Re: [Samba] winbind problems with linux domain member
Hi Yohann, On Fri, 14 May 2004, Yohann Ferreira wrote: I've successfully applied the winbind patch on a samba 3.0.4 : [...] wbinfo -ugmt are working well, but ... getent passwd and getent group don't show me any 200x groups Don't forget to modify your /etc/nsswitch.conf configuration! :) [EMAIL PROTECTED] root]# grep winbind /etc/nsswitch.conf passwd: files winbind group: files winbind [EMAIL PROTECTED] root]# Let me know how this works for you and/or if this helps. -- _ __ __ ___ _| | William R. Lorenz [EMAIL PROTECTED] \ V V / '_| | http://www.clevelandlug.net/ ; Every revolution was \./\./|_| |_| first a thought in one man's mind. - Ralph Waldo Emerson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
Hi, not to get you hopes down, but I think this is the same problem that is adressed in: http://lists.samba.org/archive/samba/2004-May/085521.html http://lists.samba.org/archive/samba/2004-May/085808.html Look at: http://www.linuxquestions.org/questions/showthread.php?s=threadid=161506http://www.linuxquestions.org/questions/showthread.php?s=threadid=161506 that may help. Appart from that, and countless postings about this problem, there is little. That said. I am not sure its is the same problem. I am just one that has got a similar problem (except want a access from a XP client to a samba server in a Win2003 DMC). I think its a kerberos problem so far. YS. Anders Berg At 09:43 13.05.2004 -0700, you wrote: Hey everyone, I'm having some strange responses, and a bit of trouble with getting access to a member server on my domain. I've got Samba running on another Linux box as a PDC, and my Win2k clients can login just fine, and share between one another. The problem comes in with another Linux workstation that's setup as a member server. Here's the relevant smb.conf section from the member server: [global] workgroup = 102010 server string = Samba Server %v log file = /var/log/samba3/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no netbios name = miru security = domain printcap name = cups disable spoolss = yes show add printer wizard = no printing = cups idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind enable local accounts = no use sendfile = yes testparm comes out okay, with the caveat that using '+' as a separator might cause problems with group membership. I also get success response from wbinfo -t What's strange is this: miru root # wbinfo -u root sak michael Shouldn't it show the domain+user output? When I do: miru root # getent passwd ... guest:x:405:100:guest:/dev/null:/dev/null nobody:x:65534:65534:nobody:/:/bin/false sak:x:1000:100::/home/sak:/bin/bash ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false root:x:15007:15001:root:/home/102010/root:/bin/false sak:x:15006:15001::/home/102010/sak:/bin/false michael:x:15008:15001::/home/102010/michael:/bin/false If I understand correctly, this is okay; listing the local users and then the domain users. When I do: miru root # getent passwd sak sak:x:1000:100::/home/sak:/bin/bash which is probably correct, but when I do: miru root # getent passwd 102010+sak I get no response whatsoever. All of this results in the shares on the member server showing up on the domain, but unable to access them. From a Win2k client, logged into the domain, I can't get it to accept any type of login to access a share on the member server. When I try to access a share it asks for a username and password. If I try sak, it doesn't work, if I try 102010+sak it gives me an hourglass for about thirty seconds, and then gives me \\Miru\sak is not accessible. The specified username is invalid. Anyway, I'm stuck. I don't know what else to try. Anyone have any thoughts or suggestions? -- Thanks, Sak. - i've got this epic problem this epic problem's not a problem for me and inside i know i'm broken but i'm working as far as you can see and outside it's all production it's all illusion set scenery i've got this epic problem this epic problem's not a problem for me -fugazi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba * Denne fotnoten bekrefter at denne e-postmeldingen ble skannet av MailSweeper og funnet fri for virus. * This footnote confirms that this email message has been swept by MailSweeper for the presence of computer viruses. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sak wrote: | Another bit of output that raises an eyebrow is... | | miru root # wbinfo --authenticate=sak%password | plaintext password authentication failed | error code was NT_STATUS_NO_SUCH_USER (0xc064) | error messsage was: No such user | Could not authenticate user sak%password with plaintext password | challenge/response password authentication succeeded | | Anyway, hope this extra bit of output might offer some clues as to | what might be going wrong. Send me the level 10 debug log from winbindd for thie failure And Try the patch in https://bugzilla.samba.org/show_bug.cgi?id=1315 cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApMONIR7qMdg1EfYRAoc2AJ4wPnym7bP2ANMkXKtwkrxMFZdz2gCgpmqb gflnWjEiM2+TNYl5pp98hkA= =FfFf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
Hi Jerry ! Hi everyone ! I'm currently working on a Mandrake 9.2 with a domain member server 3.0.4 and winbind If I can be of any help, I'll be very to pleased to ! I also am trying to apply the patch you've uploaded earlier. Do you use diff, or something else to apply it ? Sorry for what that may be stupid questions to you ! Thanks for reading. Bertram From: Gerald (Jerry) Carter [EMAIL PROTECTED] To: Sak [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Samba] winbind problems with linux domain member Date: Fri, 14 May 2004 08:03:09 -0500 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sak wrote: | Another bit of output that raises an eyebrow is... | | miru root # wbinfo --authenticate=sak%password | plaintext password authentication failed | error code was NT_STATUS_NO_SUCH_USER (0xc064) | error messsage was: No such user | Could not authenticate user sak%password with plaintext password | challenge/response password authentication succeeded | | Anyway, hope this extra bit of output might offer some clues as to | what might be going wrong. Send me the level 10 debug log from winbindd for thie failure And Try the patch in https://bugzilla.samba.org/show_bug.cgi?id=1315 cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApMONIR7qMdg1EfYRAoc2AJ4wPnym7bP2ANMkXKtwkrxMFZdz2gCgpmqb gflnWjEiM2+TNYl5pp98hkA= =FfFf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ MSN Actions Solidaires : http://www.msn.fr/actionssolidaires/ la solidarité à portée de click -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yohann Ferreira wrote: | Hi Jerry ! Hi everyone ! | | I'm currently working on a Mandrake 9.2 with a domain | member server 3.0.4 and winbind I think Buchan is working on new 3.0.4 Mandrake packages that include this patch. Might just be for 10.0 though. | If I can be of any help, I'll be very to pleased to ! | | I also am trying to apply the patch you've uploaded earlier. | | Do you use diff, or something else to apply it ? $ tar zxvf samba-3.0.4.tar.gz $ cd samba-3.0.4/source $ patch -p0 winbind.patch recompile | Sorry for what that may be stupid questions to you ! not stupid at all . BUG 1315 was our fault, not yours. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApMopIR7qMdg1EfYRAp1jAKCsNOHEVTkyPHTKE5PC/tw2qLNfpQCfWsur pklIOV8AxRAgq8H97ZrAk/8= =SRus -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
Hi again Jerry ! Hi everyone ! I've successfully applied the winbind patch on a samba 3.0.4 : Made 'make clean', ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --with-privatedir=/etc/samba --localstatedir=/var --with-netatalk= --with-smbmount --with-pam --with-syslog --with-utmp --with-readline --with-smb_pass --with-libsmbclient --with-winbind --with-msdfs --with-acl-support --with-quotas --enable-cups --with-ads --with-ldap --with-krb5 --with-ldapsam, make, make install, kinit admin net ads join -U admin Joined Domain bla bla successfull, then, /usr/sbin/smbd -D, /usr/sbin/nmbd -D, /usr/sbin/winbindd -s /etc/samba/smb.conf ( smbd -V = Version 3.0.4...) wbinfo -ugmt are working well, but ... getent passwd and getent group don't show me any 200x groups In 3.0.2a, actually, it did, of course ! Did I make any mistakes ? Do you want any futher info ? (BTW : Remove the three previous lines in /etc/krb5.conf) (#default_tgs_enctypes = des-cbc-crc des-cbc-md5) (#default_tkt_enctypes = des-cbc-crc des-cbc-md5) (#permitted_enctypes = des-cbc-crc des-cbc-md5) Thanks for reading ! Bertram _ Bloquez les fenêtres pop-up, c'est gratuit ! http://toolbar.msn.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yohann Ferreira wrote: | I've successfully applied the winbind patch on a samba 3.0.4 : ... | wbinfo -ugmt are working well, but ... | getent passwd and getent group don't show me any 200x groups Could you send me a level 10 debug log from winbindd from startup to the failure ? Thanks. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFApNh0IR7qMdg1EfYRAlQuAJ91I3fD/RBFiN392d6FsgGGJ3936gCgmUbw IijVHd+RVXk5ogAYfCLI0mM= =UWyB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sak wrote: | miru root # wbinfo -u | root | sak | michael | | Shouldn't it show the domain+user output? Not since you have 'winbind use default domain = yes' | When I do: | miru root # getent passwd | ... | guest:x:405:100:guest:/dev/null:/dev/null | nobody:x:65534:65534:nobody:/:/bin/false | sak:x:1000:100::/home/sak:/bin/bash | ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false | root:x:15007:15001:root:/home/102010/root:/bin/false | sak:x:15006:15001::/home/102010/sak:/bin/false | michael:x:15008:15001::/home/102010/michael:/bin/false | | If I understand correctly, this is okay; listing the local users and | then the domain users. | | When I do: | | miru root # getent passwd sak | sak:x:1000:100::/home/sak:/bin/bash | | which is probably correct, but when I do: | | miru root # getent passwd 102010+sak | | I get no response whatsoever. What version is this ? There were some bugs that addressed 'winbind use default domain' issues post 3.0.1 and post 3.0.2a IIRC. See the WHATSNEW for details. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAo6+bIR7qMdg1EfYRAm48AKCV34NHUy78UTDa2NeWr/WuhqD6XgCgonnb KudnVLvXrNAZSkxqzmpAnZA= =EwPj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
On Thu, May 13, 2004 at 12:25:47PM -0500, Gerald (Jerry) Carter wrote: What version is this ? There were some bugs that addressed 'winbind use default domain' issues post 3.0.1 and post 3.0.2a IIRC. See the WHATSNEW for details. I'm running 3.0.2a-r2. -- Thanks, Sak. - We're as calm as the weather. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sak wrote: | I'm running 3.0.2a-r2. I would recommend testing 3.0.4 in that case. But check the WHATSNEW in 3.0.4 for bugs fixed relating to 'winbind use default domain' cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAo7Y4IR7qMdg1EfYRAjl+AKDdnG7P47Lowjqo/UUd3txcwFUsPACfVgOr Jwm1ly9yoArNG+REHkJkqyo= =Rqer -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
On Thu, May 13, 2004 at 12:54:00PM -0500, Gerald (Jerry) Carter wrote: I would recommend testing 3.0.4 in that case. But check the WHATSNEW in 3.0.4 for bugs fixed relating to 'winbind use default domain' Thanks for all your help so far. I've upgraded both systems, the PDC and the domain member to 3.0.4. I also went ahead and removed 'winbind use default domain' from my smb.conf on the member server. All said and done, I'm still getting the same response. Any other thoughts or suggestions that I can try? -- Thanks, Sak. - may all your borders be porous free transmission smear genetics c'est la vie -fugazi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems with linux domain member
I've been noodling around with this some more in an attempt to get more information. Here's some output that seems confusing to me... miru root # wbinfo -m MIRU BUILTIN ..and in /var/log/samba3/log.winbind [2004/05/13 22:25:15, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain 102010 S-0-0 [2004/05/13 22:25:15, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/05/13 22:25:15, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain MIRU S-1-5-21-2538855255-56902595-314496023 I'm confused by this because it shows that the 102010 domain was added, but yet it doesn't show up with wbinfo -m Another bit of output that raises an eyebrow is... miru root # wbinfo --authenticate=sak%password plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user sak%password with plaintext password challenge/response password authentication succeeded Anyway, hope this extra bit of output might offer some clues as to what might be going wrong. -- Thanks, Sak. - And he still gives his love, he just gives it away The love he receives is the love that is saved And sometimes is seen a strange spot in the sky A human being that was given to fly -Pearl Jam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba