Hi. I have news. The Problem with 3.0.2-29 persisted, so I compiled 3.0.2a. ./configure --with-acl-support --with-winbind --with-ldap --with-ldapsam --w ith-pam --with-pam_smbpass --with-krb5=/usr/local --with-ads
One problem after that was the missing pam_winbind.so used by nssswitch.conf(?). Now I am as far as with 2.0.2-29. I can get an kinit Administrator-Ticket and can do a net join ads. But when I try to click on s7 in the Network-Section of S4 I get a [2004/03/19 09:33:06, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/03/19 09:33:06, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! [2004/03/19 09:33:06, 2] smbd/server.c:exit_server(558) Closing connections That worked with 3.0.2-29. I can connect via net use m: \\<ip>\share. I think there is a problem with nsswitch pam_*.so /lib/security/samba But how can I debug this? Sincerly, Axel Spallek Hülenweg 21 89134 Blaustein http://mail.map24.com/axel_spallek -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Axel Spallek Gesendet: Freitag, 27. Februar 2004 10:51 An: Samba Betreff: [Samba] Samba3 with W2K Native Mode Hi. I use Samba 3.0.2-29 on Server S7. In our network is a W2K Server named S4 running in Native Mode, Domain Name hel.lan. I tried to join the S4-Domain hel.lan. s7:~ # kinit [EMAIL PROTECTED] [EMAIL PROTECTED]'s Password: s7:~ # net ads join [2004/02/27 08:20:54, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for s7 already exists - modifying old account Using short domain name -- HEL Joined 'S7' to realm 'HEL.LAN' s7:~ # klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: [EMAIL PROTECTED] Issued Expires Principal Feb 27 08:20:12 Feb 27 18:20:12 krbtgt/[EMAIL PROTECTED] Feb 27 08:20:19 Feb 27 18:20:12 [EMAIL PROTECTED] Feb 27 08:20:19 Feb 27 18:20:12 kadmin/[EMAIL PROTECTED] rcsmb restart rcwinbind restart Last two are needed (don't know why) otherwise the new Credentials are not usable (getent gives error). These steps I have to do every morning, because the credentials expired. Is there a workaround? So far so good. Next I tried to use these getent passwd wbinfo -u wbinfo -g getent group without any problem. They work fine, I can see all users and groups from ADS. Next I tried to use a share. My smb.conf: # Samba config file created using SWAT # from 172.23.4.3 (172.23.4.3) # Date: 2004/02/16 15:00:31 # Global parameters [global] unix charset = LOCALE workgroup = HEL realm = HEL.LAN interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS password server = s4.hel.lan log level = 2 preferred master = No local master = No domain master = No wins server = s4.hel.lan ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + winbind use default domain = Yes [asx] path = /mnt/testsamba force user = root read only = No [test] path = /mnt/Test # force user = root read only = No create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 The directories definitively exist, but the only share I can use is the asx with force user = root. No matter which other user I try (even without the force user) I get the following error message in log.smbd: [2004/02/27 08:22:38, 2] smbd/server.c:open_sockets_smbd(318) waiting for a connection [2004/02/27 08:34:53, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677) '/mnt/Test' does not exist or is not a directory, when connecting to [test] [2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677) '/mnt/Test' does not exist or is not a directory, when connecting to [test] [2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677) '/mnt/Test' does not exist or is not a directory, when connecting to [test] [2004/02/27 08:35:19, 0] smbd/service.c:make_connection_snum(677) '/mnt/Test' does not exist or is not a directory, when connecting to [test] asx works: [2004/02/27 08:35:33, 1] smbd/service.c:make_connection_snum(705) 172.23.4.3 (172.23.4.3) connect to service asx initially as user root (uid=0, gid=0) (pid 732) I can move the force user= root to the test share and I have the same problem with asx. s7:~ # dir /mnt total 0 drwx------ 7 root root 184 Feb 16 13:41 . drwxr-xr-x 20 root root 464 Feb 18 12:20 .. drwxrwxrwx 3 as Domänen-Benutzer 72 Feb 16 13:57 Test drwxrwxrwx 3 akey users 440 Feb 18 13:11 testsamba As you can see the rights are changed to o+rwx for testing. No difference. "as" is a ADS-User. "Domänen-Benutzer" is a Group from ADS. As you can see I can do a "chown hel+as /mnt/test". akey and users are local. force user = akey doesn't work as well as force user hel+as Is this a bug? I did not find a patch. Can anyone help? s7:~ # cat /etc/krb5.conf [libdefaults] default_realm = HEL.LAN clockskew = 300 [realms] HEL.LAN = { kdc = S4.HEL.LAN # admin_server = MY.COMPUTER kpasswd_server = S4.HEL.LAN } # OTHER.REALM = { # kdc = OTHER.COMPUTER # } [domain_realm] hel.lan = HEL.LAN .hel.lan = HEL.LAN [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } s7:~ #cat /etc/nsswitch.conf passwd: files winbind shodow: files group: files winbind hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases: files Gruss, Axel Spallek Hülenweg 21 89134 Blaustein http://mail.map24.com/axel_spallek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba