Hi, I have Samba 3.0.22 running on a VM-hosted ubuntu 6.06, with the VM existing to host a Bugzilla server for our development team. I'd like to be able to periodically backup the MySQL database to a remote device on our domain. The PDC is Win2003 SBS (named simply "sbs"), & I have successfully got the "bugzilla" machine joined to the domain. The bugzilla computer shows up in the PDC's "Computers" list & all looks good (the "getent passwd|group" command works as expected, etc). However, what I'd like to do is use something like smbclient -c "put mysqlbackup.db" //sbs/backup in a cron job WITHOUT having to perform a user logon. After all, the machine is already authenticated with the domain, right? I have set up a share on the SBS machine for the backup with the computer "backup" having R/W privileges to it. I've found that I can't access the share (or even get the list of shares as in the examples below) using the -P (--machine-password) switch, so I get the choice of $smbclient -P -L //sbs Failed to open /var/lib/samba/secrets.tdb ERROR: Unable to open secrets database or $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password I can't seem to find much documentation on using machine-level passwords without the topic being the Samba server acting as the PDC, so none seem really to apply here. What am I missing? Anyone?
Gerald (Jerry) Carter
2008-Aug-09 13:44 UTC
[Samba] Machine-level shares on Windows server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeremy Evans wrote:> I've found that I can't access the share (or even get the > list of shares as in the examples below) using the -P > (--machine-password) switch, so I get the choice of > > $smbclient -P -L //sbs > Failed to open /var/lib/samba/secrets.tdb > ERROR: Unable to open secrets databaseYou don't appear to be root. Secrets.tdb is rw for root only. cheers, jerry - -- ====================================================================Samba ------- http://www.samba.org Likewise Software --------- http://www.likewisesoftware.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDDzIR7qMdg1EfYRAocgAJ9amQTW+5kgCzj/D4xW8G6ufl3ZTQCggPMU j6OaxuHX4URo91995r97XfA=q0sR -----END PGP SIGNATURE-----
Thanks, but that didn't seem to clarify anything. I want to use the fact that I'm already part of the domain (& hence have some degree of authentication with the PDC) to avoid having a user-level share for a shared domain folder. You need to use -P or -U to get Samba to do anything. I have also used -k in testing, but that involved a user logon in order to get the Kerberos ticket or TGT Regards, Jeremy ________________________________________ From: Rhiannon.Henning@sungard.com [mailto:Rhiannon.Henning@sungard.com] Sent: Tuesday, 12 August 2008 09:26 To: Jeremy Evans Subject: RE: [Samba] Machine-level shares on Windows server http://www.linuxquestions.org/questions/linux-software-2/sambaunable-to-fetch-machine-password-315230/ http://www.mail-archive.com/samba@lists.samba.org/msg74713.html Check out these articles. Might have something to do with using the "-P" parameter: root@bugzilla:~# smbclient -P -L //sbs ERROR: Unable to fetch machine password ? ? -----Original Message----- From: samba-bounces+rhiannon.henning=sungard.com@lists.samba.org [mailto:samba-bounces+rhiannon.henning=sungard.com@lists.samba.org] On Behalf Of Jeremy Evans Sent: Monday, August 11, 2008 3:11 PM To: Gerald (Jerry) Carter Cc: samba@lists.samba.org Subject: RE: [Samba] Machine-level shares on Windows server That's just it - as I mentioned, I *have* joined the domain OK. At what point am I supposed to receive a machine password? A full transcript to illustrate the problem better: ---- root@bugzilla:~# net ads join -U administrator administrator's password: Using short domain name -- MYCOMPANY Joined 'BUGZILLA' to realm 'MYCOMPANY.LOCAL' root@bugzilla:~# net ads testjoin Join is OK root@bugzilla:~# smbclient -P -L //sbs ERROR: Unable to fetch machine password ---- My smb.conf has the following setup: ---- security = ADS realm = MYCOMPANY.LOCAL workgroup = mycompany password server = sbs.mycompany.local wins support = no wins server = sbs invalid users = root # Winbind settings idmap uid = 10000-20000 idmap gid = 10000-20000 # For testing debuglevel = 2 ---- I'm sure there's something small & stupid I've overlooked, but what??? Jeremy> -----Original Message----- > From: Gerald (Jerry) Carter [mailto:jerry@samba.org] > Sent: Tuesday, 12 August 2008 03:30 > To: Jeremy Evans > Cc: samba@lists.samba.org > Subject: Re: [Samba] Machine-level shares on Windows server > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jeremy Evans wrote: > > > I realise that. I *did* give a 2nd example in my original post: > > > > $sudo smbclient -P -L //sbs > > ERROR: Unable to fetch machine password > > > > > > "net ads testjoin" returns an OK result at my end & the PDC showsthe> > machine as joined to the domain at the other. > > > > What I don't seem to be able to find out is just how the Windows PDC > & > > Samba interact to ensure that the Samba machine is a [trusted?] > member > > of the domain & therefore how to use that fact to allowmachine-level> > shares without having to perform a user-level login. > > In that case, did you join the domain?? Unless, this is just a bug, > that seems the obvious explanation. > > > > > cheers, jerry > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj > riGXI8QLCxKz1D86icciU3M> =jpEz > -----END PGP SIGNATURE----- > > Scanned by Bizo Email Filter-- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/listinfo/samba