Follow-up (solution): [Samba] set up for Active Directory

2009-04-20 Thread McGranahan, Jamen
Hello all -

Thank you for all the guidance. I wanted to let you all know we have had
success in getting our Sun Solaris 10 box connected to the Active
Directory. All tests pass now. Here is the final solution to the problem
I was having:

"Though the firewall might have been one of the issues, I was missing an
nss file. After finding this, all I had to do was create a soft link
from libnss_winbind.so.1 to nss_winbind.so.1. After restarting winbind,
I was able to successfully use getent."

Jamen McGranahan
Systems Services Librarian
Vanderbilt University

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-15 Thread McGranahan, Jamen
After doing some digging, I did discovered the libnss_winbind.so library
was not installed for some reason, so I copied it from my samba source
and placed it in the directory described here
(http://docs.sun.com/app/docs/doc/819-1081/6n3fc3r2v?a=view). I also
discovered the pid file in /var/samba/locks/winbindd.pid was not the
correct pid, so I just rm it and created a softlink to the actual file
(which was in /usr/local/samba/var/locks/). I restarted winbindd and
voila!, it's now running as a service. I'm now getting entries with
wbinfo -u and wbinfo -g. The next test is getent, which right now isn't
generating anything. This might be a firewall issue, so we're checking
with our ITS department with that. 

Jamen McGranahan
Systems Services Librarian
Vanderbilt University

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-15 Thread Hakan Stefansson
McGranahan, Jamen skrev:
> FYI - reconfiguring & recompiling samba seems to have worked. At least
> I'm further along than I have been. I've been able to join my domain,
> but now the last step is testing winbind to see a list of the domain
> users and groups. However, I'm not getting anything: just an error -
>
> # wbinfo -u
> Error looking up domain users
> # wbinfo -g
> Error looking up domain groups
>
> I've modified the nsswitch.conf file, started winbind (have actually
> restarted it a couple of times), but when I look at the services
> (issuing the svcs command), I see that winbind is in maintenance mode.
> How can I get it out of this mode?  Dag-nabbit - so close!
>
> Jamen McGranahan
> Systems Services Librarian
> Vanderbilt University
>
>   
Did you install the libnss_winbind.so library in /usr/lib? You must use
the library that was built with your Samba installation. A library that
came with Solaris will probably NOT work.

-hs

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-15 Thread McGranahan, Jamen
FYI - reconfiguring & recompiling samba seems to have worked. At least
I'm further along than I have been. I've been able to join my domain,
but now the last step is testing winbind to see a list of the domain
users and groups. However, I'm not getting anything: just an error -

# wbinfo -u
Error looking up domain users
# wbinfo -g
Error looking up domain groups

I've modified the nsswitch.conf file, started winbind (have actually
restarted it a couple of times), but when I look at the services
(issuing the svcs command), I see that winbind is in maintenance mode.
How can I get it out of this mode?  Dag-nabbit - so close!

Jamen McGranahan
Systems Services Librarian
Vanderbilt University

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-15 Thread McGranahan, Jamen
I tried your suggestion below, adding password server={keberos server}
line to my smb.conf but no change. It still gives me the same error...

Jamen McGranahan
Systems Services Librarian
Vanderbilt University


-Original Message-
From: samba-bounces+jamen.mcgranahan=vanderbilt@lists.samba.org
[mailto:samba-bounces+jamen.mcgranahan=vanderbilt@lists.samba.org]
On Behalf Of Bjoern Meier
Sent: Tuesday, April 14, 2009 1:03 PM
To: samba@lists.samba.org
Subject: Re: [Samba] set up for Active Directory

hi,

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member
.html
   
tell us:

ADS support not compiled in

Samba must be reconfigured (remove config.cache) and recompiled
(make clean all install) after the Kerberos libraries and headers
files are installed.


-- 
To boldly go where no man has gone before ... I'll wait there with
touristinformation
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-15 Thread McGranahan, Jamen
It was not in our version for some reason; hence, the reason why I have
had to install it. 
:-(

Jamen McGranahan
Systems Services Librarian
Vanderbilt University


-Original Message-
From: samba-bounces+jamen.mcgranahan=vanderbilt@lists.samba.org
[mailto:samba-bounces+jamen.mcgranahan=vanderbilt@lists.samba.org]
On Behalf Of David Markey
Sent: Tuesday, April 14, 2009 1:13 PM
To: samba@lists.samba.org
Subject: Re: [Samba] set up for Active Directory


Solaris 10 U6 comes with a samba that is capable to joining AD out of
the box.



