Yohann Ferreira
2004-Apr-29 12:54 UTC
REofRE: [Samba] password change on the domain password server using clienttools
Hi Lieven Thanks for advise ! the getent passwd command shows me all the users of the 2k domain in this format : DOMAIN2K+user:x:10000:10026::/home/NetBiosName/user:/bin/bash I think that's correct. But do you think I got to use nss pam or something like that ? I just can't login with a 2000 user on Samba, but guests (unknown users ) can, when I permit them to. So I think users are known but their password are badly processed. Maybe something messing with kerberos ? Thanks for reading and hope to see you soon ! Bertram>From: Lieven VAN ACKER <lieven.vanacker@archg.sintlucas.wenk.be> >To: Yohann Ferreira <bertram25@hotmail.com> >Subject: RE: [Samba] password change on the domain password server using >clienttools >Date: Thu, 29 Apr 2004 13:40:49 +0200 > >Hi, > >congratulations so far! > >did you try to > >getent passwd > >to check if winbind is actually called when asking for unix users? > >If the domain users are not listed, you probably have a problem with your >pam config... > >Regards, > >Lieven > >Yohann Ferreira <bertram25@hotmail.com> schreef: > >Hi Lieven ! > > > >I'm back with questions ! > >First of all, I've set my security parameters to ADS in smb.conf > >and have configured the krb5.conf file (using MIT Kerberos 5). > >Then I used a net ads join -S Domain -U admin > >and it Worked ! > >I had, of course, configured nsswitch.conf to something like this : > > > >passwd: files winbind > >group: files winbind > >shadow: files > >the wbinfos commands : > > > >wbinfo -u -g -t -m -a DOMAIN+admin%password are working ! > > > >The next thing and then final one is to connect to my samba member server > >via another desktop under win2000, with the network panel, to the Samba > >machine, but it doesn't work at all ! > > > >what did I forgot ?? > > > >Thanks a lot for reading ! > > > >Bertram > > > >>From: Lieven VAN ACKER <lieven.vanacker@archg.sintlucas.wenk.be> > >>To: Yohann Ferreira <bertram25@hotmail.com> > >>Subject: RE: [Samba] password change on the domain password server using > >>clienttools > >>Date: Wed, 28 Apr 2004 15:04:20 +0200 > >> > >>Well, > >> > >>I could tell you a couple of things ..just for the moment I'm running a > >bit > >>out of time, ... > >> > >>You could find some starting info in the Samba (3) HOWTO, chapter 7: > >domain > >>membership. > >> > >>If you want to access the AD, e.g. with ldapsearch, following things > >should > >>be noted: > >> > >>* use ldaps (-H ldaps://domainserver) > >>* use simple authentication (-x -W) > >>* bind using administrator@domainname (-D "administrator@dnsdomain") > >> > >>Ask me if you have any further questions, > >> > >>regards, > >> > >>Lieven > >> > >>Yohann Ferreira <bertram25@hotmail.com> schreef: > >> >Hi, > >> > > >> >I've read your mail concerning the integration of a samber member >server > > > >>in > >> > > >> >a Windows 2000 Domain. > >> >I, for now, am trying to join the 2000 domain, and access the AD in > >order > >> >to > >> >get users and groups... > >> >Could you tell me how you use LDAP to do this ? > >> >And if there something else to with smb.conf or/ and nsswitch.conf ? > >> > > >> >>From: Lieven VAN ACKER <lieven.vanacker@archg.sintlucas.wenk.be> > >> >>To: samba@lists.samba.org > >> >>Subject: [Samba] password change on the domain password server using > >> >>clienttools > >> >>Date: Wed, 28 Apr 2004 11:29:45 +0200 > >> >> > >> >>Hi, > >> >> > >> >>I've setup samba to be a member of a windows 2000 (mixed mode) >domain. > >> >>I'm using ldap client interface to access the AD on the W2K domain > >> >>controller, in order to add users en groups. > >> >> > >> >>Now, the final step to manage this config is to set the password of > >the > >> >>users. As it seems hard to use the ldap interface to set the > >passwords, > >> >>I've thought of using samba client tools, like smbpasswd or pdbedit >or > >> >net > >> >>commands. > >> >> > >> >>I manage to use smbpasswd -r ADSERVER -U username to set the password > >> >>interactively, pretending being user "username". > >> >> > >> >>Thing is, there should be a way to change (or set initial) password >as > >> >>domain admin. > >> >> > >> >>I tried using > >> >> > >> >>net rap password username "" newpass -U administrator%adminpass > >> >> > >> >>but this doesn't seem to have the intended result (while it doesn't > >give > >> >me > >> >>any indication of success or failure). > >> >> > >> >>So if anybody could give me a clue, how to proceed to be able to > >change > >> >the > >> >>ad password in a scriptable way, I'd be able to finish this > >integration > >> >>exercise... > >> >> > >> >>Regards, > >> >> > >> >>Lieven > >> >> > >> >> > >> >>-- > >> >>To unsubscribe from this list go to the following URL and read the > >> >>instructions: http://lists.samba.org/mailman/listinfo/samba > >> > > >> >_________________________________________________________________ > >> >Trouvez l'????me soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551 > >> > > >> > >> > > > >_________________________________________________________________ > >Hotmail : un compte GRATUIT qui vous suit partout et tout le temps ! > >http://g.msn.fr/FR1000/9493 > > > >_________________________________________________________________ Recevez par e-mail des ?motic?nes pour MSN Messenger http://g.msn.fr/FR1001/2275?url=http://www.msn.fr/ilovemessenger/premium/Default.asp?Ath=f
Apparently Analagous Threads
Wisdom of the Ancients
