[Samba] Gentoo, Samba, Upgrade, Authentications now failing
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Jun 3 16:15:48 GMT 2008
Ivan Ordonez wrote:
> Hi Jason,
>
> Sorry I can't be of any help but I am thinking about updating our PDC to
> 3.0.30 but afraid it will have the same problem. I have a few questions
> if you don't mind.
>
> 1. Can a PDC be remove on the domain and join again? if so, who will
> be the login server to authenticate the process of joining the PDC to
> the domain? I have two BDC and one PDC.
%> net ads join -U ADMINISTRATOR at DOMAIN <-- joins samba server to domain
(could be PDC, BDC or Domain member server types depending on config)
%> net ads leave -U ADMINISTRATOR at DOMAIN <-- this will remove the
machine account from active directory
> 2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30
Nope, the lastest in portage right now is 3.0.28
>
>
> Thanks to any info you can provide.
>
> -Ivan
>
>
>
> Jason Gerfen wrote:
>> I rolled it back and experienced the same problems so I went ahead and
>> followed the following steps during the upgrade to 3.0.30
>>
>> 1. Removed machine from domain trust user account
>> 2. Uninstalled samba
>> 3. Re-installed latest 3.0.30 using Gentoo's emerge facility
>> 4. Used Kinit with domain admin account
>> 5. Joined machine to domain
>> 6. Ensured that krb5auth using winbind worked (now working, had to
>> modify user accounts in active directory. even having to go so far as
>> to remove user, and recreate then apply the RFC2307 schema attributes)
>>
>>
>> Everything is authenticating again but I am not able to get the
>> pam_mkhomedir.so object create my user directories.
>> relevant file info:
>> nt acl support = yes
>> inherit permissions = yes
>> create mask = 0022
>> template homedir = /home/samba/%U
>>
>> comment = %U Home directory
>> browsable = yes
>> read only = yes
>> create mask = 0022
>> force create mode = 0022
>> directory mask = 0022
>> force directory mode = 0022
>> path = /home/samba/%U
>>
>> %> ls -lah /home
>> drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba
>>
>> Am I missing something with the permissions? I know, they are at 755
>> for now so I can figure out why its not working. What is the best
>> practice for this folders permissions? Thanks.
>>
>> Jason Gerfen wrote:
>>> John Drescher wrote:
>>>>> Ok I have updated it and am no able to authenticate. It seems that
>>>>> even
>>>>> though my smb.conf shows 'client plaintext auth = no' in the logs when
>>>>> performing a 'wbinfo --krb5auth=username%password' it shows
>>>>>
>>>>> plaintext kerberos password authentication for [username%password]
>>>>> failed
>>>>> (requesting cctype: FILE)
>>>>>
>>>>> Any ideas? I do appreciate any help I can get on this. Here is some
>>>>> version
>>>>> information: Version 3.0.30
>>>>> --
>>>>
>>>> Sorry that did not help. For now I am out of ideas. Hopefully someone
>>>> knows how to fix that soon otherwise I would go back to the last
>>>> version that worked.
>>>>
>>> No worries, I will roll it back to 3.0.28. I am not sure why it would
>>> use plaintext vs. the ntlmv2 that is specified in the config.
>>>
>>>
>>>> John
>>>
>>>
>>
>>
--
Jas
More information about the samba
mailing list