similar to: AD Question

Scenario: Samba-3.0.20b domain member server on SuSE 9.3 (w/ all available patches applied) providing kerberos authentication through a Windows 2000 domain with AD4Unix services installed. Problem(s): 1. Can only view users from one OU in Active Directory (default is: CN=Users, problem container is: OU=authenticated) 2. According to log.winbind and log.smbd authentication fails with error:

I am having a problem which with much help from this list I have gotten 90% complete. I am attempting to create a samba server which will authenticate users as a Domain member server using active directory. The question I have is how can I map a specific container which is not an OU but a CN in the active directory? Any help is appreciated. -- Jason Gerfen "My girlfriend threated to

I appreciate the assistance. I am running SuSE 9.3 with the samba and winbind packages (latest releases). I have configured the krb5.conf to correspond including the enc types. Here is that output: [libdefaults] default_realm = DOMAIN.COM clockskew = 300 default_tgs_enctypes = rc4-hmac des-cbc-md5 default_tkt_enctypes = rc4-hmac des-cbc-md5 permitted_enctypes = rc4-hmac des-cbc-md5 [realms]

I am having a hard time getting Samba to authentication correctly against a Windows Active Directory setup. Here is a snap of the smb.conf [global] passdb backend = ldapsam security = domain password server = server1.com server2.com prefered master = No local master = no hide unreadable = yes wins support = no winbind use default

I want a samba machine to be a member of the domain and authentication the users, but I do not want to use kerberos as authentication and I also want to limit or authentication users from a specific group. Examples of this? -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK

The nss_ldap has some performance problems and doesn't have any caching features that windbind does. What I was aways wondering is does IDMAP write UID/GID derived from SID to the extended schema in AD? Can winbindd use this extended schema, instead of using nss_ldap? -----Original Message----- From: samba-bounces+letz_samba=realmspace.com@lists.samba.org

I have been ready everything I can regarding this setup but am having a problem that I am unsure of. I am unable to authenticate any user despite the following commands working: %> getent passwd <username> %> wbinfo -u %> wbinfo -g With the getent passwd I am able to see all of my UID/GID being mapped via winbdind to the rid of the domain user account. This command fails: %>

I am having a hard time getting any information from this list about the default OU's used when running the net ads join command. After mapping to the wrong OU in Active Directory for a Samba Domain Member Server (ou=wrong_container,dc=server,dc=com) I cannot change this back to the default (cn=users,dc=server,dc=com). Any help is appreciated and here is the result of net ads dn command:

I am having problems configuring Samba as a stand alone server. Here is my smb.conf [global] workgroup = SCL netbios name = ODIN security = share log level = 4 [images] comment = ODIN path = /odin/images Here is the information I am recieiving in the log.smbd. [2006/06/02 07:24:43, 3] auth/auth_sam.c:check_sam_security(264) check_sam_security:

Hello, when I try to put my SAMBA4 as DC from a domain controller in windows 2000 /usr/local/samba # bin/samba-tool join (WINDOWS 2000 DOMAIN). DC -U(USER)@(WINDOWS 2000 DOMAIN)%(PASSWORD) --realm=(WINDOWS 2000 DOMAIN). -d5 throws me the following error: Failed to get CCACHE for GSSAPI client: KDC has no support for encryption type Aquiring initiator credentials failed: kinit for ADMCONST at

I am having a problem while trying to download anything from a recently configured tftp boot server. Here are the configuration for the dhcpd.conf option domain-name="domain.com"; default-lease-time 900; max-lease-time 1800; ddns-update-style none; authoritative; allow bootp; allow booting; option space PXE; option PXE.mtftp-ip code 1 = ip-address; option PXE.mtftp-cport code 2

I am having a hard time getting a Windows XP virtual machine to follow a symlink share to a localhost samba share with 'follow symlinks = yes' I have been googling this for a couple of hours now and have found some references but not definite fix. Error from samba: '/tmp/Desktop' does not exist or permission denied when connecting to [desktop] Error was Permission denied System:

Hello there I have been struggling with queues, because i think this is the right module for our business. My main goal, is when we receive external calls, the receptionist should be able to transfer the call to us Technicians, and I am trying to add 2 extensions to a queue name [teknisk] Extension 301 and 302. I have a test setup now which I thought should look like this: When a external call

Ok I deleted the incorrect conf file and set it up using Yast again here is the amended file. I tried using the IP address of the server this time but I'm still getting the same errors as before. [libdefaults] default_realm = ELLISONSLEGAL.COM clockskew = 300 [domain_realm] .ELLNET = ELLISONSLEGAL.COM [realms] ELLISONSLEGAL.COM = { kdc = 10.0.0.31 default_domain = ELLNET

We want to join out Linux-Server: SLES 10 SP1 x86 with Samba (samba-client-3.0.24-2.23) to our W2000 Domain. so i use the command: net join -S TQ-NET.DE -UAdministrator and i get the following Errormessage: Failed to join domain! ADS join did not work, falling back to RPC... [2008/03/12 12:07:29, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(350) Error in domain join verification

I have encountered a problem so I am posting this question to both the technical list as well as the normal user list for a solution. When I initially joined the samba box to the Win2k domain as a member server I followed the Samba 3 HOWTO and specified the OU in the Active Directory. After speaking with our boss this is not the correct OU for the users we need to authenticate. My question

Dear list, I'm currently trying to simulate a VPN in a very simple configuration at home. My normal home-net 192.168.0.0/24 serves as "the internet". Three test machines are used, two of them connected to "the internet": odin , external IP 192.168.0.100/24 on eth0 thor , external IP 192.168.0.101/24 on eth0 My VPN uses address space 10.0.0.0/8 in the following way: odin

Hi. I use Samba 3.0.2-29 on Server S7. In our network is a W2K Server named S4 running in Native Mode, Domain Name hel.lan. I tried to join the S4-Domain hel.lan. s7:~ # kinit Administrator@HEL.LAN Administrator@HEL.LAN's Password: s7:~ # net ads join [2004/02/27 08:20:54, 0] libads/ldap.c:ads_add_machine_acct(1006) Host account for s7 already exists - modifying old account Using short

I just updated Samba on Gentoo due to a security vulnerability and the authentication for domain accounts is now failing. Has anyone else seen this? -- Jas

When I issue command 'net ads keytab add HTTP' I got a message 'Processing principals to add...' but nothing else happens - no change in keytab, net ads keytab list output, no errors in log etc. [Global] netbios name = HOSTNAME workgroup = DOMAIN realm = DOMAIN server string = %h Gentoo DT security = ads auth methods = sam winbind encrypt passwords = yes kerberos