I've installed Samba 3.0.2 (from the source) on a SuSE
8.2 system with MIT Kerberos 1.3.1 (I uninstalled the
Heimdal code) and the OpenLDAP 2.1.27 development
libraries installed on it. I want to make this system
a domain member of a Win2K native-mode ADS domain but
can't get "net ads join" to work. I've run "kinit
myid@MYDOMAIN.COM" and I get at ticket, but when I do
"net ads join -Umyid%mypswd" I get no output from the
command and I don't get a machine account in the
domain.
My /etc/krb5.conf looks like:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.COM = {
kdc = DCSRV1.MYDOMAIN.COM:88
admin_server = dcsrv1.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
My /usr/local/samba/lib/smb.conf looks like:
[global]
realm = MYDOMAIN.COM
security = ads
password server = 10.4.1.13
workgroup = MYDOMAIN
netbios name = susesrv
server string = SAMBA SERVER
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
.COM
security = ads
password server = 10.4.1.13
workgroup = COLUMBIA
netbios name = susesrv
server string = IBM Aptiva in Joe's cube
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
====Joe Howell
Shelter Insurance Companies
Columbia, MO
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
No bueno. I changed the enctypes and took the "encrypt passwords=yes"
out, but still no reply and no computer account.....
TBrown@neurology.ahsc.arizona.edu wrote:
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
Change the enctypes to: des-cbc-crc as shown above. Also, if you do a
testparam I'll bet that the encrypt passwords = yes entry is going to give
you grief. Besides kerberos is encrypted anyway. Another thing to consider
is flushing the NetBIOS cache on your wins and kdc server - don't know if
this does anything, but it makes me feel better (nbtstat -R).
Tracy Steven Brown
University of Arizona
Dept. Neurology
(520) 626-4660
Joe Howell
o.com> To
Sent by: samba@lists.samba.org
samba-bounces+tsb cc
=u.arizona.edu@li
sts.samba.org Subject
[Samba] Unable to join ADS domain
02/11/2004 12:05
PM
I've installed Samba 3.0.2 (from the source) on a SuSE
8.2 system with MIT Kerberos 1.3.1 (I uninstalled the
Heimdal code) and the OpenLDAP 2.1.27 development
libraries installed on it. I want to make this system
a domain member of a Win2K native-mode ADS domain but
can't get "net ads join" to work. I've run "kinit
myid@MYDOMAIN.COM" and I get at ticket, but when I do
"net ads join -Umyid%mypswd" I get no output from the
command and I don't get a machine account in the
domain.
My /etc/krb5.conf looks like:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.COM = {
kdc = DCSRV1.MYDOMAIN.COM:88
admin_server = dcsrv1.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
My /usr/local/samba/lib/smb.conf looks like:
[global]
realm = MYDOMAIN.COM
security = ads
password server = 10.4.1.13
workgroup = MYDOMAIN
netbios name = susesrv
server string = SAMBA SERVER
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
.COM
security = ads
password server = 10.4.1.13
workgroup = COLUMBIA
netbios name = susesrv
server string = IBM Aptiva in Joe's cube
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
====Joe Howell
Shelter Insurance Companies
Columbia, MO
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Joe Howell
Shelter Insurance Companies
Columbia, MO
---------------------------------
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
Great site with wonderful information. Unfortunately, it still don't work. John Simovic <jsimovic@tpg.com.au> wrote:have a look at www.wlug.org.nz/ActiveDirectorySamba ----- Original Message ----- From: "Joe Howell" To: Sent: Thursday, February 12, 2004 7:32 AM Subject: Re: [Samba] Unable to join ADS domain> No bueno. I changed the enctypes and took the "encrypt passwords=yes"out, but still no reply and no computer account.....> > > TBrown@neurology.ahsc.arizona.edu wrote: > > > > > [libdefaults] > default_realm =MYDOMAIN.COM > clockskew = 300 > default_tkt_enctypes = des-cbc-crc > default_tgs_enctypes = des-cbc-crc > > > Change the enctypes to: des-cbc-crc as shown above. Also, if you do a > testparam I'll bet that the encrypt passwords = yes entry is going to give > you grief. Besides kerberos is encrypted anyway. Another thing to consider > is flushing the NetBIOS cache on your wins and kdc server - don't know if > this does anything, but it makes me feel better (nbtstat -R). > > Tracy Steven Brown > University of Arizona > Dept. Neurology > (520) 626-4660 > > > > > Joe Howell > o.com> To > Sent by: samba@lists.samba.org > samba-bounces+tsb cc > =u.arizona.edu@li > sts.samba.org Subject > [Samba] Unable to join ADS domain > > 02/11/2004 12:05 > PM > > > > > > > > I've installed Samba 3.0.2 (from the source) on a SuSE > 8.2 system with MIT Kerberos 1.3.1 (I uninstalled the > Heimdal code) and the OpenLDAP 2.1.27 development > libraries installed on it. I want to make this system > a domain member of a Win2K native-mode ADS domain but > can't get "net ads join" to work. I've run "kinit > myid@MYDOMAIN.COM" and I get at ticket, but when I do > "net ads join -Umyid%mypswd" I get no output from the > command and I don't get a machine account in the > domain. > > My /etc/krb5.conf looks like: > logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm =MYDOMAIN.COM > clockskew = 300 > default_tkt_enctypes = des-cbc-crc des-cbc-md5 > default_tgs_enctypes = des-cbc-crc des-cbc-md5 > > [realms] > MYDOMAIN.COM = { > kdc = DCSRV1.MYDOMAIN.COM:88 > admin_server = dcsrv1.mydomain.com:749 > default_domain = mydomain.com > } > [domain_realm] > .mydomain.com = MYDOMAIN.COM > mydomain.com = MYDOMAIN.COM > > > My /usr/local/samba/lib/smb.conf looks like: > > [global] > realm = MYDOMAIN.COM > security = ads > password server = 10.4.1.13 > workgroup = MYDOMAIN > netbios name = susesrv > server string = SAMBA SERVER > encrypt passwords = yes > > printcap name = /etc/printcap > load printers = yes > printing = cups > > log file = /var/log/samba/%m.log > max log size = 10000 > > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > > local master = no > domain master = no > preferred master = no > wins server = 10.4.1.60 > dns proxy = no > > #===============SHARE > DEFINITIONS======================> > [public] > path = /usr/public > browseable = yes > writeable = yes > guest ok = no > > [printers] > path = /var/spool/samba > browseable = yes > writeable = no > guest ok = yes > printable = yes > > .COM > security = ads > password server = 10.4.1.13 > workgroup = COLUMBIA > netbios name = susesrv > server string = IBM Aptiva in Joe's cube > encrypt passwords = yes > > printcap name = /etc/printcap > load printers = yes > printing = cups > > log file = /var/log/samba/%m.log > max log size = 10000 > > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > > local master = no > domain master = no > preferred master = no > wins server = 10.4.1.60 > dns proxy = no > > #===============SHARE > DEFINITIONS======================> > [public] > path = /usr/public > browseable = yes > writeable = yes > guest ok = no > > [printers] > path = /var/spool/samba > browseable = yes > writeable = no > guest ok = yes > printable = yes > > > > ====> Joe Howell > Shelter Insurance Companies > Columbia, MO > > __________________________________ > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing online. > http://taxes.yahoo.com/filing.html > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > Joe Howell > Shelter Insurance Companies > Columbia, MO > > --------------------------------- > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing online > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > >Joe Howell Shelter Insurance Companies Columbia, MO --------------------------------- Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online
okay, try this:
Linux:
$> kdestroy
$> kinit Administrator
Windows:
(1) C:/where/ever/klist purge -- [default place is c:/program
files/resource kit/klist.exe]
(You'll need to download this from microsoft:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/klist-o.asp)
(2) Clear the NetBIOS cache again (I'm superstitious): nbtstat -R
--
Linux:
$> vi /etc/hosts -> add: xxx.xxx.xxx.xxx host.domain.name netbios_name
[of your ADS/KDC server]
$> net join ads
- if you get "Administrator password" you're good to go.
- if you get "root password" you're encryption settings are
wrong (or at
least that was my problem).
Let's see what we get.
Tracy Steven Brown
University of Arizona
Dept. Neurology
(520) 626-4660
Joe Howell
<jhowell_tsm@yaho
o.com> To
TBrown@neurology.ahsc.arizona.edu
02/11/2004 01:04 cc
PM
Subject
Re: [Samba] Unable to join ADS
domain
No bueno. I changed the enctypes and took the "encrypt passwords=yes"
out,
but still no reply and no computer account.....
TBrown@neurology.ahsc.arizona.edu wrote:
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
Change the enctypes to: des-cbc-crc as shown above. Also, if you do a
testparam I'll bet that the encrypt passwords = yes entry is going to give
you grief. Besides kerberos is encrypted anyway. Another thing to consider
is flushing the NetBIOS cache on your wins and kdc server - don't know if
this does anything, but it makes me feel better (nbtstat -R).
Tracy Steven Brown
University of Arizona
Dept. Neurology
(520) 626-4660
Joe Howell
o.com> To
Sent by: samba@lists.samba.org
samba-bounces+tsb cc
=u.arizona.edu@li
sts.samba.org Subject
[Samba] Unable to join ADS domain
02/11/2004 12:05
PM
I've installed Samba 3.0.2 (from the source) on a SuSE
8.2 system with MIT Kerberos 1.3.1 (I uninstalled the
Heimdal code) and the OpenLDAP 2.1.27 development
libraries installed on it. I want to make this system
a domain member of a Win2K native-mode ADS domain but
can't get "net ads join" to work. I've run "kinit
myid@MYDOMAIN.COM" and I get at ticket, but when I do
"net ads join -Umyid%mypswd" I get no output from the
command and I don't get a machine account in the
domain.
My /etc/krb5.conf looks like:
logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =MYDOMAIN.COM
clockskew = 300
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
[realms]
MYDOMAIN.COM = {
kdc = DCSRV1.MYDOMAIN.COM:88
admin_server = dcsrv1.mydomain.com:749
default_domain = mydomain.com
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
My /usr/local/samba/lib/smb.conf looks like:
[global]
realm = MYDOMAIN.COM
security = ads
password server = 10.4.1.13
workgroup = MYDOMAIN
netbios name = susesrv
server string = SAMBA SERVER
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
.COM
security = ads
password server = 10.4.1.13
workgroup = COLUMBIA
netbios name = susesrv
server string = IBM Aptiva in Joe's cube
encrypt passwords = yes
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
wins server = 10.4.1.60
dns proxy = no
#===============SHARE
DEFINITIONS======================
[public]
path = /usr/public
browseable = yes
writeable = yes
guest ok = no
[printers]
path = /var/spool/samba
browseable = yes
writeable = no
guest ok = yes
printable = yes
==== Joe Howell
Shelter Insurance Companies
Columbia, MO
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Joe Howell
Shelter Insurance Companies
Columbia, MO
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
I tried "net ads join" and was prompted for root's password; other than that I got the same blank stare that I get trying it any other way. I thought about the keytab trick but being the stubborn, hardheaded type I would prefer to figure out what it is that I've got misconfigured. My next step is to whip out the trusty sniffer and see exactly what the two machines are discussing behind my back....I'm starting to suspect that (this being a test LAN) the DC may not be working exactly the way I think it should be. I am probably going to rebuild it in the next couple of weeks as part of a DR practice run, so we'll see what happens after that. Thanks for your help. --- TBrown@neurology.ahsc.arizona.edu wrote:> > > > > > Windows 200x will use RC4-HMAC for itself and other > windows (200x) clients. > However, it is compatible with des-cbc-crc and > des-cbc-md5. My experience > has been that seeting the enctypes to anything other > than des-cbc-crc gives > the same behavior as what you're seeing. I am > curious as to what your "net > ads join" command returns when you only issue "net > ads join" without any > arguments after "kinit Administrator". > > The only other thing I can think of off the top of > my head is that I have > an Administrator account on my Linux machine with > the same password as the > Windows Administrator account. I suspect that this > doesn't much matter. > > Post the output to "net ads join" (no arguments) - > if all else fails, we > can create a keytab file in windows and move it over > to Linux. > > Cheers, > > Tracy Steven Brown > University of Arizona > Dept. Neurology > (520) 626-4660 > > > > > > Joe Howell > > <jhowell_tsm@yaho > > o.com> > To > Sent by: > samba@lists.samba.org > samba-bounces+tsb > cc > =u.arizona.edu@li > > sts.samba.org > Subject > Re: [Samba] > Unable to join ADS > domain > > 02/12/2004 07:11 > > AM > > > > > > > > > > > > > > Nope. > > Something odd here? I'm not getting any messages > out > of Kerberos - I've set the logging to STDERR or > CONSOLE and don't see anything at all. Also, when I > run "klist tickets" on the KDC I notice that what > tickets are listed use rc4-hmac encryption; I added > that to the list of enctypes but it didn't seem to > make any difference. Yet I still see a ticket on my > Linux system