Re: [Samba] Password server is not connected - cli not initilised issue
On Sat, Oct 04, 2008 at 10:30:28PM +1000, Jake Carroll wrote: Hi all, We are currently upgrading some core infrastructure and authentication hosts (Mac OS X 10.4.11 Open Directory/OpenLDAP/KDC -- 10.5.5). We've run into an interesting snag however. The Sun host that we use for sharing out files over Samba 3.0.28a (Sun's currently shipped, supported version of Samba) worked perfectly with the directory master running Mac OS X 10.4.11. When upgraded to 10.5.5 Server however, we are given the following errors on the samba/Sun side of things: [2008/10/04 17:40:59, 1, pid=2237] auth/auth_server.c:(247) password server is not connected (cli not initilised) I have done a bit of searching and can't actually find out what this *really* means. We need to see a debug log level 10 to see what is going on here. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password server is not connected - cli not initilised issue
Hi all, We are currently upgrading some core infrastructure and authentication hosts (Mac OS X 10.4.11 Open Directory/OpenLDAP/KDC -- 10.5.5). We've run into an interesting snag however. The Sun host that we use for sharing out files over Samba 3.0.28a (Sun's currently shipped, supported version of Samba) worked perfectly with the directory master running Mac OS X 10.4.11. When upgraded to 10.5.5 Server however, we are given the following errors on the samba/ Sun side of things: [2008/10/04 17:40:59, 1, pid=2237] auth/auth_server.c:(247) password server is not connected (cli not initilised) I have done a bit of searching and can't actually find out what this *really* means. Suffice to say, it is confusing, because, from a Mac OS X Leopard client, we can: smbclient -k //share.goes.here.now/share mount_smbfs //[EMAIL PROTECTED]/share /mount ...but in Mac OS X Leopard client finder/windows, we cannot! We are attempting an upgrade of our samba version to 3.2.x, in a slight attempt to see if this will resolve our problems, but we just don't know what cli not initilised actually means, let alone how the password server could possibly be disconnected, when it clearly works with smbclient and mount_smbfs. Very confusing. Thoughts/feedback are appreciated. Thanks all. JC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password server is not connected.
Hi Paul, thanks for your advice. I succeded in avoiding password server is not connected introducing security=domain instead of security=server and 2.2.12. About our choice on samba2 vs 3: compiling 3.x with Openldap was my first try but I encurred in the known problem on supplemtary groups documented on https://bugzilla.samba.org/show_bug.cgi?id=943 and http://lists.samba.org/archive/samba-technical/2003-December/033162.html. This can be avoided compiling with Sun/Netscape Ldap lib, and this was smoothful for me only with samba2 (and Sun DS 5.2). Bye. -roberto Paul Gienger wrote: We are using security=server, which is an Active Directory. I'm pretty sure that 2.2.x doesn't do active directory well, if at all. In any case, I would suggest 2.2.12 if you must use the old unsupported version. To compile 3.0.x to run against Sun's LDAP server, the stated procedure is to compile against openldap libraries, which will give you the abilitiy to talk to any ldap server. You just need to tell samba how to speak the language of ldap, not Sun's particular dialect. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password server is not connected.
Hi, we are rolling out a big Samba 2.2.8a installation. I used that version because I succeded in compiling it with Sun Directory Server 5.2 (ldap) libraries without any source modification. We are using security=server, which is an Active Directory. During our test we get a lot of random smbd/password.c:server_validate(1102) password server is not connected (note the password server is not specified) This is a random error: after a while then you can authenticate correctly. So I am guessing if there is some parameter which would avoid it. My smb.conf is: [global] workgroup = CTXHERA netbios name = SAMBATEST interfaces = samb2/255.255.255.0 bsamb2/255.255.255.0 bind interfaces only = Yes security = server password server = ctxdc1, ctxdc2 encrypt passwords = Yes server string = Area TEST SAMBA2 lock dir = /usr/local/samba2_test/var/locks pid directory = /usr/local/samba2_test/var/locks log file = /usr/local/samba2_test/var/logfile log level = 3 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE wide links = No create mask = 0770 directory mask = 0770 [PITECO] comment = PITECO_TEST browseable = yes writable = yes path = /samba/samba01/TEST/piteco_test Many thanks and best regards. -roberto -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password server is not connected.
We are using security=server, which is an Active Directory. I'm pretty sure that 2.2.x doesn't do active directory well, if at all. In any case, I would suggest 2.2.12 if you must use the old unsupported version. To compile 3.0.x to run against Sun's LDAP server, the stated procedure is to compile against openldap libraries, which will give you the abilitiy to talk to any ldap server. You just need to tell samba how to speak the language of ldap, not Sun's particular dialect. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password server is not connected line 1101 in password.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am trying to troubleshoot a problem where users who were authenticated fine are now unable to be authenticated. Looking at the logs I see password server is not connected note the 2 spaces between server and is, I checked line 1101 of password.c and it states: 1101: if (!cli-initialised) { 1102: DEBUG(1,(password server %s is not connected\n, cli-desthost)); 1103: return(False); 1104: } now it would appear that %s is not getting the name of the passwd server like it should. Any idea where to look from here? -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBP0z/9Sh4imLwvL+vEQIbpQCaAii+WRe948jo6kVp7NpAYCs8YCQAoN+Y /JfdeRRSSbDrM5T2pdZWNlVQ =aVhI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password server is not connected
On Wed, 2003-01-29 at 14:13, David Bear wrote: bringing the discussion back online -- thanks jerry for the responses. please see below.. On Tue, Jan 28, 2003 at 10:56:24AM -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 27 Jan 2003, David Bear wrote: thanks for the reply. I was not aware that I could use password server = somewindowserver with security = domain Yup. In fact, in Samba 3.0 you can use password server = DC1 DC2 * which will fail over to autolookups if DC1 and DC2 are unavailable. I would like to be able to use domain security. That buys me domain functionality with machine trusts. However, I DO NOT control the NT domain that we authenticated users against. So, my domain controller would be in the position of 1) storing and authenticating MACHINE accounts in its OWN smbpasswd file and 2) authentication users against a different smb server (in this case a windows active directory) which I do not control. You have a Samba PDC that is authenticating against a Windows NT PDC? No. This would not be a good configuration. Why do you need Samba as a PDC in this case? Actually this is a very valid scenario for us. We have central IT that provided AD and kerberos authentication services. However, they do not create administrative principal/identities for us. They only create user accounts. (and they manage all the links for password updates) This leaves us with a very powerfull service but powerless. Now I could bring up a windows AD and become an OU in the grand unified microsoft directory. But that has side effect that I don't want -- ie I don't want to rely on microsoft for something as important as directory service. What I prefer is to use CENTRAL account managment services for authenticating the unwashed masses. Then I want to create my own set of administrative principals that are authenticated against my own authentication servers (smbpasswd is fine now, but LDAP/kerberos is what I think the futurer holds) Then, we create our own domain controllers to manage user profiles -- and handle or OWN adminstrative identites (ergo we retain complete control of administrative accounts rather than relegate them to AD and have the possibility of an AD hack steal admin accounts). This would be similar to an old style trust relationship betwen NT domains. For large organizations even mickeysoft recommended have resource domains and user account domains. If SAMBA could implement this, then the trust would be a 'limited' trust -- very enticing? That trust of course limited to just authenticating users (and those users priviledge would further be contolled through our own group schema) and then not all users. Some may think this a strange request, but in a large university like ours, there is such decentralization that it makes sense. To recap, what I want is something like security = domain password server = somesmbserver without having to join the samba box to the domain This just isn't possible - or stable. security=domain *requires* the domain join, and security=server is slow, unstable (the conn can be dropped) and is really a bad idea. AND retain machine trust accounts on my samba box as well as additional administrative identities that could be used to manage machines in my domain.. AND be able to have additional samba servers join my domain as member servers and use a transitive relationship to authenticate users against my samba server which then authenticates to microsoft AD. My guess is this shouldn't be too hard to implement. I'm no C programmer though -- and this is way out of my league. Sounds like you want an NT4-style domain trust to the AD server. Indeed, I don't see why we can't even have a Win2k domain membership with that server. We need to do a little more work to winbindd, then it should 'just work'. The main thing we need to do is stop Samba 'locking up' when winbind is running, and referenced by nsswtich on the PDC. This occurs because winbind sends SAMR requests to localhost, which makes nsswtich calls, which can trigger the nss libs to talk to winbind again. After that, we just have a few little details to sort out, like putting the domain trust passwords into the PDB (allowing them to be shared via LDAP). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] password server is not connected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 Jan 2003, David Bear wrote: I have installed samba 2.2.7a on FreeBSD from the ports collection. I have used an existing samba config file which worked with samba 2.0.x. I am using security = server Use security = domain and your life will be easier. Server mode security requires that smbd maintain an open connection to the password server for the entire life of the client's connection. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 SAMS Teach Yourself Samba in 24 Hours 2ed You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+NYk+IR7qMdg1EfYRAjaoAKDtKwf8JXUZxkmjJTVZ9eiTa5wMjgCePViK AYVb0NROtVqZmCVLRV62Uvo= =x5lS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password server is not connected
I have installed samba 2.2.7a on FreeBSD from the ports collection. I have used an existing samba config file which worked with samba 2.0.x. I am using security = server Yesterday, a user attempting to use a print share started getting rejected with the message: [2003/01/22 13:52:21, 1] smbd/password.c:server_validate(1101) password server is not connected [2003/01/22 13:52:21, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'joeuser' in passdb. [2003/01/22 13:52:21, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'joeuser' in passdb. [2003/01/22 13:52:21, 1] smbd/reply.c:reply_sesssetup_and_X(1001) Rejecting user 'joeuser': authentication failed [2003/01/22 13:52:21, 1] smbd/password.c:server_validate(1101) password server is not connected The very strange thing is yesterday, I stopped and restarted samba thinking it may have some wierd/old instance running. That fixed it. However, today, the problem is back. Any attempt to print to the share fails. The password server is UP and running because other samba server authenticate users to it... These are samba 2.0.x servers. The password server is a win2k box. -- David Bear College of Public Programs/ASU Mail Code 0803 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba