Hi,
I have installed samba 3.0.6 based on the "Official
HOWTO" to join out Active Directory environment, with
winbind and pam support. I have join the samba to the
domain using "net ads join -Umyloginame". I can do the
"wbinfo -g", "getent passwd" and "getent group"
correctly. I also can list shares on other machine,
using kerberos:
# kinit myloginame@REALM.FQDN
Password for myloginame@REALM.FQDN:
# smbclient -k -L \\borneo
OS=[Windows Server 2003 3790] Server=[Windows Server
2003 5.2]
Sharename Type Comment
--------- ---- -------
...
...
#
Problem:
The only thing that I CAN'T do is to access the share
on samba machine. The "wbinfo -u" shows a wrong
combination of "WRKGRP\myloginame.full" instead of our
usual login combination "WRKGRP\myloginame" or
"myloginame.full@REALM.FQDN".
definition:
myloginame = Pre-Windows 2000 Logon Name
myloginame.full = Windows 2000 Logon Name
smb.conf:
[global]
unix charset = LOCALE
workgroup = WRKGRP
realm = REALM.FQDN
server string = Samba-3.0.6
security = ADS
password server = nias
username map = /opt/samba-3.0.6/lib/username_map.conf
# username level = 3
log level = 1
syslog = 0
log file = /var/opt/samba-3.0.6/%m
max log size = 50
printcap name = CUPS
wins server = nias
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template shell = /bin/bash
winbind separator = +
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 1
winbind nested groups = yes
printing = cups
preferred master = no
domain master = no
local master = no
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
use kerberos keytab = yes
as expected in the logfile:
winbindd logfile:
==> winbindd <=[2004/08/31 08:54:44, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'myloginame.full' does not exist
[2004/08/31 08:54:44, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'myloginame.full' does not exist
[2004/08/31 08:54:45, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(1059)
user 'myloginame.full' does not exist
Thank you,
EF
====rgrds,
EF
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Emir Faisal wrote:
| The only thing that I CAN'T do is to access the share
| on samba machine. The "wbinfo -u" shows a wrong
| combination of "WRKGRP\myloginame.full" instead of our
| usual login combination "WRKGRP\myloginame" or
| "myloginame.full@REALM.FQDN"
Try this patch (already applied to the 3.0 svn tree.
cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBNHa6IR7qMdg1EfYRAlD4AJ4p1wikZFw56vSvEHiQoTZuOZ+6SgCfa4Me
7fIpFJwN1YWMbPVWOnf2Se0=xnB4
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: libads/ldap.c
==================================================================---
libads/ldap.c (revision 1381)
+++ libads/ldap.c (revision 2091)
@@ -2184,13 +2184,19 @@
*/
char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, void *msg)
{
+#if 0 /* JERRY */
char *ret, *p;
+ /* lookup_name() only works on the sAMAccountName to
+ returning the username portion of userPrincipalName
+ breaks winbindd_getpwnam() */
+
ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName");
if (ret && (p = strchr(ret, '@'))) {
*p = 0;
return ret;
}
+#endif
return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
}
--- "Gerald (Jerry) Carter" <jerry@samba.org> wrote:> Try this patch (already applied to the 3.0 svn tree. > cheers, jerry > > > Index: libads/ldap.c >==================================================================> --- libads/ldap.c (revision 1381)> +++ libads/ldap.c (revision 2091) > @@ -2184,13 +2184,19 @@ > */ > char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX > *mem_ctx, void *msg) > {... ... ... this is new to me, btw. how to apply/merge this patch ? ====rgrds, EF __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Emir Faisal wrote:
| --- "Gerald (Jerry) Carter" <jerry@samba.org> wrote:
|
|>Try this patch (already applied to the 3.0 svn tree.
|>cheers, jerry
|>
|>
|>>Index: libads/ldap.c
|>
| ==================================================================|
|>--- libads/ldap.c (revision 1381)
|>+++ libads/ldap.c (revision 2091)
|>@@ -2184,13 +2184,19 @@
|> */
|> char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX
|>*mem_ctx, void *msg)
|> {
|
| ...
| ...
| ...
|
| this is new to me, btw.
| how to apply/merge this patch ?
Save the patche to a file.
$ tar zxf samba-3.0.6.tar.gz
$ cd samba-3.0.6/source
$ patch -p0 < filename.patch
$ ./configure && make
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBNSqAIR7qMdg1EfYRAjzzAKC+OQKgzJASk0VmuH2/pEVFNhTupQCg8/RM
Hu9lXrT3WNwOmxIJxmBBmzo=yRrV
-----END PGP SIGNATURE-----
--- "Gerald (Jerry) Carter" <jerry@samba.org> wrote: --->8> $ tar zxf samba-3.0.6.tar.gz > $ cd samba-3.0.6/source > $ patch -p0 < filename.patch > $ ./configure && makeeverything works fine now, thank you. regards, EF ====rgrds, EF __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
Reasonably Related Threads
- Kerberos Keytab Code Update in 3.0.23
- Issue with acl_xattr:ignore system acls in 4.5rc2
- Issue with acl_xattr:ignore system acls in 4.5rc2
- Joining a Windows Server 2008 / 2008 R2 DC to a Samba AD - ISSUE - The RPC server is unavailable
- nitwit's attempt to edit samba source