when I run klist. > > --- TBrown@neurology.ahsc.arizona.edu wrote: > > > > > > > > > > okay, try this: > > > > Linux: > > $> kdestroy > > $> kinit Administrator > > > > Windows: > > (1) C:/where/ever/klist purge -- [default place is > > c:/program > > files/resource kit/klist.exe] > > (You'll need to download this from microsoft: > > >http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/klist-o.asp> ) > > > > (2) Clear the NetBIOS cache again (I'm > > superstitious): nbtstat -R > > > > -- > > > > Linux: > > > > $> vi /etc/hosts -> add: xxx.xxx.xxx.xxx > > host.domain.name netbios_name > > [of your ADS/KDC server] > > $> net join ads > > - if you get "Administrator password" you're > good > > to go. > > - if you get "root password" you're encryption > > settings are wrong (or at > > least that was my problem). > > > > > > Let's see what we get. > > > > > > Tracy Steven Brown > > University of Arizona > > Dept. Neurology > > (520) 626-4660 > > > > > > > > > > > > Joe Howell > > > > <jhowell_tsm@yaho > > > > o.com> > > To > > > > TBrown@neurology.ahsc.arizona.edu > > 02/11/2004 01:04 > > cc > > PM > > > > > > Subject > > Re: [Samba] > > Unable to join ADS > > domain > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > No bueno. I changed the enctypes and took the > > "encrypt passwords=yes" out, > > but still no reply and no computer account..... > > > > TBrown@neurology.ahsc.arizona.edu wrote: > > > > > > > > > > > > [libdefaults] > > default_realm =MYDOMAIN.COM > > clockskew = 300 > > default_tkt_enctypes = des-cbc-crc > > default_tgs_enctypes = des-cbc-crc > > > > > > Change the enctypes to: des-cbc-crc as shown > above. > > Also, if you do a > > testparam I'll bet that the encrypt passwords > yes > > entry is going to give > > you grief. Besides kerberos is encrypted anyway. > > Another thing to consider > > is flushing the NetBIOS cache on your wins and > kdc > > server - don't know if > > this does anything, but it makes me feel better > > (nbtstat -R). > > > > Tracy Steven Brown > > University of Arizona > > Dept. Neurology > > (520) 626-4660 > > > > > > > > > > Joe Howell > > o.com> To > > Sent by: samba@lists.samba.org > > samba-bounces+tsb cc > > =u.arizona.edu@li > > sts.samba.org Subject > > [Samba] Unable to join ADS domain > > > > 02/11/2004 12:05 > > PM > > > > > > > > > > > > > > > > I've installed Samba 3.0.2 (from the source) on a > > SuSE > > 8.2 system with MIT Kerberos 1.3.1 (I uninstalled > > the > > Heimdal code) and the OpenLDAP 2.1.27 development > > libraries installed on it. I want to make this > > system > > a domain member of a Win2K native-mode ADS domain > > but > > can't get "net ads join" to work. I've run "kinit > > myid@MYDOMAIN.COM" and I get at ticket, but when > I > > do > > "net ads join -Umyid%mypswd" I get no output from > > the > > command and I don't get a machine account in the > > domain. > > > > My /etc/krb5.conf looks like: > > logging] > > default = FILE:/var/log/krb5libs.log > > kdc = FILE:/var/log/krb5kdc.log > > admin_server = FILE:/var/log/kadmind.log > > > > [libdefaults] > > default_realm =MYDOMAIN.COM > > clockskew = 300 > > default_tkt_enctypes = des-cbc-crc des-cbc-md5 > > default_tgs_enctypes = des-cbc-crc des-cbc-md5 > > > > [realms] > > MYDOMAIN.COM = { > > kdc = DCSRV1.MYDOMAIN.COM:88 > > admin_server = dcsrv1.mydomain.com:749 > > default_domain = mydomain.com > > } > > [domain_realm] > > .mydomain.com = MYDOMAIN.COM > > mydomain.com = MYDOMAIN.COM > > > > > > My /usr/local/samba/lib/smb.conf looks like: > > > > [global] > > realm = MYDOMAIN.COM > > security = ads > > password server = 10.4.1.13 > > workgroup = MYDOMAIN > > netbios name = susesrv > > server string = SAMBA SERVER > > encrypt passwords = yes > > > > printcap name = /etc/printcap > > load printers = yes > > printing = cups > > > > log file = /var/log/samba/%m.log > > max log size = 10000 > > > > socket options = TCP_NODELAY SO_RCVBUF=8192 > > SO_SNDBUF=8192 > > > > local master = no > > domain master = no > > preferred master = no > > wins server = 10.4.1.60 > > dns proxy = no > > > > #===============SHARE > > DEFINITIONS======================> > > > [public] > > path = /usr/public > > browseable = yes > > writeable = yes > > guest ok = no > > > > [printers] > > path = /var/spool/samba > > browseable = yes > > writeable = no > > guest ok = yes > > printable = yes > > > > .COM > > security = ads > > password server = 10.4.1.13 > > workgroup = COLUMBIA > > netbios name = susesrv > > server string = IBM Aptiva in Joe's cube > > encrypt passwords = yes > > > > printcap name = /etc/printcap > > load printers = yes > > printing = cups > > > > log file = /var/log/samba/%m.log > > max log size = 10000 > > > > socket options = TCP_NODELAY SO_RCVBUF=8192 > > SO_SNDBUF=8192 > > > > local master = no > > domain master = no > > preferred master = no > > wins server = 10.4.1.60 > > dns proxy = no > > > > #===============SHARE > > DEFINITIONS======================> > > > [public] > > path = /usr/public > > browseable = yes > > writeable = yes > > guest ok = no > > > > [printers] > > path = /var/spool/samba > > browseable = yes > > writeable = no > > guest ok = yes > > printable = yes > > > > > > > > ====> > Joe Howell > > Shelter Insurance Companies > > Columbia, MO > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Finance: Get your refund fast by filing > > online. > > http://taxes.yahoo.com/filing.html > > -- > > To unsubscribe from this list go to the following > > URL and read the > > instructions: > > http://lists.samba.org/mailman/listinfo/samba > > > > > > > > Joe Howell > > Shelter Insurance Companies > > Columbia, MO > > > > > > Do you Yahoo!? > > Yahoo! Finance: Get your refund fast by filing > > online > > > > > > > > ====> Joe Howell > Shelter Insurance Companies > Columbia, MO > > __________________________________ > Do you Yahoo!? > Yahoo! Finance: Get your refund fast by filing > online. > http://taxes.yahoo.com/filing.html > -- > To unsubscribe from this list go to the following > URL and read the > instructions: > http://lists.samba.org/mailman/listinfo/samba > >====Joe Howell Shelter Insurance Companies Columbia, MO __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
OK, now I'm getting somewhere. After rediscovering the -d flag in net, I ran "net ads join -Umyid%mypwd -d 3" and got the following output: [2004/02/17 14:44:46, 3] param/loadparm.c:lp_load(3810) lp_load: refreshing parameters [2004/02/17 14:44:46, 3] param/loadparm.c:init_globals(1300) Initialising global parameters [2004/02/17 14:44:46, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" [2004/02/17 14:44:46, 3] param/loadparm.c:do_section(3322) Processing section "[global]" [2004/02/17 14:44:46, 2] lib/interface.c:add_interface(79) added interface ip=10.4.1.159 bcast=10.7.255.255 nmask=255.248.0.0 [2004/02/17 14:45:00, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 10.4.1.13 [2004/02/17 14:45:00, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2004/02/17 14:45:00, 1] utils/net_ads.c:ads_startup(181) ads_connect: No results returned [2004/02/17 14:45:00, 2] utils/net.c:main(767) return code = -1 10.4.1.159 is my Samba machine, and 10.4.1.13 is my AD DC. Can someone tell me what "Failed to get ldap server info" tends to indicate? ====Joe Howell Shelter Insurance Companies Columbia, MO __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
On Thu, 19 Feb 2004, Gary Hostetler wrote:> I bought the official Samba 3 book. Simple question. I only want to use > samba for authentication for my squid users so I can track which students > are hogging the T1 line.Check out: http://www.siriusit.co.uk/documents/isa.html Apply for the HOWTO. It will give you the specific information you need to replace ISA with SQUID.> > 1. Do I need kerberos on my linux box to make this work with active > directory and will I need to compile Samba to include the active directory > support (we are a w2k Active Directory network)Yes.> > 2. When I try to add the linux box to the domain it gives me wrong password > even though the user is a domain admin.That means someting is broken.> > Thanks, I did buy the book but I still need help.The author of the ISA replacement info is Mark Taylor. Provision of services to replace ISA is his professional paid for work. Mark has written this guidance which I have included in Chapter 11 of "Samba-3 by Example" - due out March 26th. The above link should furnish what you are looking for. If you are still stuck after following that link let me know and I will help you. Cheers, John T. -- John H Terpstra Email: jht@samba.org