samba - May 2006 - Samba ADS problem

Hi 

I am working with the implementation of Samba(3.0.7) against AD. I compliled
Samba after compiling LDAP, kerberos.I can execute the following commands
successfully.

wbinfo -u, -g -t
netads info, testjoin
getent passwd group

But i cant use chown to use the owner as AD user, even after shutting down
the nscd daemon.

I am giving the my smb.conf file

[global]
        workgroup = SE
        realm = SE.JASMINE.ORG
        security = ADS
        password server = SE.JASMINE.ORG
        log level = 3
        log file = /var/log/samba/%m
        wins server = ackdc02-coa.jasmine.org
        idmap uid = 10000-20000
        idmap gid = 10000-20000

[jmj]
        path = /home/jselvaraj

When i try to get the jmj share, i am getting the error that "The
referenced
account is currently locked out and may not be logged in". Even i am not
specifying the valid users attribute for the jmj share, i am getting this
error. If i set the valid user as "selara", the account is locked at
the
windows while i am accessing the share. Is it the problem with WINDOWS AD
side or My Samba Server side?

Please help me out of this problem.

Jasmine








--
View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4365961
Sent from the Samba - General forum at Nabble.com.

Hi Jasmine.

For chown, if you don't use the 

winbind use default domain = Yes 

in smb.conf file, you must specify the name of windows domain:

chown SE\\username /home/jselvaraj

I can't help you about the "account locked out" error.

Fabio

On Fri, 2006-05-12 at 14:30 -0700, jasmine mary wrote:
> Hi 
> 
> I am working with the implementation of Samba(3.0.7) against AD. I
compliled
> Samba after compiling LDAP, kerberos.I can execute the following commands
> successfully.
> 
> wbinfo -u, -g -t
> netads info, testjoin
> getent passwd group
> 
> But i cant use chown to use the owner as AD user, even after shutting down
> the nscd daemon.
> 
> I am giving the my smb.conf file
> 
> [global]
>         workgroup = SE
>         realm = SE.JASMINE.ORG
>         security = ADS
>         password server = SE.JASMINE.ORG
>         log level = 3
>         log file = /var/log/samba/%m
>         wins server = ackdc02-coa.jasmine.org
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
> 
> [jmj]
>         path = /home/jselvaraj
> 
> When i try to get the jmj share, i am getting the error that "The
referenced
> account is currently locked out and may not be logged in". Even i am
not
> specifying the valid users attribute for the jmj share, i am getting this
> error. If i set the valid user as "selara", the account is locked
at the
> windows while i am accessing the share. Is it the problem with WINDOWS AD
> side or My Samba Server side?
> 
> Please help me out of this problem.
> 
> Jasmine
> 
> 
> 
> 
> 
> 
> 
> 
> --
> View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4365961
> Sent from the Samba - General forum at Nabble.com.
> 
-- 
Fabio Bucciarelli
Servizio Sviluppo telematica regionale e gestione delle infrastrutture
informatiche(st.4.23) 
DIREZIONE GENERALE ORGANIZZAZIONE, SISTEMI INFORMATIVI E TELEMATICA 
Regione Emilia-Romagna Viale Aldo Moro, 52 - 40127 Bologna 
Telefono ++39 051 6395658

Hi Fabio, 

Thanks for ur response. I tried with out adding the "winbind use default
domain = Yes" in smb.conf file using chown SE\\selvara /home/jselvaraj. I
am
getting the same eror. I added this value in the file and tried chown
selvara /home/jselvaraj.The problem exists for this case too. FYI..no nscd
process is running.

I cant guess what is making this complicated.

Jasmine

--
View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4452172
Sent from the Samba - General forum at Nabble.com.

But what happens if you try:

#id SE\\selvara    ? 
Can you see a uid for the user?

And if you try:

#getent passwd | grep selvara ?


Fabio


On Thu, 2006-05-18 at 07:48 -0700, jasmine mary wrote:
> Hi Fabio, 
> 
> Thanks for ur response. I tried with out adding the "winbind use
default
> domain = Yes" in smb.conf file using chown SE\\selvara
/home/jselvaraj. I am
> getting the same eror. I added this value in the file and tried chown
> selvara /home/jselvaraj.The problem exists for this case too. FYI..no nscd
> process is running.
> 
> I cant guess what is making this complicated.
> 
> Jasmine
> 
> --
> View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4452172
> Sent from the Samba - General forum at Nabble.com.
>

Fabio,

Thanks for ur imm response. 

#getent passwd | grep selvara
SE\selvara:x:10022:10001:selvara:/home/SE/selvara:/bin/false

# id SE\\selvara
id: invalid user name: "SE\selvara"

Please help me out.

Jasmine
--
View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4453126
Sent from the Samba - General forum at Nabble.com.

Jasmine,

I think the problem is that Solaris can't accept username longer than 8
chars. 
You can try chown with uid:

#chown  10022 /home/jselvaraj

I don't know if the problem you have in share access is for the same
reason.

If you defined winbind use default domain = Yes in smb.conf,  it is
strange you obtain usernames with domain in getent passwd. 

Fabio


On Thu, 2006-05-18 at 11:38 -0400, Selvaraj, Jasmine
wrote:
> Fabio, 
> 
> Thanks for ur imm response. 
> 
> #getent passwd | grep selvara 
> SE\selvara:x:10022:10001:selvara:/home/SE/selvara:/bin/false 
> 
> # id SE\\selvara 
> id: invalid user name: "SE\selvara" 
> 
> Please help me out. 
> 
> Jasmine
> 
> -----Original Message-----
> From: Fabio Bucciarelli [mailto:fbucciarelli@Regione.Emilia-Romagna.it] 
> Sent: Thursday, May 18, 2006 11:22 AM
> To: Selvaraj, Jasmine
> Subject: Re: [Samba] Samba ADS problem
> 
> But what happens if you try:
> 
> #id SE\\selvara    ? 
> Can you see a uid for the user?
> 
> And if you try:
> 
> #getent passwd | grep selvara ?
> 
> 
> Fabio
> 
> 
> On Thu, 2006-05-18 at 07:48 -0700, jasmine mary wrote:
> > Hi Fabio, 
> > 
> > Thanks for ur response. I tried with out adding the "winbind use
> default
> > domain = Yes" in smb.conf file using chown SE\\selvara
> /home/jselvaraj. I am
> > getting the same eror. I added this value in the file and tried chown
> > selvara /home/jselvaraj.The problem exists for this case too. FYI..no
> nscd
> > process is running.
> > 
> > I cant guess what is making this complicated.
> > 
> > Jasmine
> > 
> > --
> > View this message in context:
> http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4452172
> > Sent from the Samba - General forum at Nabble.com.
> > 
> 
> 
> 
> **************************************************************
> This message, including any attachments, contains confidential information
intended for a specific individual and purpose, and is protected by law.  If you
are not the intended recipient, please contact sender immediately by reply
e-mail and destroy all copies.  You are hereby notified that any disclosure,
copying, or distribution of this message, or the taking of any action based on
it, is strictly prohibited.
> TIAA-CREF
> **************************************************************
>

What u said is correct.

chown 10022 /home/jselvaraj is working. 

But when i tried with the short name,it is giving the same issue of longer
names (more than 8).

chown SE\\jas /home/jselvaraj is not working.but works with UID

# ./wbinfo -n SE\\jas
Could not lookup name SE\jas

It is not returning SID from AD.Some UID and SIP mapping problem?

Jasmine

--
View this message in context:
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4458343
Sent from the Samba - General forum at Nabble.com.