I joined the domain with the samba server, however all the users map as nobody. If I change the smb.conf to server it works fine. OS = Solaris 9 Samba = 2.2.3a Windows PDC = Active Directory Windows Clients = 2000 smbstatus -> IPC$ nobody nobody 17575 eli-c3s666jst4k (40.9.72.141) Mon Mar 3 15:24:50 2003 # Samba config file created using SWAT # from ELI-5BG52B4HG.d51.lilly.com (40.8.44.189) # Date: 2002/04/24 12:54:00 # Global parameters [global] workgroup = AM netbios name = SUNTST1 security = DOMAIN encrypt passwords = Yes map to guest = Bad User password server = 40.x.xxx.xx username map = /usr/local/samba/lib/username.map lanman auth = Yes log file = /usr/local/samba/log/samba.%m max open files = 30000 wins server = 40.xx.xx.x kernel oplocks = No remote announce = 40.xx.xx.x 40.xx.xx.xx oplocks = No [viewstore] comment = Clearcase Viewstore path = /clearcase/viewstore read only = No [vobstore] comment = Clearcase Vobstore path = /clearcase/vobstore read only = No smb.conf (END) Mathew Spurgeon Eli Lilly and Company Software Engineering Support Team Phone: (317) 276-7436 mspurgeon@lilly.com
Yes this is an interop for ClearCase, however I can not even got to the ClearCase stuff right now. The problem is "The way I understand": Our production server is set to security = SERVER and this works, however it really. You see if a user logins as MAT "uppercase" and logs out and logins as mat "lowercase" the samba connection is still there. To fix this issue a user must reboot or do an ipconf /release /renew. The same issue is when clearcase_albd creates the contain space on the server if this happens after a user checks out a file the user must reboot. I would like to change the settings to security = DOMAIN, because it should drop the connection as soon as the operation is complete. Right now I can not get the smbstatus to report userid when I connect the share. I get an error Logon failure: unknown user name or bad password. Thank you for the reply: Mat murali@epiphany.com 03/03/2003 03:45 PM To: SPURGEON_MATHEW_D@LILLY.COM cc: Subject: RE: [Samba] security domain/server Hi, It looks like you are using samba as a interop for Clearacse? Looks like your VOB server is on Solaris 9? I am not clear what your question is? Can you be more specific?> -----Original Message----- > From: SPURGEON_MATHEW_D@LILLY.COM [mailto:SPURGEON_MATHEW_D@LILLY.COM] > Sent: Monday, March 03, 2003 12:31 PM > To: samba@lists.samba.org > Subject: [Samba] security domain/server > > > I joined the domain with the samba server, however all the > users map as > nobody. If I change the smb.conf to server it works fine. > > OS = Solaris 9 > Samba = 2.2.3a > Windows PDC = Active Directory > Windows Clients = 2000 > > > smbstatus -> IPC$ nobody nobody 17575 > eli-c3s666jst4k > (40.9.72.141) Mon Mar 3 15:24:50 2003 > > # Samba config file created using SWAT > # from ELI-5BG52B4HG.d51.lilly.com (40.8.44.189) > # Date: 2002/04/24 12:54:00 > > # Global parameters > [global] > workgroup = AM > netbios name = SUNTST1 > security = DOMAIN > encrypt passwords = Yes > map to guest = Bad User > password server = 40.x.xxx.xx > username map = /usr/local/samba/lib/username.map > lanman auth = Yes > log file = /usr/local/samba/log/samba.%m > max open files = 30000 > wins server = 40.xx.xx.x > kernel oplocks = No > remote announce = 40.xx.xx.x 40.xx.xx.xx > oplocks = No > > [viewstore] > comment = Clearcase Viewstore > path = /clearcase/viewstore > read only = No > > [vobstore] > comment = Clearcase Vobstore > path = /clearcase/vobstore > read only = No > smb.conf (END) > > > Mathew Spurgeon > Eli Lilly and Company > Software Engineering Support Team > Phone: (317) 276-7436 > mspurgeon@lilly.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Mat, Even though Rational (Now IBM) says this claims that the samba security domain should work, We got the same issue here. So, I changed it to security = server. If you make this to work with domain, let me know... thanks, -Murali -----Original Message----- From: SPURGEON_MATHEW_D@LILLY.COM [mailto:SPURGEON_MATHEW_D@LILLY.COM] Sent: Monday, March 03, 2003 1:02 PM To: murali@epiphany.com Cc: samba@lists.samba.org Subject: RE: [Samba] security domain/server Yes this is an interop for ClearCase, however I can not even got to the ClearCase stuff right now. The problem is "The way I understand": Our production server is set to security = SERVER and this works, however it really. You see if a user logins as MAT "uppercase" and logs out and logins as mat "lowercase" the samba connection is still there. To fix this issue a user must reboot or do an ipconf /release /renew. The same issue is when clearcase_albd creates the contain space on the server if this happens after a user checks out a file the user must reboot. I would like to change the settings to security = DOMAIN, because it should drop the connection as soon as the operation is complete. Right now I can not get the smbstatus to report userid when I connect the share. I get an error Logon failure: unknown user name or bad password. Thank you for the reply: Mat murali@epiphany.com 03/03/2003 03:45 PM To: SPURGEON_MATHEW_D@LILLY.COM cc: Subject: RE: [Samba] security domain/server Hi, It looks like you are using samba as a interop for Clearacse? Looks like your VOB server is on Solaris 9? I am not clear what your question is? Can you be more specific?> -----Original Message----- > From: SPURGEON_MATHEW_D@LILLY.COM [mailto:SPURGEON_MATHEW_D@LILLY.COM] > Sent: Monday, March 03, 2003 12:31 PM > To: samba@lists.samba.org > Subject: [Samba] security domain/server > > > I joined the domain with the samba server, however all the > users map as > nobody. If I change the smb.conf to server it works fine. > > OS = Solaris 9 > Samba = 2.2.3a > Windows PDC = Active Directory > Windows Clients = 2000 > > > smbstatus -> IPC$ nobody nobody 17575 > eli-c3s666jst4k > (40.9.72.141) Mon Mar 3 15:24:50 2003 > > # Samba config file created using SWAT > # from ELI-5BG52B4HG.d51.lilly.com (40.8.44.189) > # Date: 2002/04/24 12:54:00 > > # Global parameters > [global] > workgroup = AM > netbios name = SUNTST1 > security = DOMAIN > encrypt passwords = Yes > map to guest = Bad User > password server = 40.x.xxx.xx > username map = /usr/local/samba/lib/username.map > lanman auth = Yes > log file = /usr/local/samba/log/samba.%m > max open files = 30000 > wins server = 40.xx.xx.x > kernel oplocks = No > remote announce = 40.xx.xx.x 40.xx.xx.xx > oplocks = No > > [viewstore] > comment = Clearcase Viewstore > path = /clearcase/viewstore > read only = No > > [vobstore] > comment = Clearcase Vobstore > path = /clearcase/vobstore > read only = No > smb.conf (END) > > > Mathew Spurgeon > Eli Lilly and Company > Software Engineering Support Team > Phone: (317) 276-7436 > mspurgeon@lilly.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On Tue, 2003-03-04 at 08:07, murali@epiphany.com wrote:> Mat, > > Even though Rational (Now IBM) says this claims that the samba security > domain should work, We got > the same issue here. So, I changed it to security = server. If you make this > to work with domain, let me know...As far as the clients are concerned, there is no difference between security=server and security=domain. So check the simple stuff - use smbclient for testing and ensure you have actually joined the domain correctly. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030304/514db264/attachment.bin