Bjoern Meier wrote:
> hi,
>
> 2009/4/14 McGranahan, Jamen :
>> OK, I've installed the MIT version of KRB5 & samba appears to have
>> installed correctly. However, it appears that I am not able to join
my
>> domain.
>>
>> # ./net ads join -U mcgr...@ds.vanderbilt.edu
>> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
>>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
>> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
>>  Ignoring unknown parameter "realm"
>> ADS support not compiled in
>>
>> So I tried the -d3 version of ./net and got this:
>>
>> # ./net ads -d3 join -U mcgr...@vanderbilt.edu
>> [2009/04/14 11:17:10,  3] param/loadparm.c:lp_load_ex(8794)
>>  lp_load_ex: refreshing parameters
>> [2009/04/14 11:17:10,  3] param/loadparm.c:init_globals(4629)
>>  Initialising global parameters
>> [2009/04/14 11:17:10,  3] param/params.c:pm_process(569)
>>  params.c:pm_process() - Processing configuration file
>> "/usr/local/samba/lib/smb.conf"
>> [2009/04/14 11:17:10,  3] param/loadparm.c:do_section(7457)
>>  Processing section "[global]"
>> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_set_enum_parm(7097)
>>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
>> [2009/04/14 11:17:10,  1] param/loadparm.c:map_parameter(6131)
>>  Unknown parameter encountered: "realm"
>> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_do_parameter(7174)
>>  Ignoring unknown parameter "realm"
>> [2009/04/14 11:17:10,  2] lib/interface.c:add_interface(340)
>>  added interface ce1 ip=129.59.95.89 bcast=129.59.95.255
>> netmask=255.255.255.0
>> ADS support not compiled in
>> [2009/04/14 11:17:10,  2] utils/net.c:main(769)
>>  return code = -1
>>
>> I'm not sure where to check now. Please advise. Thank you!
>>
>> Jamen McGranahan
>> Systems Services Librarian
>> Vanderbilt University
>>
>>
>> -Original Message-
>> From: jerry [mailto:je...@samba.org]
>> Sent: Tuesday, April 14, 2009 9:40 AM
>> To: McGranahan, Jamen
>> Cc: samba@lists.samba.org
>> Subject: Re: [Samba] set up for Active Directory
>>
> McGranahan, Jamen wrote:
>
> >>> configure:59580: checking for ldap_initialize
> >>> configure:59663: result: no
> >>> configure:59676: error: Active Directory support requires
> >>> ldap_initialize
> Did the howto that was previously posted not help?
>
> My advice is to get the latest OpenLDAP and MIT krb5
> libs and install those.  Then rebuild Samba.  Life is
> to short to spend it trying to get code compiling :-)
> But it's your call.
>
>
>
>
> cheers, jerry
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
>>

>
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member
.html

> tell us:

> ADS support not compiled in

> Samba must be reconfigured (remove config.cache) and recompiled
> (make clean all install) after the Kerberos libraries and headers
> files are installed.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-15 Thread McGranahan, Jamen
Actually, I get results for LDAP, ADS, KRB, & WINBIND, which is why I
thought this would work:

# smbd -b|grep LDAP
   HAVE_LDAP_H
   HAVE_LDAP
   HAVE_LDAP_ADD_RESULT_ENTRY
   HAVE_LDAP_INIT
   HAVE_LDAP_INITIALIZE
   HAVE_LDAP_SASL_WRAPPING
   HAVE_LDAP_SET_REBIND_PROC
   HAVE_LIBLDAP
   LDAP_SET_REBIND_PROC_ARGS
# smbd -b|grep KRB
   HAVE_KRB5_H
   HAVE_KRB5_LOCATE_PLUGIN_H
   HAVE_ADDRTYPE_IN_KRB5_ADDRESS
   HAVE_INITIALIZE_KRB5_ERROR_TABLE
   HAVE_KRB5
   HAVE_KRB5_AUTH_CON_SETUSERUSERKEY
   HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
   HAVE_KRB5_C_ENCTYPE_COMPARE
   HAVE_KRB5_C_VERIFY_CHECKSUM
   HAVE_KRB5_ENCRYPT_BLOCK
   HAVE_KRB5_ENCRYPT_DATA
   HAVE_KRB5_ENCTYPE_TO_STRING
   HAVE_KRB5_ENCTYPE_TO_STRING_WITH_SIZE_T_ARG
   HAVE_KRB5_FREE_DATA_CONTENTS
   HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS
   HAVE_KRB5_FREE_UNPARSED_NAME
   HAVE_KRB5_FWD_TGT_CREDS
   HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
   HAVE_KRB5_GET_INIT_CREDS_OPT_FREE
   HAVE_KRB5_GET_PERMITTED_ENCTYPES
   HAVE_KRB5_GET_RENEWED_CREDS
   HAVE_KRB5_KEYBLOCK_IN_CREDS
   HAVE_KRB5_KEYTAB_ENTRY_KEY
   HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM
   HAVE_KRB5_KT_FREE_ENTRY
   HAVE_KRB5_LOCATE_KDC
   HAVE_KRB5_MK_REQ_EXTENDED
   HAVE_KRB5_PRINCIPAL2SALT
   HAVE_KRB5_PRINC_COMPONENT
   HAVE_KRB5_PRINC_REALM
   HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES
   HAVE_KRB5_SET_DEFAULT_TGS_KTYPES
   HAVE_KRB5_SET_REAL_TIME
   HAVE_KRB5_STRING_TO_KEY
   HAVE_KRB5_TKT_ENC_PART2
   HAVE_KRB5_USE_ENCTYPE
   HAVE_KRB5_VERIFY_CHECKSUM
   HAVE_LIBGSSAPI_KRB5
   HAVE_LIBKRB5
   HAVE_MAGIC_IN_KRB5_ADDRESS
   HAVE_SHORT_KRB5_MK_ERROR_INTERFACE
   HAVE_TICKET_POINTER_IN_KRB5_AP_REQ
   KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT
   KRB5_TICKET_HAS_KEYINFO
   KRB5_VERIFY_CHECKSUM_ARGS
# smbd -b|grep ADS
   WITH_ADS
   WITH_ADS
# smbd -b|grep WINBIND
   WITH_WINBIND
   WITH_WINBIND



Jamen McGranahan
Systems Services Librarian
Vanderbilt University


-Original Message-
From: jerry [mailto:je...@samba.org] 
Sent: Tuesday, April 14, 2009 1:15 PM
To: McGranahan, Jamen
Cc: samba@lists.samba.org
Subject: Re: [Samba] set up for Active Directory

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

McGranahan, Jamen wrote:
> OK, I've installed the MIT version of KRB5 & samba appears to have
> installed correctly. However, it appears that I am not able to join my
> domain.

If `smbd -b | WITH_ADS` returns nothing, then you don't have
ADS support (as the long indicates).  You're last email
was about insufficient ldap_initialize support.  SO did you
install the OpenLDAP client libs?

> # ./net ads join -U mcgr...@ds.vanderbilt.edu
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
>   WARNING: Ignoring invalid value 'ADS' for parameter 'security'
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
>   Ignoring unknown parameter "realm"
> ADS support not compiled in





cheers, jerry
- --
=
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5NKcIR7qMdg1EfYRAlLBAJ9YXh9Gw7z3SzosvYx25m6mNtVw3gCfXlPX
B9ic6Qk7LsQEzWm8B++6KP4=
=IIK5
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread David Markey
-bash-3.00# /usr/sfw/sbin/smbd -V
Version 3.0.33

Not the most the up to date release bit its progress.



jerry wrote:
> David Markey wrote:
> > Solaris 10 U6 comes with a samba that is capable to
> > joining AD out of the box.
>
> Woot!  didn't realize that.  Very good news :-)  What
> version is it (out of curiousity).
>
>
>
>
> cheers, jerry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread jerry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Markey wrote:
> Solaris 10 U6 comes with a samba that is capable to 
> joining AD out of the box.

