Hi all, I'm running samba-3.0.25b w/Linux 2.6.16.27 (SUSE 10.1), newly compiled. I've joined the AD domain (which is a subdomain) whose PDC is Win2K3 server and which is running in native mode but allowing NT4 members. From the HOWTO, I followed the instructions - manually created the computer account, then did the "net rpc join ...." and successfully joined the AD domain. From the AD Users and Computers console on the PDC, I can see my machine. But that's all - though I've created shares on it, I can't browse them from another host, nor access them directly. And when I just browse the domain itself in Explorer, I don't see my machine. When I try to view a share on it from a W2K3 box on the domain, I see: "\\sambabox is not accessibe. You might not have permission to use this network resource (more omitted) There are currently no logon servers available to service the logon request" When I do wbinfo -t on the samba box, I see: # wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret When I use smbclient to try to connect locally, the meaningful-looking lines output to the log are: [2007/07/23 14:59:47, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1060) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2007/07/23 14:59:47, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(739) Got user=[kevin] domain=[I01.ADI.xxxxxx.COM] workstation=[sambabox1] len1=24 len2=24 [2007/07/23 14:59:47, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(69) [2007/07/23 14:59:47, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [I01.ADI.xxxxxx.COM]\[kevin] from workstation [sambabox1] [2007/07/23 15:00:18, 5] libsmb/trustdom_cache.c:trustdom_cache_fetch_timestamp(219) no timestamp for trusted domain cache located. [2007/07/23 15:00:18, 5] libsmb/namequery.c:saf_fetch(133) saf_fetch: failed to find server for "I01.ADI.xxxxxx.COM" domain [2007/07/23 15:00:18, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: ", i01-ny-dc1.rentec.com" [2007/07/23 15:00:18, 5] libads/dns.c:sitename_fetch(676) sitename_fetch: No stored sitename for [2007/07/23 15:00:18, 5] libsmb/namecache.c:namecache_fetch(214) name i01-ny-dc1.rentec.com#20 found. [2007/07/23 15:00:18, 4] libsmb/namequery.c:get_dc_list(1599) get_dc_list: returning 1 ip addresses in an ordered list [2007/07/23 15:00:18, 4] libsmb/namequery.c:get_dc_list(1600) get_dc_list: xxx.xxx.xxx.xxx [2007/07/23 15:00:18, 5] libsmb/namecache.c:namecache_status_fetch(346) [2007/07/23 15:00:22, 3] libsmb/trusts_util.c:enumerate_domain_trusts(165) enumerate_domain_trusts: can't locate a DC for domain I01.ADI.xxxxxx.COM check_ntlm_password: winbind authentication for user [kevin] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2007/07/23 15:00:57, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [kevin] -> [kevin] FAILED with error NT_STATUS_NO_LOGON_SERVERS [2007/07/23 15:00:57, 5] auth/auth_util.c:free_user_info(2045) Any other useful information I could provide?? thanks ...
Hi again, In working on my previous problem with joining a domain, I'm trying to join with AD instead of NTLM. I've got openldap v2.3.19 installed, and the libraries are in my LD_LIBRARY_PATH. configure --with-ads fails: checking for LDAP support... auto checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_tag_t... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support But: :~/samba-3.0.25b/source # grep ldap_init /usr/lib/libldap.so Binary file /usr/lib/libldap.so matches :~/samba-3.0.25b/source # grep ber_scanf /usr/lib/liblber.so Binary file /usr/lib/liblber.so matches :~/samba-3.0.25b/source # grep ldap_set_rebind_proc /usr/lib/libldap.so Binary file /usr/lib/libldap.so matches :~/samba-3.0.25b/source # grep ldap_initialize /usr/lib/libldap.so Binary file /usr/lib/libldap.so matches How does this make sense?
Jeffrey M. Johnson
2007-Jul-26 14:35 UTC
[Samba] Basic Overview of Active Directory with Samba Install
I apologize for posting such a newb question, but I am having problems configuring Samba for use in an Active Directory and after searching the archives... I am trying to configure Samba 3.0.25 as a node in out AD setup. Since I am writing here you can guess it is not working. Is there a basic "how to" for this topic out there, I am figuring I missed a simple and basic step along the way. Jeffrey M. Johnson
Adam Tauno Williams
2007-Jul-26 20:26 UTC
[Samba] Basic Overview of Active Directory with Samba Install
On Thu, 2007-07-26 at 09:19 -0500, Jeffrey M. Johnson wrote:> I apologize for posting such a newb question, but I am having problems > configuring Samba for use in an Active Directory and after searching the > archives... > I am trying to configure Samba 3.0.25 as a node in out AD setup. Since I > am writing here you can guess it is not working. > Is there a basic "how to" for this topic out there, I am figuring I missed a > simple and basic step along the way.http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm http://us3.samba.org/samba/docs/man/Samba-Guide/kerberos.html -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org