Re: [Samba] need help running samba 3.0.11 with security=domain (again)
On Fri, 2006-03-24 at 08:20 +, Whitaker, Adrian N wrote: My original post didn't seem to work properly - so I am trying again ... I am having problems getting security=domain to work properly with Samba 3.0.11 (this seems to be the recommended configuration for the application which I use - ClearCase) Please upgrade to 3.0.21c, set 'security=ads', and start winbindd (the upgrade fixes bugs, the 'security=ads' option allows use of kerberos in AD, and starting winbind (even if not used in nsswitch.conf) allows use of the a persistent connection to the DC). The issues appear to be problems contacting your domain controller, so you may wish to take a network sniff and see what's going on. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] need help running samba 3.0.11 with security=domain (again)
My original post didn't seem to work properly - so I am trying again ... I am having problems getting security=domain to work properly with Samba 3.0.11 (this seems to be the recommended configuration for the application which I use - ClearCase) We are running on a Solaris 10 server. We created a machine account for the server and then ran the command to join the domain : net rpc join -S domain_controller -U user%pass Joined domain BP1. The fact that we got the joined domain message looked encouraging. I thought that this would update /usr/local/samba/private/secrets.tdb - but the timestamp of this file didn't change. Is this normal ? Maybe it is because we can now access the samba share from a client PC. However - it takes too long (around 15 seconds). Occasionally it fails altogether. If we set password server to * rather than hard coding a domain controller then it fails every time with access denied errors. If we switch to security=server it works OK. The smb.conf file contains the following [global] workgroup = BP1 security = DOMAIN password server = bp1xeudc042.bp1.ad.bp.com username map = /usr/local/samba/lib/username.map lm announce = No preferred master = No local master = No domain master = No kernel oplocks = No ldap ssl = no invalid users = root, bin, daemon, adm, sync, shutdown, halt, mail, news, uucp create mask = 0775 directory mask = 0775 case sensitive = No oplocks = No include = /usr/local/samba/lib/smb.conf.%m dos filemode = Yes [export] comment = ClearCase VOBs path = /export read only = No level2 oplocks = No The log file contains the following : added interface ip=149.184.200.182 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=149.184.200.181 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=149.184.200.27 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=172.28.17.231 bcast=172.28.17.255 nmask=255.255.255.0 [2006/03/23 16:41:57, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149) enumerate_domain_trusts: can't locate a DC for domain BP1 [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] 1LSTL211684] with the new password interface [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:41:57, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/23 16:42:01, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [WHITAKAN] - [WHITAKAN] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2006/03/23 16:42:01, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). ... ... [2006/03/23 16:42:01, 2] lib/interface.c:add_interface(79) added interface ip=172.28.17.231 bcast=172.28.17.255 nmask=255.255.255.0 [2006/03/23 16:42:05, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149) enumerate_domain_trusts: can't locate a DC for domain BP1 [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] 1LSTL211684] with the new password interface [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:42:05, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/23 16:42:05, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC BP1XEUDC042 (149.184.209.253) for domain BP1 [2006/03/23 16:42:05, 3] libsmb/cliconnect.c:cli_start_connection(1389) Connecting to host=BP1XEUDC042 [2006/03/23 16:42:05, 3] lib/util_sock.c:open_socket_out(752) Connecting to 149.184.209.253 at port 445 [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 ... ... [2006/03/23
[Samba] need help running samba 3.0.11 with security=domain
I am having problems getting security=domain to work properly with Samba 3.0.11 (this seems to be the recommended configuration for the application which I use - ClearCase) We are running on a Solaris 10 server. We created a machine account for the server and then ran the command to join the domain : net rpc join -S domain_controller -U user%pass Joined domain BP1. The fact that we got the joined domain message looked encouraging. I thought that this would update /usr/local/samba/private/secrets.tdb - but the timestamp of this file didn't change. Is this normal ? Maybe it is because we can now access the samba share from a client PC. However - it takes too long (around 15 seconds). Occasionally it fails altogether. If we set password server to * rather than hard coding a domain controller then it fails every time with access denied errors. If we switch to security=server it works OK. The smb.conf file contains the following [global] workgroup = BP1 security = DOMAIN password server = bp1xeudc042.bp1.ad.bp.com username map = /usr/local/samba/lib/username.map lm announce = No preferred master = No local master = No domain master = No kernel oplocks = No ldap ssl = no invalid users = root, bin, daemon, adm, sync, shutdown, halt, mail, news, uucp create mask = 0775 directory mask = 0775 case sensitive = No oplocks = No include = /usr/local/samba/lib/smb.conf.%m dos filemode = Yes [export] comment = ClearCase VOBs path = /export read only = No level2 oplocks = No The log file contains the following : added interface ip=149.184.200.182 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=149.184.200.181 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=149.184.200.27 bcast=149.184.200.255 nmask=255.255.255.0 [2006/03/23 16:41:53, 2] lib/interface.c:add_interface(79) added interface ip=172.28.17.231 bcast=172.28.17.255 nmask=255.255.255.0 [2006/03/23 16:41:57, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149) enumerate_domain_trusts: can't locate a DC for domain BP1 [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] 1LSTL211684] with the new password interface [2006/03/23 16:41:57, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:41:57, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/23 16:41:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/23 16:42:01, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [WHITAKAN] - [WHITAKAN] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2006/03/23 16:42:01, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). ... ... [2006/03/23 16:42:01, 2] lib/interface.c:add_interface(79) added interface ip=172.28.17.231 bcast=172.28.17.255 nmask=255.255.255.0 [2006/03/23 16:42:05, 3] libsmb/trusts_util.c:enumerate_domain_trusts(149) enumerate_domain_trusts: can't locate a DC for domain BP1 [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] 1LSTL211684] with the new password interface [2006/03/23 16:42:05, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:42:05, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/03/23 16:42:05, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/03/23 16:42:05, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC BP1XEUDC042 (149.184.209.253) for domain BP1 [2006/03/23 16:42:05, 3] libsmb/cliconnect.c:cli_start_connection(1389) Connecting to host=BP1XEUDC042 [2006/03/23 16:42:05, 3] lib/util_sock.c:open_socket_out(752) Connecting to 149.184.209.253 at port 445 [2006/03/23 16:42:06, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/03/23 16:42:06, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0)
