[Samba] Machine-level shares on Windows server
Jeremy Evans
Jeremy.Evans at pertronic.co.nz
Mon Aug 11 22:32:19 GMT 2008
Thanks, but that didn't seem to clarify anything.
I want to use the fact that I'm already part of the domain (& hence have some degree of authentication with the PDC) to avoid having a user-level share for a shared domain folder. You need to use -P or -U to get Samba to do anything. I have also used -k in testing, but that involved a user logon in order to get the Kerberos ticket or TGT
Regards,
Jeremy
________________________________________
From: Rhiannon.Henning at sungard.com [mailto:Rhiannon.Henning at sungard.com]
Sent: Tuesday, 12 August 2008 09:26
To: Jeremy Evans
Subject: RE: [Samba] Machine-level shares on Windows server
http://www.linuxquestions.org/questions/linux-software-2/sambaunable-to-fetch-machine-password-315230/
http://www.mail-archive.com/samba@lists.samba.org/msg74713.html
Check out these articles. Might have something to do with using the "-P" parameter:
root at bugzilla:~# smbclient -P -L //sbs
ERROR: Unable to fetch machine password
-----Original Message-----
From: samba-bounces+rhiannon.henning=sungard.com at lists.samba.org [mailto:samba-bounces+rhiannon.henning=sungard.com at lists.samba.org] On Behalf Of Jeremy Evans
Sent: Monday, August 11, 2008 3:11 PM
To: Gerald (Jerry) Carter
Cc: samba at lists.samba.org
Subject: RE: [Samba] Machine-level shares on Windows server
That's just it - as I mentioned, I *have* joined the domain OK. At what
point am I supposed to receive a machine password?
A full transcript to illustrate the problem better:
----
root at bugzilla:~# net ads join -U administrator
administrator's password:
Using short domain name -- MYCOMPANY
Joined 'BUGZILLA' to realm 'MYCOMPANY.LOCAL'
root at bugzilla:~# net ads testjoin
Join is OK
root at bugzilla:~# smbclient -P -L //sbs
ERROR: Unable to fetch machine password
----
My smb.conf has the following setup:
----
security = ADS
realm = MYCOMPANY.LOCAL
workgroup = mycompany
password server = sbs.mycompany.local
wins support = no
wins server = sbs
invalid users = root
# Winbind settings
idmap uid = 10000-20000
idmap gid = 10000-20000
# For testing
debuglevel = 2
----
I'm sure there's something small & stupid I've overlooked, but what???
Jeremy
> -----Original Message-----
> From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
> Sent: Tuesday, 12 August 2008 03:30
> To: Jeremy Evans
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Machine-level shares on Windows server
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeremy Evans wrote:
>
> > I realise that. I *did* give a 2nd example in my original post:
> >
> > $sudo smbclient -P -L //sbs
> > ERROR: Unable to fetch machine password
> >
> >
> > "net ads testjoin" returns an OK result at my end & the PDC shows
the
> > machine as joined to the domain at the other.
> >
> > What I don't seem to be able to find out is just how the Windows PDC
> &
> > Samba interact to ensure that the Samba machine is a [trusted?]
> member
> > of the domain & therefore how to use that fact to allow
machine-level
> > shares without having to perform a user-level login.
>
> In that case, did you join the domain? Unless, this is just a bug,
> that seems the obvious explanation.
>
>
>
>
> cheers, jerry
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj
> riGXI8QLCxKz1D86icciU3M=
> =jpEz
> -----END PGP SIGNATURE-----
>
> Scanned by Bizo Email Filter
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list