I can't find my error anywhere!! :( The thing is that I have a Linux server with Ldap (openldap2.3) + Samba (3.0.26) + smldaptools (0.9.2-3), and I want to authenticate a Edmundo Valle Neto > I user the root user to join the machines and the smb query you suggest > works properly. We have a solution for you - https://www.zimbra.com/zimbra-suite-plus/Are you a Zimbra Developer? The logs say the following: > > > [2007/06/27 22:41:11, 4] auth/auth_sam.c:sam_account_ok(138) > sam_account_ok: Checking SMB password for user root > [2007/06/27 22:41:11, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : this contact form
I'm quite disappointed, that it is not quite straight forward. Edmundo Valle Neto Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Samba and LDAP: Trouble adding Win XP machines I use Debian (its a little different), but how did you configured NSS? ("getent passwd" shows your machine accounts?) What user are you using to join? (if root, "smbclient -L localhost Share on Facebook Share on Twitter Share on Digg Share on Reddit Share on Google+ Top fajarpri Advanced member Posts: 98 Joined: Fri Sep 12, 2014 10:39 pm Zimbra + Samba
Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba John Drescher Reply | Threaded Open this post in threaded view ♦ When i join a windows machine to the samba server in user creating phase it will give an error about untrusted relation between server and workstation ... I provide the credentials of the domain admin and according to the samba log files authentication runs fine. It does not matter weather I use root or a user with the correct > privelages.
The machine account >>>>> (posix) >>>>> gets created automatically but the samba attributes are not added by >>>>> samba. >>>>> >>>>> >>>> look I expect to be able to help others solve the problems I have had. there is a param to force to start from a lower id? -------------- Here there is my samba configuration (with testparm) [email protected]:/var/log/samba# testparm Load smb config files from /etc/samba/smb.conf Processing section When I try to add the machine to the domain the authentication as domain admin also works fine according to the samba log files.
Edmundo Valle Neto mikelOn escreveu: > > I am not running nscd :( > > Thanks for your response > > > simo-7 wrote: > >> On Wed, 2007-06-27 at Regards. Debian bug tracking system administrator
Anyway the system uses NSS to resolve posix account names. Next by thread: Re: Windows 2000 pro doesn't join a domain with Samba+Ldap (linux) Index(es): Date Thread [IndexofArchives] [InfoCyrus] [LARTC] [Bugtraq] [Netfilter] I think its more error prone to that using ldif files (idealx scripts already does the initial population for you, without problems). Its just recommended not necessary.
I dont know where exactly it breaks when you dont have it. So, yes, it can be problematic. Powered by vBulletin Version 4.2.2 Copyright © 2016 vBulletin Solutions, Inc. I have > even tried to install everything in three different linux distros and in one > of them I have reinstalled everything from scratch three or four times.
I dont know where exactly it breaks when you dont have it. weblink I can even list the samba shares from the windows machines. > > Thanks again > > > Edmundo Valle Neto wrote: > >> What distro are you using? >> I thought that was not necessary. > Yes, do you need NSS working. You can test NSS with "getent passwd" and "getent group", your accounts in ldap must be visible then.
and I don't know why this error only appears when the debug level is that high (I've been googling around, and this level was only recomended for developers). ps: Im not interested in your password hashes :) You said that root belongs to Domain Admins group, but the RID 513 is the known RID of the Domin Users group. J'ai utilisé les outils d'IDEALX pour remplir mon annuaire et je n'ai pas eu de probleme. navigate here Anyway, I can post the samba log if you > think it is helpful to find out the source of the error. > Theres a LOT of things that can
Refer to the idealx documentation (if you really want that things > >work properly, reading the documentation is not an option), it was > >already discussed here and the documentation explains I used smbldap-populate (the admin user is "root" so no > parameters at all) and I also tried with "-u 50000 and -g 50000" so that > user ids do not All the Group accounts in ou=Group except "test" were created by smbldap-populate.
Thanks. The linux server is the host called "xxxx" and the windows client is the host "enano" When I try to join the domain "JOME" from Windows, I am prompted for a Regards. Look at the logs, it should say what exit the script gave and >> what samba tried to do. >> >> Regards. >> >> Edmundo Valle Neto >> >> >> --
Actually PAM uses files first but i didn't like to have two user with the same name (getent passwd return two root users!) Can i use ldaprenameuser? Thank you very much Edmundo Valle Neto wrote mikelOn escreveu: > I am using debian etch for the testing but I have had the same problem with > gentoo 2007.0. Edmundo Valle Neto mikelOn escreveu: > > I am not running nscd :( > > Thanks for your response > > > simo-7 wrote: > >> On Wed, 2007-06-27 at his comment is here Refer to the idealx documentation (if you really want that things >>>> work properly, reading the documentation is not an option), it was >>>> already discussed here and the documentation explains
Edmundo Valle Neto > Thanks for the advice, > > Mikel > > > Edmundo Valle Neto wrote: > >> mikelOn escreveu: >> >>> Hi Alex, >>> >>> Yes, according to the docs I have this correct. > You need to have an user that have rights to join machines, a root > account WITH samba attributes, or another Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba mikelOn Reply | Threaded Open this post in threaded view ♦ ♦ I can even list the samba shares from the windows machines. > > Thanks again > > > Edmundo Valle Neto wrote: > >> What distro are you using? >>
About the samba attributes, when you add a machine account the script "add machine" must NOT ADD SAMBA ATTRIBUTES, only posix, samba does that alone. The > packages are "libnss-ldap" for debian/ubuntu and "nss_ldap" for gentoo. > After that, the users could join the domain perfectly and the samba > attributes were added by samba itself The machine account (posix) > gets created automatically but the samba attributes are not added by samba. Top Display posts from previous: All posts1 day7 days2 weeks1 month3 months6 months1 year Sort by AuthorPost timeSubject AscendingDescending Post Reply Print view 5 posts • Page 1 of 1 Return
The "add machine script" is supposed to create only UNIX (POSIX) account. In debian you install and configure the package libnss-ldap and set it to be used in /etc/nsswitch.conf. Andrés > I don't have samba configured to automatically create unix user accounts or > allocate ids in winbind, so I need to manually create unix accounts for > users or Here is the global section of my smb.conf >> >> [global] >> workgroup = ARAMDA >> map to guest = Bad User >>
As I mentioned the machine account is in the LDAP directory afterwards. Acknowledgement sent to Stefan Bauer
The samba attributes are not >>>>> being >>>>> added when the workstation entry is created.