[Samba] Samba's ADS security mode on Sun Solaris
Melfi.Marcello at hydro.qc.ca
Melfi.Marcello at hydro.qc.ca
Tue Oct 12 19:54:31 GMT 2004
Hi John,
I managed to compile Samba 3.0.7, along with MIT Kerberos 1.3.5 and OpenLDAP
2.2.17.
I am using the ADS security mode in the smb.conf file. The AD server is
Windows Server 2000.
As described in the How-To Samba doc, I ran the "kinit USERNAME at REALM"
command first. Then, I added the Samba machine to the Windows Server with
the "net ads join -U Administrator%password" command.
When I run the klist command, I get the following output:
***********
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <USERNAME at REALM>
Valid starting Expires Service principal
10/08/04 15:57:48 10/09/04 01:59:26 krbtgt/<REALM>@<REALM>
renew until 10/09/04 15:57:48
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
***********
Is it OK or should I see more, i.e. not just the TGT ticket?
After starting Samba (i.e. the smbd and nmbd processes), I tried to map a
Samba share from a Windows workstation. On that workstation, I am logged in
with a user already defined in the AD server.
The first try (i.e. after a reboot of the workstation so that the cache is
cleared) never works! At that point, a window opens and I have to provide
the username/password information and then it works. It looks like the
password is not OK the first time (I did the map from a Windows CMD console
to get the error msg)... When I look at the samba log for that workstation,
I have the following error messages:
***********
[2004/10/08 17:31:34, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Broken pipe
[2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken pipe
[2004/10/08 17:31:34, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Broken pipe)
***********
When the share is established, it is working OK.
Do you have any ideas here?
Regards,
Marcello Melfi
-----Original Message-----
From: John H Terpstra [mailto:samba at primastasys.com]
Sent: September 28, 2004 23:49
To: Marcello Melfi
Subject: RE: [Samba] Samba's ADS security mode on Sun Solaris
Hi,
Some useful, but dated, info is to be found at:
http://samba.org/~jht/Notes/
- John T.
---
John H Terpstra
Samba-Team
email: jht at samba.org
> -------- Original Message --------
> Subject: [Samba] Samba's ADS security mode on Sun Solaris
> From: "Marcello Melfi" <marcello.melfi at videotron.ca>
> Date: Tue, September 28, 2004 6:20 pm
> To: samba at lists.samba.org
>
> Hi,
>
> I have installed and configured with success Samba 3.0.2a (using a
> binary
> package) on a Sun Solaris 8 using the DOMAIN security mode. I used the
> usermaps.txt file to simplify the overall configuration of Unix vs
> Windows users, e.g. no winbindd/ldap/pam/etc...
>
> I now have a requirement to set it up using the ADS security mode. So,
> my understanding is that I need to start from the Samba source files,
> version
> 3.0.7 for instance, and compile everything. I also need to compile the
> MIT Kerberos and the OpenLDAP source files first. I think that one of
> these packages also requires the Kerberos DB.
>
> The following questions come to mind:
>
> 1. Has anybody done that (i.e. compiled Samba with ADS support) on Sun
> Solaris 8 or 9? If so, a few pointers would be greatly appreciated!
>
> 2. The ADS security mode requires the MIT Kerberos and OpenLDAP
> development libraries. Does this simply mean that I need to compile
> the source code from their respective Web site? For example, I would
> download the stable source code version 2.2.17 of OpenLDAP and compile it.
>
> 3. When using the ADS security mode, can I still simply use the
> usermaps.txt file and not winbindd/ldap/pam/etc?
>
> Regards,
>
> Marcello Melfi
> m_melfi@ <mailto:m_melfi at hotmail.com> hotmail.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list