Woot!  didn't realize that.  Very good news :-)  What
version is it (out of curiousity).




cheers, jerry
- --
=
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5NQCIR7qMdg1EfYRAgnZAJ9sXm1P62VCZcb2bEXC3uPXoT/jJACggntg
OZ+4s66c3R0B4KPjVMlJ1ho=
=f9nU
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread jerry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

McGranahan, Jamen wrote:
> OK, I've installed the MIT version of KRB5 & samba appears to have
> installed correctly. However, it appears that I am not able to join my
> domain.

If `smbd -b | WITH_ADS` returns nothing, then you don't have
ADS support (as the long indicates).  You're last email
was about insufficient ldap_initialize support.  SO did you
install the OpenLDAP client libs?

> # ./net ads join -U mcgr...@ds.vanderbilt.edu
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
>   WARNING: Ignoring invalid value 'ADS' for parameter 'security'
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
>   Ignoring unknown parameter "realm"
> ADS support not compiled in





cheers, jerry
- --
=
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5NKcIR7qMdg1EfYRAlLBAJ9YXh9Gw7z3SzosvYx25m6mNtVw3gCfXlPX
B9ic6Qk7LsQEzWm8B++6KP4=
=IIK5
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread David Markey

Solaris 10 U6 comes with a samba that is capable to joining AD out of
the box.



Bjoern Meier wrote:
> hi,
>
> 2009/4/14 McGranahan, Jamen :
>> OK, I've installed the MIT version of KRB5 & samba appears to have
>> installed correctly. However, it appears that I am not able to join my
>> domain.
>>
>> # ./net ads join -U mcgr...@ds.vanderbilt.edu
>> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
>>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
>> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
>>  Ignoring unknown parameter "realm"
>> ADS support not compiled in
>>
>> So I tried the -d3 version of ./net and got this:
>>
>> # ./net ads -d3 join -U mcgr...@vanderbilt.edu
>> [2009/04/14 11:17:10,  3] param/loadparm.c:lp_load_ex(8794)
>>  lp_load_ex: refreshing parameters
>> [2009/04/14 11:17:10,  3] param/loadparm.c:init_globals(4629)
>>  Initialising global parameters
>> [2009/04/14 11:17:10,  3] param/params.c:pm_process(569)
>>  params.c:pm_process() - Processing configuration file
>> "/usr/local/samba/lib/smb.conf"
>> [2009/04/14 11:17:10,  3] param/loadparm.c:do_section(7457)
>>  Processing section "[global]"
>> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_set_enum_parm(7097)
>>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
>> [2009/04/14 11:17:10,  1] param/loadparm.c:map_parameter(6131)
>>  Unknown parameter encountered: "realm"
>> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_do_parameter(7174)
>>  Ignoring unknown parameter "realm"
>> [2009/04/14 11:17:10,  2] lib/interface.c:add_interface(340)
>>  added interface ce1 ip=129.59.95.89 bcast=129.59.95.255
>> netmask=255.255.255.0
>> ADS support not compiled in
>> [2009/04/14 11:17:10,  2] utils/net.c:main(769)
>>  return code = -1
>>
>> I'm not sure where to check now. Please advise. Thank you!
>>
>> Jamen McGranahan
>> Systems Services Librarian
>> Vanderbilt University
>>
>>
>> -Original Message-
>> From: jerry [mailto:je...@samba.org]
>> Sent: Tuesday, April 14, 2009 9:40 AM
>> To: McGranahan, Jamen
>> Cc: samba@lists.samba.org
>> Subject: Re: [Samba] set up for Active Directory
>>
> McGranahan, Jamen wrote:
>
> >>> configure:59580: checking for ldap_initialize
> >>> configure:59663: result: no
> >>> configure:59676: error: Active Directory support requires
> >>> ldap_initialize
> Did the howto that was previously posted not help?
>
> My advice is to get the latest OpenLDAP and MIT krb5
> libs and install those.  Then rebuild Samba.  Life is
> to short to spend it trying to get code compiling :-)
> But it's your call.
>
>
>
>
> cheers, jerry
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
>>

> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

> tell us:

> ADS support not compiled in

> Samba must be reconfigured (remove config.cache) and recompiled
> (make clean all install) after the Kerberos libraries and headers
> files are installed.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread Bjoern Meier
hi,

2009/4/14 McGranahan, Jamen :
> OK, I've installed the MIT version of KRB5 & samba appears to have
> installed correctly. However, it appears that I am not able to join my
> domain.
>
> # ./net ads join -U mcgr...@ds.vanderbilt.edu
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
> [2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
>  Ignoring unknown parameter "realm"
> ADS support not compiled in
>
> So I tried the -d3 version of ./net and got this:
>
> # ./net ads -d3 join -U mcgr...@vanderbilt.edu
> [2009/04/14 11:17:10,  3] param/loadparm.c:lp_load_ex(8794)
>  lp_load_ex: refreshing parameters
> [2009/04/14 11:17:10,  3] param/loadparm.c:init_globals(4629)
>  Initialising global parameters
> [2009/04/14 11:17:10,  3] param/params.c:pm_process(569)
>  params.c:pm_process() - Processing configuration file
> "/usr/local/samba/lib/smb.conf"
> [2009/04/14 11:17:10,  3] param/loadparm.c:do_section(7457)
>  Processing section "[global]"
> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_set_enum_parm(7097)
>  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
> [2009/04/14 11:17:10,  1] param/loadparm.c:map_parameter(6131)
>  Unknown parameter encountered: "realm"
> [2009/04/14 11:17:10,  0] param/loadparm.c:lp_do_parameter(7174)
>  Ignoring unknown parameter "realm"
> [2009/04/14 11:17:10,  2] lib/interface.c:add_interface(340)
>  added interface ce1 ip=129.59.95.89 bcast=129.59.95.255
> netmask=255.255.255.0
> ADS support not compiled in
> [2009/04/14 11:17:10,  2] utils/net.c:main(769)
>  return code = -1
>
> I'm not sure where to check now. Please advise. Thank you!
>
> Jamen McGranahan
> Systems Services Librarian
> Vanderbilt University
>
>
> -Original Message-
> From: jerry [mailto:je...@samba.org]
> Sent: Tuesday, April 14, 2009 9:40 AM
> To: McGranahan, Jamen
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] set up for Active Directory
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> McGranahan, Jamen wrote:
>
>> configure:59580: checking for ldap_initialize
>> configure:59663: result: no
>> configure:59676: error: Active Directory support requires
>> ldap_initialize
>
> Did the howto that was previously posted not help?
>
> My advice is to get the latest OpenLDAP and MIT krb5
> libs and install those.  Then rebuild Samba.  Life is
> to short to spend it trying to get code compiling :-)
> But it's your call.
>
>
>
>
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJ5KAqIR7qMdg1EfYRAmrDAJ93XxnV/TdvFlV2cjMRryPes/r3jwCfW8pH
> qKFCqgc0v8mgtOmAyOxTXnc=
> =TdQv
> -END PGP SIGNATURE-
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

tell us:

ADS support not compiled in

Samba must be reconfigured (remove config.cache) and recompiled
(make clean all install) after the Kerberos libraries and headers
files are installed.


-- 
To boldly go where no man has gone before ... I'll wait there with
touristinformation
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


RE: [Samba] set up for Active Directory

2009-04-14 Thread McGranahan, Jamen
OK, I've installed the MIT version of KRB5 & samba appears to have
installed correctly. However, it appears that I am not able to join my
domain.

# ./net ads join -U mcgr...@ds.vanderbilt.edu
[2009/04/14 11:36:50,  0] param/loadparm.c:lp_set_enum_parm(7097)
  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
[2009/04/14 11:36:50,  0] param/loadparm.c:lp_do_parameter(7174)
  Ignoring unknown parameter "realm"
ADS support not compiled in

So I tried the -d3 version of ./net and got this:

# ./net ads -d3 join -U mcgr...@vanderbilt.edu
[2009/04/14 11:17:10,  3] param/loadparm.c:lp_load_ex(8794)
  lp_load_ex: refreshing parameters
[2009/04/14 11:17:10,  3] param/loadparm.c:init_globals(4629)
  Initialising global parameters
[2009/04/14 11:17:10,  3] param/params.c:pm_process(569)
  params.c:pm_process() - Processing configuration file
"/usr/local/samba/lib/smb.conf"
[2009/04/14 11:17:10,  3] param/loadparm.c:do_section(7457)
  Processing section "[global]"
[2009/04/14 11:17:10,  0] param/loadparm.c:lp_set_enum_parm(7097)
  WARNING: Ignoring invalid value 'ADS' for parameter 'security'
[2009/04/14 11:17:10,  1] param/loadparm.c:map_parameter(6131)
  Unknown parameter encountered: "realm"
[2009/04/14 11:17:10,  0] param/loadparm.c:lp_do_parameter(7174)
  Ignoring unknown parameter "realm"
[2009/04/14 11:17:10,  2] lib/interface.c:add_interface(340)
  added interface ce1 ip=129.59.95.89 bcast=129.59.95.255
netmask=255.255.255.0
ADS support not compiled in
[2009/04/14 11:17:10,  2] utils/net.c:main(769)
  return code = -1

I'm not sure where to check now. Please advise. Thank you!

Jamen McGranahan
Systems Services Librarian
Vanderbilt University


-Original Message-
From: jerry [mailto:je...@samba.org] 
Sent: Tuesday, April 14, 2009 9:40 AM
To: McGranahan, Jamen
Cc: samba@lists.samba.org
Subject: Re: [Samba] set up for Active Directory

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

McGranahan, Jamen wrote:

> configure:59580: checking for ldap_initialize
> configure:59663: result: no
> configure:59676: error: Active Directory support requires
> ldap_initialize

Did the howto that was previously posted not help?

My advice is to get the latest OpenLDAP and MIT krb5
libs and install those.  Then rebuild Samba.  Life is
to short to spend it trying to get code compiling :-)
But it's your call.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5KAqIR7qMdg1EfYRAmrDAJ93XxnV/TdvFlV2cjMRryPes/r3jwCfW8pH
qKFCqgc0v8mgtOmAyOxTXnc=
=TdQv
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


Re: [Samba] set up for Active Directory

2009-04-14 Thread jerry
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

McGranahan, Jamen wrote:

> configure:59580: checking for ldap_initialize
> configure:59663: result: no
> configure:59676: error: Active Directory support requires
> ldap_initialize

Did the howto that was previously posted not help?

My advice is to get the latest OpenLDAP and MIT krb5
libs and install those.  Then rebuild Samba.  Life is
to short to spend it trying to get code compiling :-)
But it's your call.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJ5KAqIR7qMdg1EfYRAmrDAJ93XxnV/TdvFlV2cjMRryPes/r3jwCfW8pH
qKFCqgc0v8mgtOmAyOxTXnc=
=TdQv
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] set up for Active Directory

2009-04-14 Thread McGranahan, Jamen
Running Sun OS 5.10 sparc.

 

OK, I am trying to establish an Active Directory connection from my Sun
Solaris box and am trying to utilize Samba to accomplish this task. I've
installed OpenLDAP & Samba, but when I run a few checks, it appears that
Samba is not seeing KRB or ADS, but is seeing LDAP & WINBIND. 

 

(This is Samba 3.3.3)

# cd /usr/local/samba/sbin

# smbd -b|grep LDAP

   HAVE_LDAP_H

   HAVE_LDAP

   HAVE_LDAP_INIT

   HAVE_LDAP_SASL_WRAPPING

   HAVE_LDAP_SET_REBIND_PROC

   HAVE_LIBLDAP

   LDAP_SET_REBIND_PROC_ARGS

# smbd -b|grep KRB

# smbd -b|grep ADS

# smbd -b|grep WINBIND

   WITH_WINBIND

   WITH_WINBIND

 

I thought it might have been something with my ./configure script I ran
for samba, so I tried it again, but this time it tells me ldap is not
initialized:

 

configure:59398: checking whether LDAP support is used

configure:59400: result: yes

configure:59423: checking for Active Directory and krb5 support

configure:59437: result: yes

configure:59580: checking for ldap_initialize

configure:59663: result: no

configure:59676: error: Active Directory support requires
ldap_initialize

 

UGH! So frustrating. I've been at this one project for a week now and
still have not been able to get this to work. Please - any guidance you
can provide would be a great help! Thank you!

 

***

* Jamen McGranahan 

* Systems Services Librarian 

* Library Information Technology Services

* Vanderbilt University

* Suite 700

* 110 21st Avenue South

* Nashville, TN  37240

* (615) 343-1614

* (615) 343-8834 (fax)

* jamen.mcgrana...@vanderbilt.edu

***

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba