unsubscribe
Lukas Kasprowicz
maniacxs at web.de
Thu Nov 15 02:48:02 GMT 2001
samba-ntdom at lists.samba.org schrieb am 14.11.01:
Send samba-ntdom mailing list submissions to
samba-ntdom at lists.samba.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.samba.org/listinfo/samba-ntdom
or, via email, send a message with subject or body 'help' to
samba-ntdom-request at lists.samba.org
You can reach the person managing the list at
samba-ntdom-admin at lists.samba.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of samba-ntdom digest..."
Today's Topics:
1. RE: NETLOGON problem in WinNT domain (Doug Douglass)
2. joining an NT Domain - failure (Mike R. Cannon)
3. Samba, joining NT Domain, & NT Auth recipe (Scott Mann)
4. Samba, joining NT Domain, & NT Auth recipe (Scott Mann)
5. Re: Samba Bug??? (Lyubomir Velkov)
6. RE: joining an NT Domain - failure (Hobday, Steve (Factiva))
7. Re: configure problem in latest cvs ? (Ariel Mella)
8. 1.st login ask for password.. (christian at wallin.dk)
9. RE: joining an NT Domain - failure (Cannon, Mike R.)
10. RE: Samba Bug??? (Doug Douglass)
--__--__--
Message: 1
From: "Doug Douglass" <samba at denverdata.com>
To: "Moeller Daniel (QI/CCE2-SI) *" <Daniel.Moeller at de.bosch.com>,
"'antonio.morrocches'" <antonio.morrocches at tiscalinet.it>,
<samba-ntdom at lists.samba.org>
Subject: RE: NETLOGON problem in WinNT domain
Date: Tue, 13 Nov 2001 15:29:46 -0700
Antonnio,
You must add the samba machine (LINUXSRV) to the domain using Server Manager
before you try and join the domain with smbpasswd -j
HTH,
Doug
> -----Original Message-----
> From: samba-ntdom-admin at lists.samba.org
> [mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Moeller Daniel
> (QI/CCE2-SI) *
> Sent: Tuesday, November 13, 2001 8:34 AM
> To: 'antonio.morrocches'; samba-ntdom at lists.samba.org
> Subject: AW: NETLOGON problem in WinNT domain
>
>
> Hello,
>
> may be a typing error, see below:
> -----Ursprüngliche Nachricht-----
> Von: antonio.morrocches [mailto:antonio.morrocches at tiscalinet.it]
> Gesendet: Dienstag, 13. November 2001 15:03
> An: samba-ntdom at lists.samba.org
> Betreff: NETLOGON problem in WinNT domain
>
>
> Hi Samba list,
> I have a problem with Windows NT password authentication.
> I describe you my system. I have 3 PC on LAN network:
> - first with Windows NT, service pack 6a and PDC of NT domain FELIX (BIOS
> Name: Superserver) and with NT Domain Server I have configured a member
> domain server LINUXSRV (Netbios name of Linux Server)
> [Moeller Daniel (QI/CCE21) *]
> ^^^^^^^^^^^^
> - second with Red Hat Linux 7.1 and installed Samba 2.2.2
> (Name: Linuxsrv)
> - third with Win 98 (BIOS Name: Aquaba)
>
> I tell you my problem configuration.
> I have created the file smbpasswd with
> cat /etc/passwd | mksmbpasswd.sh > \
> /usr/local/samba/private/smbpasswd
> and I set smbpasswd file with 600 permissions.
> Now, I stop two deamons smbd and nmbdon NT server and write on the
> consolle:
>
> smbpasswd -j FELIX -r superserver
>
> after, I have read this answer:
>
> cli_net_auth2: ERR_NT_STATUS_NO_TRUST_SAM_ACCOUNT
> clie_nt_setup_creds: auth2 challange failed
> modify_trust_password: Unable to setup PDC credentials to machine
> SUPERSERVER.Error was: NT_STATUS_NO_TRUST_SAM_ACCOUNT
> 200/11/09 15:24:46 change_trust_account_password: Failed to
> change password
> for domain FELIX
> Unable to join domain FELIX.
>
> On the NT Event Viewer I have read:
>
> Event ID:5723
> Source:NETLOGON
> Description:
> The session setup from the computer LINUXSRV failed because there is no
> trust account in the security database for this computer.The name of the
> account referenced in the security database is LINUXSER$.
>
> ^^^^^^^^^^
> Finally, I want that LINUXSRV begins a server member of NT FELIX Domain
> !!!!!
>
> Can you help me?
> Thanks
>
> Antonio Morrocchesi
> (Florence) Italy
>
--__--__--
Message: 2
Date: Tue, 13 Nov 2001 17:43:43 -0500
From: "Mike R. Cannon" <cannon at purdue.edu>
Reply-To: cannon at purdue.edu
Organization: Purdue University
To: samba-ntdom at lists.samba.org
Subject: joining an NT Domain - failure
I have read the SAMBA Project Documentation chapter 7, but I am having
troubles joining an NT domain.
I have used server manager on the PDC (testnt-06) to create the machine
account for Linux samba server (testnt-20). I made sure that all smb
and nmb process are not running. I get the following (ip address have
been blocked):
[root at testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4
added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255
nmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_hosts: Attempting host lookup for name TESTNT-06<0x20>
Connecting to xxx.xxx.xxx.196 at port 139
LSA Open Policy
LSA Query Info Policy
LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain
sid:S-1-5-21-2055480918-203715125-740312968
LSA Close
cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20:
4288719A774A6D81
cred_session_key
cred_create
cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal
9A97D44CBC600582 neg: 1ff
cred_create
cred_assert
cred_create
cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20
clnt 19DE054B4E419FB0 3bf1a09f
cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
modify_trust_password: unable to change password for machine TESTNT-20
in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was
NT_STATUS_WRONG_PASSWORD.
2001/11/13 17:37:19 : change_trust_account_password: Failed to change
password for domain TEST_DOMAIN.
Unable to join domain TEST_DOMAIN.
Any help would be great. Thank you for your time.
--
Mike Cannon
Infrastructure Systems Administrator
Management Information
Purdue University
1061 Freehafer Hall (FREH)
West Lafayette, IN 47907-1061
office phone: 765.494.6357
office fax: 765.496.1380
email: cannon at purdue.edu
--__--__--
Message: 3
Date: Tue, 13 Nov 2001 17:23:18 -0700
From: Scott Mann <Scott.Mann at lefthandnetworks.com>
Organization: Left Hand Networks, Inc.
To: samba-ntdom at lists.samba.org, cannon at purdue.edu,
S.Scheufen at ebv.com, gaubrig at yahoo.com, turner at uvs.is
Subject: Samba, joining NT Domain, & NT Auth recipe
This is a multi-part message in MIME format.
--------------D924448E1959F66566520667
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
--------------D924448E1959F66566520667
Content-Type: text/plain; charset=us-ascii;
name="mini-HOWTO"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="mini-HOWTO"
Since I have had a good deal of trouble getting NT Domain
Authentication to work reliably, I figured lots of other
folks might benefit from my struggles. So, I've documented
a method that works consistently. Please feel free to
let me know if you have problems with what I've written here.
Many thanks to Stephan Scheufen who's assistance was
invaluable and who also has posted many useful tidbits here.
Setting the Stage
-----------------
Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've
tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as
kernels up through 2.4.10).
The Linux Samba server is NOT a PDC, but only an NT
Domain client that serves up file and print resources
and wants to authenticate NT Domain/Active Directory
users and groups.
My PDC is W2K. I haven't tested an NT PDC.
Steps to Get Linux Authenticating Domain Users
----------------------------------------------
1. Kill all running samba daemons on the Linux Samba system.
This includes all instances
of smbd, nmbd, and (if you're already running it) winbind. If
you've got run control scripts (RedHat, Mandrake, and the like),
then you can execute:
# /etc/init.d/smb stop
Also, and this is VERY important, remove the two files:
# rm -f secrets.tdb
# rm -f MACHINE.SID
These files will be located in /etc or in the Samba config directory.
If you don't know where that is, use find or slocate. Also, these
two files MUST be removed before you rejoin a domain or a join a new
domain.
2. On the W2K primary domain controller, add the Linux computer
as a pre-Windows 2000 computer. You can accomplish this in the
following way:
Start->Settings
A Window will pop-up from which you select "Administrative Tools."
Another window pops-up from which you select "Active Directory
Users and Computers."
