RE: [Samba] Samba + Windows 2003 AD
to bgdc.undervisning.local [2009/01/09 19:12:41, 3] lib/util_sock.c:interpret_string_addr_internal(122) interpret_string_addr_internal: getaddrinfo failed for name bgdc.undervisning.local [Name or service not known] [2009/01/09 19:12:41, 3] lib/util_sock.c:interpret_addr(158) interpret_addr: Unknown host. bgdc.undervisning.local [2009/01/09 19:12:41, 1] libads/cldap.c:recv_cldap_netlogon(156) no reply received to cldap netlogon [2009/01/09 19:12:41, 1] libnet/libnet_join.c:libnet_Join(1801) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to find DC for domain UNDERVISNING.LOCAL' domain_is_ad : 0x00 (0) result : WERR_DOMAIN_CONTROLLER_NOT_FOUND [2009/01/09 19:12:41, 10] intl/lang_tdb.c:lang_tdb_init(138) lang_tdb_init: /usr/share/samba/da_DK:da:en_GB:en.msg: No such file or directory Failed to join domain: failed to find DC for domain UNDERVISNING.LOCAL [2009/01/09 19:12:41, 2] utils/net.c:main(1172) return code = -1 # nslookup undervisning.local Server:10.3.17.1 Address:10.3.17.1#53 Name:undervisning.local Address: 10.3.17.8 Name:undervisning.local Address: 10.3.17.1 # nslookup bgdc.undervisning.local Server:10.3.17.1 Address:10.3.17.1#53 Name:bgdc.undervisning.local Address: 10.3.17.1 BTW. I have updated my SMB to version 3.2.7 with LDAP and ADS support Med Venlig Hilsen / Best regards Henrik Dige Semark From: hendig...@hotmail.com To: ag...@aeso.ca; samba@lists.samba.org Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 22:42:44 + I don't know way my last mail did not got posted, but now I have add my domains to my resolv.conf mail:~# nslookup undervisning.local Server: 10.3.17.1 Address:10.3.17.1#53 Name: undervisning.local Address: 10.3.17.1 Name: undervisning.local Address: 10.3.17.8 nslookup bgdc.undervisning.local Server: 10.3.17.1 Address:10.3.17.1#53 Name: bgdc.undervisning.local Address: 10.3.17.1 But its still the same error when I try to join the debian with Win2k3 domain [2009/01/08 23:39:30, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error [2009/01/08 23:39:30, 2] utils/net.c:main(988) return code = -1 I might think that its my anonymous user on the win-server that isen't configured right as Avron said in the first mail (https://bugzilla.samba.org/show_bug.cgi?id=4771) Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:59:06 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org I have two domains. One is production and one is development. - - - - - - Development domain: bash-2.05# cat /etc/resolv.conf domain dev.ca search dev.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C - - - - - - Production domain: bash-2.05# cat /etc/resolv.conf doamin prod.ca search prod.ca nameserver xxx.xxx.xxx.xx nameserver xxx.xxx.xxx.yy bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - I have one host that sees BOTH domains: # cat /etc/resolv.conf doamin dev.ca search dev.ca prod.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy nameserver xxx.xxx.xxx.xx bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - Can you ping XXX.UNDERVISNING.LOCAL by IP address? Can you nslookup XXX.UNDERVISNING.LOCAL? - Avron _ Del dine billeder med alle vennerne med Windows Live Photo Gallery. http://download.live.com/photogallery-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + Windows 2003 AD
Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) Processing section [global] doing parameter server string = Debian 4.0 - Samba %v - BDC doing parameter netbios name = mail [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) handle_netbios_name: set global_myname to: MAIL doing parameter workgroup = UNDERVISNING doing parameter display charset = ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset 646 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ISO-8859-1 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset ISO-8859-1 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS2-HEX [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS2-HEX doing parameter unix charset = UTF-8 doing parameter dos charset = ASCII doing parameter Inherit permissions = yes doing parameter Inherit owner = yes doing parameter security = ADS doing parameter idmap uid = 500-1000 doing parameter idmap gid = 500-1000 doing parameter template shell = /bin/bash doing parameter winbind use default domain = yes doing parameter winbind separator = % doing parameter winbind enum users = yes doing parameter winbind enum groups =
RE: [Samba] Samba + Windows 2003 AD
Sorry to Avron for sending my answer direct and not over the groupe :) Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) Processing section [global] doing parameter server string = Debian 4.0 - Samba %v - BDC doing parameter netbios name = mail [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) handle_netbios_name: set global_myname to: MAIL doing parameter workgroup = UNDERVISNING doing parameter display charset = ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-16BE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UTF-8 [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset 646 [2009/01/08 17:10:15, 5] lib
RE: [Samba] Samba + Windows 2003 AD
How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc:db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) Processing section [global] doing parameter server string = Debian 4.0 - Samba %v - BDC doing parameter netbios name = mail [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) handle_netbios_name: set global_myname to: MAIL doing parameter workgroup = UNDERVISNING doing parameter display charset = ASCII [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) Registered charset UCS-2LE [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) Attempting to register new charset UTF-16LE [2009/01/08 17:10:15, 5] lib
RE: [Samba] Samba + Windows 2003 AD
Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc:db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) Processing section [global] doing parameter server string = Debian 4.0 - Samba %v - BDC doing parameter netbios name = mail [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) handle_netbios_name: set global_myname to: MAIL doing parameter workgroup = UNDERVISNING doing parameter display charset = ASCII [2009/01/08 17:10
RE: [Samba] Samba + Windows 2003 AD
Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:22:05 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc:db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2009/01/08 17:10:15, 3
RE: [Samba] Samba + Windows 2003 AD
Is the name of the existing Windows Domain UNDERVISNING.LOCAL? On my host: tstsmb08|/#ping -I 1 domain.ca PING domain.ca: 56 data bytes 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms ^C Now, if you run: ping -I 1 birke-gym.dk the domain controller should respond Can you ping any hosts on the undervisning.local domain? ie: ping -I 1 hostname1.undervisning.local ping -I 1 hostname2.undervisning.local - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:24 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:22:05 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc: db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 9:13 AM To: Samba list Subject: [Samba] Samba + Windows 2003 AD Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead. I have: Debian 4.0r4 Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 krb5 Version 1.4.4-7etch6 Kernel Version 2.6.18-6-amd64 A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 -- When I try to connect my samba to the DC I get this output: # net ads join -U Administrator --debuglevel=10 [2009/01/08 17:10:15
RE: [Samba] Samba + Windows 2003 AD
When I run mail:~# ping -I eth3 bgdc.birke-gym.dk PING bgdc.birke-gym.dk (10.3.17.1) from 10.3.16.1 eth3: 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.142 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.230 ms but if I just type: mail:~# ping -I eth3 birke-gym.dk ping: unknown host birke-gym.dk and no, I cant ping anything with XXX.UNDERVISNING.LOCAL How do I set this up in my resolv.conf ? If it's possible can you then post your resolv.conf ? Solaris an Debian is much alike :P Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:36:51 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Is the name of the existing Windows Domain UNDERVISNING.LOCAL? On my host: tstsmb08|/#ping -I 1 domain.ca PING domain.ca: 56 data bytes 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms ^C Now, if you run: ping -I 1 birke-gym.dk the domain controller should respond Can you ping any hosts on the undervisning.local domain? ie: ping -I 1 hostname1.undervisning.local ping -I 1 hostname2.undervisning.local - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:24 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:22:05 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc: db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin ma...@undervisning.local's password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:25:47 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Have you run: net ads testjoin Does it say Join is OK? This might not be related... I had to compile samba 3.0.33 to get around a Windows Domain restriction issue: https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that if the \NETLOGON pipe is opened up on the Windows AD server, the join works fine. As soon as it is restricted via domain policies, it restricts anonymous access to the ports. As soon as this happens, we are unable to complete a net join ads successfully. - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso
RE: [Samba] Samba + Windows 2003 AD
I have two domains. One is production and one is development. - - - - - - Development domain: bash-2.05# cat /etc/resolv.conf domain dev.ca search dev.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C - - - - - - Production domain: bash-2.05# cat /etc/resolv.conf doamin prod.ca search prod.ca nameserver xxx.xxx.xxx.xx nameserver xxx.xxx.xxx.yy bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - I have one host that sees BOTH domains: # cat /etc/resolv.conf doamin dev.ca search dev.ca prod.ca nameserver yyy.yyy.yyy.xx nameserver yyy.yyy.yyy.yy nameserver xxx.xxx.xxx.xx bash-2.05# ping -I 1 dev.ca PING dev.ca: 56 data bytes 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms 64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms ^C bash-2.05# ping -I 1 prod.ca PING prod.ca: 56 data bytes 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms 64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms ^C - - - - - - Can you ping XXX.UNDERVISNING.LOCAL by IP address? Can you nslookup XXX.UNDERVISNING.LOCAL? - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:48 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD When I run mail:~# ping -I eth3 bgdc.birke-gym.dk PING bgdc.birke-gym.dk (10.3.17.1) from 10.3.16.1 eth3: 56(84) bytes of data. 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128 time=0.142 ms 64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128 time=0.230 ms but if I just type: mail:~# ping -I eth3 birke-gym.dk ping: unknown host birke-gym.dk and no, I cant ping anything with XXX.UNDERVISNING.LOCAL How do I set this up in my resolv.conf ? If it's possible can you then post your resolv.conf ? Solaris an Debian is much alike :P Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:36:51 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Is the name of the existing Windows Domain UNDERVISNING.LOCAL? On my host: tstsmb08|/#ping -I 1 domain.ca PING domain.ca: 56 data bytes 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms 64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms ^C Now, if you run: ping -I 1 birke-gym.dk the domain controller should respond Can you ping any hosts on the undervisning.local domain? ie: ping -I 1 hostname1.undervisning.local ping -I 1 hostname2.undervisning.local - Avron From: Henrik Dige Semark [mailto:hendig...@hotmail.com] Sent: Thursday, January 08, 2009 10:24 AM To: Avron Gray; Samba list Subject: RE: [Samba] Samba + Windows 2003 AD Im trying to join a already existing Windows Domain :) Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 10:22:05 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com; samba@lists.samba.org Are you trying to join an existing Windows domain? Or create a new domain? - Avron -Original Message- From: samba-bounces+agray=aeso...@lists.samba.org [mailto:samba-bounces+agray=aeso...@lists.samba.org] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc: db files netgroup: files winbind nis automount: files winbind is I'm missing something ? Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: ag...@aeso.ca To: hendig...@hotmail.com Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include samba@lists.samba.org in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark
Re: [Samba] Samba Windows 2003 AD
Firstly, winbind is going to be your best friend with AD, so yes set it up. idmap_rid is particularly easy for companies with many sites that need consistent UID GID mapping. (think centralized backups using rsync and you'll get the idea) Secondly the Domain Users Group doesn't fully exist in any practical way under Samba.. Do: getent group | grep domain\ users I think you'll see why.. This is a weird one that the Samba guys haven't coded for yet (from what I remember). The domain users group is special as in Microsoft special. I create shares that have access to a specific group of users, because the DU group is unusable ( I don't think that's FUD ). If I want access to be given to a large group of users then I create a group specifically for that site / area and add all users that are at that site / area into that group. Bye, Veronica. On 19 May 2006, at 00:54, [EMAIL PROTECTED] wrote: Hello, I have joined my samba 3.0.7 server successfully to Windows 2003 ADS, and Kerberos authentication seems to work fine, provided that the user also exists on the Linux machine. However, I can't seem to create a share that grants access to the Domain Users Group. Will I need to set up Winbind for that or is there a way to do this in my current setup? If I need to set up winbind, will I need to remove the ADS bits in my smb.conf file? Any tips are very much appreciated. Stijn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba