller: it works fine, so the problem appears to be something samba-related. I don't know if it's related, but the following message keeps appearing in the logs when I log off a domain user: get_domain_user_groups: primary gid of user [roel] is not a Domain group get_domain_user_groups: You should fix it, NT doesn't like that The UNIX user roel is a member of users (gid 100), and I've set up the group mapping as follows (using net groupmap): System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-3779735966-2028519041-1045582398-513) -> users Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Admins (S-1-5-21-3779735966-2028519041-1045582398-512) -> ntadmin Domain Guests (S-1-5-21-3779735966-2028519041-1045582398-514) -> nogroup Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> users Can anyone help me with these problems? I've searched the archives and the web, and found no indication that anyone is having similar problems. Thanks in advance, Roel van Os. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