Yet another window pops-up. Select computers and then click on
Action->New->Computer
The "New Object - Computer" window pops-up. Type in the hostname
of the Linux Samba system. Click on the "Change" button and select
the "Pre-Windows 2000 Compatible Access" group. Check the box next
to "Allow pre-Windows 2000 computers to access this account." Click
OK.
3. On the Linux Samba system, build Samba:
# cd /somedir
# tar zxvf samba-2.2.2.tar.gz
# cd samba-2.2.2/source
# ./configure --with-pam --with-winbind --with-acl-support
# make && make install
# cd nsswitch
# cp pam_winbind.so /lib/security
# cp libnss_winbind.so /lib
# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1
# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support.
You may want other -- options to configure, see ./configure --help.
In particular, you will want to set the --prefix and other dir
locations appropriately.
IMPORTANT: Be sure to read through all of the documents in
samba-2.2.2/docs. Especially read through
samba-2.2.2/docs/htmldocs/winbind.html. There's some useful
stuff in that latter document although I have never been able
to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw"
working. If I could, I would completetly avoid step #2 above.
3. Set up /etc/nsswitch.conf with the winbind stuff. Use something
like:
passwd: files winbind nis
shadow: files winbind nis
group: files winbind nis
4. Set up PAM. There are lots of good examples in the other docs
about this (see the NB in step #3). I take advantage of the
pam_stack.so module and simply modify /etc/pam.d/system-auth as
shown below. I also am permitting NT Auth users full access to
the system, so it makes sense to configure my PAM this way.
You need to determine what your needs are, for example if you
want to allow NT Domain users access only to file shares, then
you would likely only modify /etc/pam.d/samba. Here's my
/etc/pam.d/system-auth file:
auth sufficient /lib/security/pam_winbind.so debug
auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow
auth required /lib/security/pam_deny.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Note that I've got "debug" after pam_winbind.so for the auth stack.
This gives me some extra output in /var/log/auth.log. You may want
to remove that argument and reduce the log entries. Note also that
pam_windbind.so completely replaces pam_unix.so for the account
stack and still functions properly for NIS and local unix users.
5. This step may not be necessary depending upon your environment,
but it won't hurt and it makes name resolution simple.
In /etc/lmhosts (or wherever you configured Samba to put it
based on ./configure above), put
<IP address> <NT/W2K domainname>
for example:
172.16.0.1 NTDOMAIN.COM
Note that you use the domainname, not a hostname! The IP address
should match that of the PDC.
In /etc/hosts, put
<IP address> <Primary Domain Controller hostname>
for example:
172.16.0.1 my-pdc my-pdc.dns.domain.com
Arguably, this entry could also be put in lmhosts, but I
like having it available in /etc/hosts for resolution by
other processes. It is also resolvable, in my environment,
via DNS, but this is faster ;-)
6. Now configure smb.conf. You will likely have a bunch of
other stuff in it, but this represents a minimal set for
NT Auth support.
[global]
netbios name = <Linux Samba hostname here>
workgroup = <NT/W2K DOMAIN name goes here>
security = domain
password server = <hostname of the PDC goes here>
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
unix password sync = Yes
username map = /etc/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
Be sure to replace the things inside <> appropriately. Also, be sure
to read the docs about these and other entries before you go into
production.
7. You should now be able to join the domain.
# smbpasswd -j <DOMAIN>
where <DOMAIN> is the name of your NT/W2K domain.
8. Start all of the samba daemons. This includes smbd, nmbd, and
winbindd. Make sure that your startup script includes the winbindd
invocation, if you are using one:
# /etc/init.d/smb start
9. Now check the exchanged secret:
# wbinfo -t
Secret is good
#
If you get "Secret is good", you are ready to go!
If you get "Error checking machine account", then winbindd is
not running.
If you get "Secret is bad", then you have a configuration error
and you need to kill the Samba daemons, remove secrets.tdb and
MACHINE.SID. Go to the W2K PDC, remove the entry from the Active
Directory, reboot the PDC (or wait for the entry to flush out
of the cache) and readd the machine entry to the
Active Directory (see step #2). Then rejoin the domain (step #7),
restart the daemons (step #8), and recheck the secret (step #9).
10. Try authenticating some NT users.
# telnet linuxsamba
login: <DOMAIN+ntuser>
Password: <ntuser's pw>
This should let you log in with a home directory of /home/DOMAIN/ntuser.
