On Thu, 30 Oct 1997, Nathan Neulinger wrote:> > you'll need to do encrypted passwords for your users. what version of > > unix are you using? have you looked into PAMs? (plug-in authentication > > modules) > > The problem is, we'll never have cleartext passwords for the user. > Maintaining a separate password database is unnaceptable. If we wanted to > do that, we'd just run NT server. > > I'm semi familiar with PAM, but am not sure how they apply to this > situation other than for checking that a given cleartext password is > correct for a particular userid.(run two simultaneous PAMs: one kerberos-pam, the other an ntdom-pam. i think that's the way it works. each pam will be simultaneously maintaining password databases. each time the user changes their password, both databases will be updated). hang about... could you possibly describe your setup a little more to me, so i can think about this? <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page </a> <br><b> "Apply the Laws of Nature to your environment because your environment applies the Laws of Nature to you" </b>
On Fri, Oct 31, 1997 at 12:08:57PM +0000, Luke Kenneth Casson Leighton wrote:> On Thu, 30 Oct 1997, Nathan Neulinger wrote: > > > > you'll need to do encrypted passwords for your users. what version of > > > unix are you using? have you looked into PAMs? (plug-in authentication > > > modules) > > > > The problem is, we'll never have cleartext passwords for the user. > > Maintaining a separate password database is unnaceptable. If we wanted to > > do that, we'd just run NT server. > > > > I'm semi familiar with PAM, but am not sure how they apply to this > > situation other than for checking that a given cleartext password is > > correct for a particular userid. > > (run two simultaneous PAMs: one kerberos-pam, the other an ntdom-pam. i > think that's the way it works. each pam will be simultaneously > maintaining password databases. each time the user changes their > password, both databases will be updated). > > > hang about... could you possibly describe your setup a little more to me, > so i can think about this?Not all of the O/S's we use will support that. We could replace /bin/login on all of them... ick. Plus, we have over two hundred workstations, mostly HP's. If we do something like that, we'll most likely implement a central password server of our own design (probably on a linux box) that would receive requests to update a password on all services - including Novell, NT, AFS, DCE, etc. -- Nathan ------------------------------------------------------------ Nathan Neulinger Univ. of Missouri - Rolla EMail: nneul@umr.edu Computer Center WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
I am trying to configure the Samba server as a domain
client. The PDC is a Windows NT server..
I am getting the following error:
# ./smbpasswd -j SPE -r CPADM01
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC
credentials to machine CPADM01. Error was :
NT_STATUS_ACCESS_DENIED.
2001/04/18 13:01:05 : change_trust_account_password:
Failed to change password for domain SPE.
Unable to join domain SPE.
The smb.conf file looks like:
[global]
workgroup = dom
security = DOMAIN
encrypt passwords = Yes
password server = *
username map = /usr/local/samba/lib/usermap
unix password sync = Yes
wins server = 172.3.10.1
wins support = Yes
Any help would be appreciated..
Please email bac200000@yahoo.com
Thanks!!
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
Hi! Did you add the Samba box to your NT Domain? I had similar problems
until I added my Samba box to my NT domain......
Peace.....
Tom
b ac <bac200000@yahoo.com>@lists.samba.org on 04/18/2001 01:11:23 PM
Sent by: samba-admin@lists.samba.org
To: samba@lists.samba.org
cc:
Subject: NT Domain Logon
I am trying to configure the Samba server as a domain
client. The PDC is a Windows NT server..
I am getting the following error:
# ./smbpasswd -j SPE -r CPADM01
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
cli_nt_setup_creds: auth2 challenge failed
modify_trust_password: unable to setup the PDC
credentials to machine CPADM01. Error was :
NT_STATUS_ACCESS_DENIED.
2001/04/18 13:01:05 : change_trust_account_password:
Failed to change password for domain SPE.
Unable to join domain SPE.
The smb.conf file looks like:
[global]
workgroup = dom
security = DOMAIN
encrypt passwords = Yes
password server = *
username map = /usr/local/samba/lib/usermap
unix password sync = Yes
wins server = 172.3.10.1
wins support = Yes
Any help would be appreciated..
Please email bac200000@yahoo.com
Thanks!!
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Hi, I know that you can set the userWorkstations attribute to limit the workstations where the user can login. But is it possible to say which users are allowed to login on this computer (this must be an attribute from the maschine account) greets Andreas Strodl
To Andrew and the samba list. I'm a bit stuck with loging onto my "admin" domain from my windows NT machine (sp 6), but from my '98 machine, all is well. I understand there is no comparison though. I have read and closely followed all the docs and faqs, even book extracts and all the log files, turning log level to 100. I do find a line reading: credentials check wrong What I have managed to pick up, maybe a red herring, is that the /var/cache/samba/browse.dat doesn't have an entry for the NT machine, but the wins.dat does, but only with the #00 and #03. Anyway, relevent or not, the logon message in the event viewer on the WinNT is : Failed to authenticate with \\MERLIN, a Windows NT domain controller for domain admin. The Server service on the WinNT is also not running, would this add to the problem? Please send some input. Thanks, Trevor.
Hello all.
I've already joined the domain, even rejoined, but the problem prevails.
Please help. Does the WinNT machine need Server service to be installed?
Workstation service is installed, and I don't want to browse the NT machine.
Thanks, Trevor
P.S: Operating System: Red Hat 7.3
Samba Version: 2.2.3.a
_______________________________________________________>To Andrew and the samba list.
>
> I'm a bit stuck with loging onto my "admin" domain from my
windows NT
> machine (sp 6), but from my '98 machine, all is well. I understand
there
> is no comparison though. I have read and closely followed all the docs and
> faqs, even book extracts and all the log files, turning log level to 100.
>
>I do find a line reading:
>
>credentials check wrong
>
>What I have managed to pick up, maybe a red herring, is that the
>/var/cache/samba/browse.dat doesn't have an entry for the NT machine,
but
>the wins.dat does, but only with the #00 and #03.
>
>Anyway, relevent or not, the logon message in the event viewer on the
>WinNT is :
>
>Failed to authenticate with \\MERLIN, a Windows NT domain controller for
>domain admin.
>
>The Server service on the WinNT is also not running, would this add to the
>problem? Please send some input.
>
>Thanks, Trevor.
>
>Andrew wrote:
>
> >So you didn't join the domain. Go back, join the domain and try
again.
> --------------------------------------------------------------------------
--> -------
>
Reasonably Related Threads
- [Bug 11378] New: Please add a '--line-buffered' option to rsync to make logging/output more friendly with pipes/syslog/CI systems/etc.
- [Bug 3184] New: Unable to add deprecated KexAlgorithms back for host via config file
- KerbNet!
- Performance tips for heavily loaded servers
- How to get nmbd to work?