Hi all, I don?t have much experience with Samba so I would like to apologize in advance if I talk about very simple things. I've got a freeradius 1.0.1 server running fine with OpenLDAP on a RedHat 9.0 and now I would like to authenticate against an Active Directory. I can do it with TLS, but when I try to do it with PEAP, it doesn works. I read about it and found out that should be put on radiusd.conf something with ntlm_auth. When I execute ntlm_auth get: [root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) At this point I think that the most important thing is configuring Samba. After this I?ve readed that the server should be joined to the domain but when I try the command: [root]#net join [2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446) Unknown parameter encountered: "host allow" [2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142) Ignoring unknown parameter "host allow" root's password: [2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password root@AAMM.SGI.ES failed: Cannot find KDC for requested realm [2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Unable to find a suitable server Unable to find a suitable server Does anybody knows what should I do to configure samba? How can I join the server? Thanks in advance for any help!! ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________
-----Mensaje original----- De: Javier Jim?nez D?az [mailto:jijimenez@sgi.es] Enviado el: jueves, 10 de marzo de 2005 18:44 Para: samba@lists.samba.org Asunto: ntlm_auth Hi all, I don?t have much experience with Samba so I would like to apologize in advance if I talk about very simple things. I've got a freeradius 1.0.1 server running fine with OpenLDAP on a RedHat 9.0 and now I would like to authenticate against an Active Directory. I can do it with TLS, but when I try to do it with PEAP, it doesn works. I read about it and found out that should be put on radiusd.conf something with ntlm_auth. When I execute ntlm_auth get: [root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) At this point I think that the most important thing is configuring Samba. After this I?ve readed that the server should be joined to the domain but when I try the command: [root]#net join [2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446) Unknown parameter encountered: "host allow" [2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142) Ignoring unknown parameter "host allow" root's password: [2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password root@AAMM.SGI.ES failed: Cannot find KDC for requested realm [2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Unable to find a suitable server Unable to find a suitable server Does anybody knows what should I do to configure samba? How can I join the server? Thanks in advance for any help!! ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________
-----Mensaje original----- De: Javier Jim?nez D?az [mailto:jijimenez@sgi.es] Enviado el: jueves, 10 de marzo de 2005 18:44 Para: samba@lists.samba.org Asunto: ntlm_auth Hi all, I don?t have much experience with Samba so I would like to apologize in advance if I talk about very simple things. I've got a freeradius 1.0.1 server running fine with OpenLDAP on a RedHat 9.0 and now I would like to authenticate against an Active Directory. I can do it with TLS, but when I try to do it with PEAP, it doesn works. I read about it and found out that should be put on radiusd.conf something with ntlm_auth. When I execute ntlm_auth get: [root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) At this point I think that the most important thing is configuring Samba. After this I?ve readed that the server should be joined to the domain but when I try the command: [root]#net join [2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446) Unknown parameter encountered: "host allow" [2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142) Ignoring unknown parameter "host allow" root's password: [2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password root@AAMM.SGI.ES failed: Cannot find KDC for requested realm [2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Unable to find a suitable server Unable to find a suitable server Does anybody knows what should I do to configure samba? How can I join the server? Thanks in advance for any help!! ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________
Hi all, I don?t have much experience with Samba so I would like to apologize in advance if I talk about very simple things. I've got a freeradius 1.0.1 server running fine with OpenLDAP on a RedHat 9.0 and now I would like to authenticate against an Active Directory. I can do it with TLS, but when I try to do it with PEAP, it doesn works. I read about it and found out that should be put on radiusd.conf something with ntlm_auth. When I execute ntlm_auth get: [root]# ntlm_auth --username=javi2 --domain=aamm.sgi.es password: NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) At this point I think that the most important thing is configuring Samba. After this I?ve readed that the server should be joined to the domain but when I try the command: [root]#net join [2005/03/10 18:40:16, 0] param/loadparm.c:map_parameter(2446) Unknown parameter encountered: "host allow" [2005/03/10 18:40:16, 0] param/loadparm.c:lp_do_parameter(3142) Ignoring unknown parameter "host allow" root's password: [2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password root@AAMM.SGI.ES failed: Cannot find KDC for requested realm [2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186) ads_connect: Cannot find KDC for requested realm Unable to find a suitable server Unable to find a suitable server Does anybody knows what should I do to configure samba? How can I join the server? Thanks in advance for any help!! ______________________ Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion. ______________________ This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it. ______________________
On Thu, 2005-03-10 at 20:18 +0100, Javier Jim?nez D?az wrote:> Hi all,> [2005/03/10 18:40:19, 0] libads/kerberos.c:ads_kinit_password(146) > kerberos_kinit_password root@AAMM.SGI.ES failed: Cannot find KDC for > requested realm > [2005/03/10 18:40:19, 0] utils/net_ads.c:ads_startup(186) > ads_connect: Cannot find KDC for requested realmYou will need to read the HOWTO or Guide (see docs on the samba homepage), and join your machine to the active directory domain. The steps and configuration is decribed in detail. On a broader level, you should also ensure that DNS is correct over your entire site, as this can make a big difference to how well this all works. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050312/d499c979/attachment.bin