11. If you are having problems, try running winbindd -d 5. This sets
the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd.
If 5 is too much, try 3.
I hope this is useful to someone...again, any and all feedback is
welcome.
Regards,
Scott
--------------D924448E1959F66566520667--
--__--__--
Message: 4
Date: Tue, 13 Nov 2001 17:32:49 -0700
From: Scott Mann <Scott.Mann at lefthandnetworks.com>
Organization: Left Hand Networks, Inc.
To: samba-ntdom at lists.samba.org, cannon at purdue.edu,
S.Scheufen at ebv.com, gaubrig at yahoo.com, turner at uvs.is
Subject: Samba, joining NT Domain, & NT Auth recipe
This is a multi-part message in MIME format.
--------------97EC3222AFAF1E15F7952E12
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sorry for the resend, but the first version I sent had typos
and a numbering problem.
--------------97EC3222AFAF1E15F7952E12
Content-Type: text/plain; charset=us-ascii;
name="mini-HOWTO"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="mini-HOWTO"
Since I have had a good deal of trouble getting NT Domain
Authentication to work reliably, I figured lots of other
folks might benefit from my struggles. So, I've documented
a method that works consistently. Please feel free to
let me know if you have problems with what I've written here.
Many thanks to Stephan Scheufen who's assistance was
invaluable and who also has posted many useful tidbits here.
Setting the Stage
-----------------
Samba 2.2.2 on Linux with a 2.4.2 or later kernel (I've
tested RedHat 7.1/7.2 and Mandrake 7.2/8.1 as well as
kernels up through 2.4.10).
The Linux Samba server is NOT a PDC, but only an NT
Domain client that serves up file and print resources
and wants to authenticate NT Domain/Active Directory
users and groups.
My PDC is W2K. I haven't tested an NT PDC.
Steps to Get Linux Authenticating Domain Users
----------------------------------------------
1. Kill all running samba daemons on the Linux Samba system.
This includes all instances
of smbd, nmbd, and (if you're already running it) winbind. If
you've got run control scripts (RedHat, Mandrake, and the like),
then you can execute:
# /etc/init.d/smb stop
Also, and this is VERY important, remove the two files:
# rm -f secrets.tdb
# rm -f MACHINE.SID
These files will be located in /etc or in the Samba config directory.
If you don't know where that is, use find or slocate. Also, these
two files MUST be removed before you rejoin a domain or a join a new
domain. Note that MACHINE.SID may not exist (don't think it will
if you've never attempted to join a domain), but if you've run
smbd before, secrets.tdb will. In any event, if they exist, you
must remove them both.
2. On the W2K primary domain controller, add the Linux computer
as a pre-Windows 2000 computer. You can accomplish this in the
following way:
Start->Settings
A Window will pop-up from which you select "Administrative Tools."
Another window pops-up from which you select "Active Directory
Users and Computers."
Yet another window pops-up. Select computers and then click on
Action->New->Computer
The "New Object - Computer" window pops-up. Type in the hostname
of the Linux Samba system. Click on the "Change" button and select
the "Pre-Windows 2000 Compatible Access" group. Check the box next
to "Allow pre-Windows 2000 computers to access this account." Click
OK.
3. On the Linux Samba system, build Samba:
# cd /somedir
# tar zxvf samba-2.2.2.tar.gz
# cd samba-2.2.2/source
# ./configure --with-pam --with-winbind --with-acl-support
# make && make install
# cd nsswitch
# cp pam_winbind.so /lib/security
# cp libnss_winbind.so /lib
# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.1
# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
NB: The options to ./configure are for PAM, winbind (nt auth), and ACL support.
You may want other -- options to configure, see ./configure --help.
In particular, you will want to set the --prefix and other dir
locations appropriately.
IMPORTANT: Be sure to read through all of the documents in
samba-2.2.2/docs. Especially read through
samba-2.2.2/docs/htmldocs/winbind.html. There's some useful
stuff in that latter document although I have never been able
to successfully get "smbpasswd -j DOMAIN -r PDC -U Admin%pw"
working. If I could, I would completetly avoid step #2 above.
4. Set up /etc/nsswitch.conf with the winbind stuff. Use something
like:
passwd: files winbind nis
shadow: files winbind nis
group: files winbind nis
5. Set up PAM. There are lots of good examples in the other docs
about this (see the NB in step #3). I take advantage of the
pam_stack.so module and simply modify /etc/pam.d/system-auth as
shown below. I also am permitting NT Auth users full access to
the system, so it makes sense to configure my PAM this way.
You need to determine what your needs are, for example if you
want to allow NT Domain users access only to file shares, then
you would likely only modify /etc/pam.d/samba. Here's my
/etc/pam.d/system-auth file:
auth sufficient /lib/security/pam_winbind.so debug
auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok md5 shadow
auth required /lib/security/pam_deny.so
account required /lib/security/pam_winbind.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Note that I've got "debug" after pam_winbind.so for the auth stack.
This gives me some extra output in /var/log/auth.log. You may want
to remove that argument and reduce the log entries. Note also that
pam_windbind.so completely replaces pam_unix.so for the account
stack and still functions properly for NIS and local unix users.
6. This step may not be necessary depending upon your environment,
but it won't hurt and it makes name resolution simple.
In /etc/lmhosts (or wherever you configured Samba to put it
based on ./configure above), put
<IP address> <NT/W2K domainname>
for example:
172.16.0.1 NTDOMAIN.COM
Note that you use the domainname, not a hostname! The IP address
should match that of the PDC.
In /etc/hosts, put
<IP address> <Primary Domain Controller hostname>
for example:
172.16.0.1 my-pdc my-pdc.dns.domain.com
Arguably, this entry could also be put in lmhosts, but I
like having it available in /etc/hosts for resolution by
other processes. It is also resolvable, in my environment,
via DNS, but this is faster ;-)
7. Now configure smb.conf. You will likely have a bunch of
other stuff in it, but this represents a minimal set for
NT Auth support.
[global]
netbios name = <Linux Samba hostname here>
workgroup = <NT/W2K DOMAIN name goes here>
security = domain
password server = <hostname of the PDC goes here>
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
unix password sync = Yes
username map = /etc/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*\n
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
Be sure to replace the things inside <> appropriately. Also, be sure
to read the docs about these and other entries before you go into
production.
8. You should now be able to join the domain.
# smbpasswd -j <DOMAIN>
where <DOMAIN> is the name of your NT/W2K domain.
On success, you will see the message "Joined domain <DOMAIN>."
On failure, you will see the message "Unable to join domain <DOMAIN>."
On failure, you will likely need to repeat all of the above
steps except for #3.
9. Start all of the samba daemons. This includes smbd, nmbd, and
winbindd. Make sure that your startup script includes the winbindd
invocation, if you are using one:
# /etc/init.d/smb start
10. Now check the exchanged secret:
# wbinfo -t
Secret is good
#
If you get "Secret is good", you are ready to go!
If you get "Error checking machine account", then winbindd is
not running.
If you get "Secret is bad", then you have a configuration error
and you need to kill the Samba daemons, remove secrets.tdb and
MACHINE.SID. Go to the W2K PDC, remove the entry from the Active
Directory, reboot the PDC (or wait for the entry to flush out
of the cache) and readd the machine entry to the
Active Directory (see step #2). Then rejoin the domain (step #8),
restart the daemons (step #9), and recheck the secret (step #10).
11. Try authenticating some NT users.
# telnet linuxsamba
login: <DOMAIN+ntuser>
Password: <ntuser's pw>
This should let you log in with a home directory of /home/DOMAIN/ntuser.
12. If you are having problems, try running winbindd -d 5. This sets
the debugging level to 5 and writes stuff out to /var/log/samba/log.winbindd.
If 5 is too much, try 3.
I hope this is useful to someone...again, any and all feedback is
welcome.
Regards,
Scott
--------------97EC3222AFAF1E15F7952E12--
--__--__--
Message: 5
Date: Wed, 14 Nov 2001 10:35:29 +0100
From: Lyubomir Velkov <lubo at ru.acad.bg>
Organization: University Of Ruse
To: samba-ntdom at samba.org
Subject: Re: Samba Bug???
Ahaa, that explain why every day when I got to work my NT WS-s can't
find their domain server!
BIG THANKS DOUG!
But one question - what I am supposed to do now - disable samba log
rotation or not allow logrotate to kill smbd & nmbd ?
Doug Douglass wrote:
>
> Are you both on RedHat systems, using logrotate? Check the logrotate script
> in /etc/logrotate.d, I bet it sends a HUP to nmbd.
>
> Doug
>
> > -----Original Message-----
> > From: samba-ntdom-admin at lists.samba.org
> > [mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Greg Zartman
> > Sent: Tuesday, November 13, 2001 9:38 AM
> > To: Samba News
> > Subject: Samba Bug???
> >
> >
> > I, as well and anther Samba user, are getting the following in
> > our nmbd logs
> > at 4:02am. Does anyone know what this means? We are both using
> > Samba 2.2.2
> > and have simular configurations.
> >
> > We are both running Samba 2.2.2 as a PDC.
> >
> > Snip from nmbd log:
> >
> > Got SIGHUP dumping debug info.
> > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet 192.168.0.1: netmask= 255.255.255.0:
> > LEIINC.COM(1) current master browser = SERVER
> > SERVER 400c9b0b (Mitel Networks SME Server)
> > BACKBONE 40011203 ()
> > RECEPTION 40011003 ()
> > ATHLON1 40011003 ()
> > GREG 40011203 (Windows 2000 Workstation)
> > MIKE 40011003 ()
> > DALLAS 40011203 ()
> > [2001/11/11 04:02:02, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(292)
> > dump_workgroups()
> > dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.1:
> > LEIINC.COM(1) current master browser = UNKNOWN
> > SERVER 40099b0b (Mitel Networks SME Server)
> >
> >
> >
> >
> > Thank you.
> >
> > Regards,
> >
> > Greg J. Zartman, P.E.
> > Vice-President
> > Logging Engineering International, Inc.
> > (541)683-8383 fax (541)683-8144
> > www.leiinc.com
> >
> >
-----------------------
Lyubomir Velkov
University Of Rousse
--__--__--
Message: 6
From: "Hobday, Steve (Factiva)" <Stephen.Hobday at factiva.com>
To: "'cannon at purdue.edu'" <cannon at purdue.edu>,
samba-ntdom at lists.samba.org
Subject: RE: joining an NT Domain - failure
Date: Wed, 14 Nov 2001 04:41:42 -0500
You need to specifiy the name of an NT account authorised to modify the
machine account using the -U switch. e.g -UAdministrator%password
S
-----Original Message-----
From: Mike R. Cannon [mailto:cannon at purdue.edu]
Sent: 13 November 2001 22:44
To: samba-ntdom at lists.samba.org
Subject: joining an NT Domain - failure
I have read the SAMBA Project Documentation chapter 7, but I am having
troubles joining an NT domain.
I have used server manager on the PDC (testnt-06) to create the machine
account for Linux samba server (testnt-20). I made sure that all smb
and nmb process are not running. I get the following (ip address have
been blocked):
[root at testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4
added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255
nmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_hosts: Attempting host lookup for name TESTNT-06<0x20>
Connecting to xxx.xxx.xxx.196 at port 139
LSA Open Policy
LSA Query Info Policy
LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain
sid:S-1-5-21-2055480918-203715125-740312968
LSA Close
cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20:
4288719A774A6D81
cred_session_key
cred_create
cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal
9A97D44CBC600582 neg: 1ff
cred_create
cred_assert
cred_create
cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20
clnt 19DE054B4E419FB0 3bf1a09f
cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
modify_trust_password: unable to change password for machine TESTNT-20
in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was
NT_STATUS_WRONG_PASSWORD.
2001/11/13 17:37:19 : change_trust_account_password: Failed to change
password for domain TEST_DOMAIN.
Unable to join domain TEST_DOMAIN.
Any help would be great. Thank you for your time.
--
Mike Cannon
Infrastructure Systems Administrator
Management Information
Purdue University
1061 Freehafer Hall (FREH)
West Lafayette, IN 47907-1061
office phone: 765.494.6357
office fax: 765.496.1380
email: cannon at purdue.edu
--__--__--
Message: 7
From: "Ariel Mella" <samba at nebula-sa.com.ar>
To: <samba-ntdom at lists.samba.org>
Subject: Re: configure problem in latest cvs ?
Date: Wed, 14 Nov 2001 09:52:35 -0300
it is posible now to retrieve the groups of the users correctly?
i mean in a win9x client, sharing, Add, and when comes the users list to
appear too the group list..
thx
--__--__--
Message: 8
Subject: 1.st login ask for password..
To: samba-ntdom at lists.samba.org
From: christian at wallin.dk
Date: Wed, 14 Nov 2001 16:19:27 +0100
Hi Guys
In Windows NT server there is an option for the PDC to ask the client f=
or a
new password/expired password when the user logs on for the first time.=
..
Is this posible in Samba??
If it is how do i configure / add the users in that way??
Christian Pedersen -=3D- Wallin Computer
Ahlgade 3 -=3D- 4300 Holb=E6k -=3D- 59 44 14 90=
--__--__--
Message: 9
From: "Cannon, Mike R." <cannon at purdue.edu>
To: "'Hobday, Steve (Factiva)'" <Stephen.Hobday at factiva.com>,
samba-ntdom at lists.samba.org
Subject: RE: joining an NT Domain - failure
Date: Wed, 14 Nov 2001 11:22:48 -0500
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C16D28.99B9BAD0
Content-Type: text/plain;
charset="iso-8859-1"
I tried this and it gives me the same error. Even went so far as to create
a root account in the domain as a domain admin. Have the root account in
Linux and Samba sync to the same password as the domain. Same error.
--
Mike Cannon
Infrastructure Systems Administrator
Management Information
Purdue University
1061 Freehafer Hall (FREH)
West Lafayette, IN 47907-1061
office phone: 765.494.6357
office fax: 765.496.1380
email: cannon at purdue.edu
-----Original Message-----
From: Hobday, Steve (Factiva) [mailto:Stephen.Hobday at factiva.com]
Sent: Wednesday, November 14, 2001 4:42 AM
To: 'cannon at purdue.edu'; samba-ntdom at lists.samba.org
Subject: RE: joining an NT Domain - failure
You need to specifiy the name of an NT account authorised to modify the
machine account using the -U switch. e.g -UAdministrator%password
S
-----Original Message-----
From: Mike R. Cannon [mailto:cannon at purdue.edu]
Sent: 13 November 2001 22:44
To: samba-ntdom at lists.samba.org
Subject: joining an NT Domain - failure
I have read the SAMBA Project Documentation chapter 7, but I am having
troubles joining an NT domain.
I have used server manager on the PDC (testnt-06) to create the machine
account for Linux samba server (testnt-20). I made sure that all smb
and nmb process are not running. I get the following (ip address have
been blocked):
[root at testnt-20 mintadmn]# smbpasswd -j test_domain -r testnt-06 -D 4
added interface ip=xxx.xxx.xxx.210 bcast=xxx.xxx.xxx.255
nmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name TESTNT-06<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_hosts: Attempting host lookup for name TESTNT-06<0x20>
Connecting to xxx.xxx.xxx.196 at port 139
LSA Open Policy
LSA Query Info Policy
LSA_QUERYINFOPOLICY (level 5): domain:TEST_DOMAIN domain
sid:S-1-5-21-2055480918-203715125-740312968
LSA Close
cli_net_req_chal: LSA Request Challenge from TESTNT-06 to TESTNT-20:
4288719A774A6D81
cred_session_key
cred_create
cli_net_auth2: srv:\\TESTNT-06 acct:TESTNT-20$ sc:2 mc: TESTNT-20 chal
9A97D44CBC600582 neg: 1ff
cred_create
cred_assert
cred_create
cli_net_srv_pwset: srv:\\TESTNT-06 acct:TESTNT-20$ sc: 2 mc: TESTNT-20
clnt 19DE054B4E419FB0 3bf1a09f
cli_net_srv_pwset: NT_STATUS_WRONG_PASSWORD
modify_trust_password: unable to change password for machine TESTNT-20
in domain TEST_DOMAIN to Domain controller TESTNT-06. Error was
NT_STATUS_WRONG_PASSWORD.
2001/11/13 17:37:19 : change_trust_account_password: Failed to change
password for domain TEST_DOMAIN.
Unable to join domain TEST_DOMAIN.
Any help would be great. Thank you for your time.
--
Mike Cannon
Infrastructure Systems Admini
________________________________________________________________
Keine verlorenen Lotto-Quittungen, keine vergessenen Gewinne mehr!
Beim WEB.DE Lottoservice: http://tippen2.web.de/?x=13
More information about the samba-ntdom
mailing list