similar to: "net ads keytab create" failing

Hi all, I've finally almost gotten my desired Samba+AD integration working: I've joined a domain, AD users can login, kerberos works (keytab integration, caching, etc.), etc. However, this is only true as long as I hack my /etc/hosts and /etc/samba/lmhosts files to trick Samba into always using my networks Windows 2000 Active Directory Server. The second a Samba command finds and

I'm trying to learn how to integrate Linux workstations and servers into a Windows 2000 Active Directory network. I've read and followed the Samba HOWTO, especially the parts about Winbind, and I got my Linux workstation authenticating using pam_krb5 and pam_winbind. klist would show I got a TGT after logging in. Domain users could login and pam_mkhomedir would properly setup a new home

Hi! I hope you can help me here. We replaced our only domain controller (W2K ActiveDirectory) with a newer server. It was done by means promotion and everything was copied correctly (acording to the guy who made the transfer of all the stuff from the old service to the new one). As a matter of fact all services provided by the old server are already being served by the new one. Before the

I experienced the following problem with an apparent permissions Catch-22 where there's no "root" user to bootstrap from with Samba-LDAP, and found several other people experienced it too. I eventually figured out why a few people are plagued by this problem while most have never seen it, and I solved it. For everyone else who experiences a similar problem, the explanation and

Hi I am having a real nightmare over this: Setup is : win2k as ADS server linux samba server is: # smbd --version Version 3.0.14a-Ubuntu kerberos: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator@KCS.COM Valid starting Expires Service principal 07/03/06 09:51:51 07/03/06 19:51:51 krbtgt/KCS.COM@KCS.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You

I want to check my new LDAP passdb with the net command, but I get: # net user root's password: [2005/02/08 15:00:09, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call If I use a wrong password, I get: # net user root's password: [2005/02/08 15:04:05, 0] utils/net_ads.c:ads_startup(186) ads_connect: Interrupted system call Could not connect to server

Hi All, I tried to apply "server=domain" for a samba server domain member with samba-3.0alpha23 and samba-3.0alpha24. In each cases, " ads_connect: Connection refused .." message appeared when trying to join the domain. But "net rpc testjoin" says ok. The main point of this mail is that " smbclient -L mysamba -U username" will work on

Hi, I post my message here because I can't debug my problem, I hope you have time to help me to find the problem. I'm trying to join my Samba machine to an ADS domain, but my "net ads join" don't work :( There is my logs, if you need more detail ask me. ~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrateur@TEST.LAN Valid starting Expires

Created an "add machine" script that basically looks for an unused uid/rid, and then creates a stub LDAP entry for the machine; the first time I issue "net join", the script is invoked and creates the LDAP entry correctly, but the join operation fails nevertheless: f1sa:~# net -U winadmin join winadmin's password: [2006/09/08 10:19:40, 0] utils/net_ads.c:ads_startup(191)

Hi all, I like to ask my question again Is there something known about this ? The question is asked several times before in this group, but so far I didn't find any answer to the question Can somebody help me out ? I want to have Samba join a win2000 active directory I am using samba-3.0.7 This is compiled on a RedHat 9 machine with: --prefix=/usr --localstatedir=/var

You could do what we do - just replace the local machine policies each time you rev the policy set. They're stored in c:\windows\system32\grouppolicy. Using gpscript.exe (Google for it, don't have a specific site) you can dump the contents of either registry.pol file to text. You can also recombine textfiles back into a .pol file, and subsequently rev the gpt.ini file so your new .pol

Hi i setted up a samba server on debian sarge using samba version 3.0.14. my configuration file is as follows: -------------------------------- BOF ----------------------------------- [global] guest account = smbguest security = user workgroup = SMSERVER socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 max log size = 1000 log level = 1 log file =

I've been successfully running Samba 3.0 under FreeBSD 5 attached to a 2003 Domain for awhile now. As of about a week ago, I could no longer get most users to authenticate to the Samba server. It happened at roughly the same time I upgraded to FreeBSD 5.4. I'm using heimdal 0.6.3, samba 3.0.14 and FreeBSD 5.4. I had the error running samba 3.0.11 and 3.0.12 from the FreeBSD ports

Please cc me on replies. My employer recently upgraded to W2K3. I have no control over the employer's set up and limited access to information. Under the old server, everything was working fine. Now I can't mount the shared drive anymore. I'm running Debian sid; samba 3.0.6-3. ################################################ # mount shared_drive cli_negprot: SMB signing is

Hi all, I'am trying to join ADS an W2K server. This server was already joined, but after chrash i was obliged to reinstall it. When I try net ads join -Uusername the following output appears: [2006/10/25 14:08:46, 6] libads/ldap.c:ads_find_dc(224) ads_find_dc: looking for realm 'SLZOVA.CZ' [2006/10/25 14:08:46, 8] libsmb/namequery.c:get_sorted_dc_list(1551) get_sorted_dc_list:

Hello, I have been using samba to authenticate my squid users to Active Directory. Because of the amount of users, I would like to set up my ACL's based on groups, rather than individual user accounts. I have successfully joined my samba box to our windows domain (2k). For some reason I had to enter the domain controller name instead of the domain name when doing so. I am now having issues

Hi List, this is gonna be a really funky/interesting/uncommon error you're going to deal with (if you do). Developer(s): I'd be really happy if you can point me at the right source files or describe at which stage of the "discussion" between my servers fail. This might be of some use.. But let's get to the facts: SYMPTOMS -------- 1) Invoked "kinit", no

In my lab I successfully got everything working running our secured Active Directory and Fedora Core 3. In our AD we have secured settings like refusing NTLMv2, require LDAP signing, SMB signing and more. In the lab we have the following rpm's: krb5-workstation-1.3.4.7 samba-3.0.8.0.pre1.3 openldap-2.2.13-2 But now we're implementing this in production and there we're running Red Hat

Yes, this is in fact caused by LDAP server signing requirements set to "Require Siging". I put a bug in previously here: https://bugzilla.samba.org/show_bug.cgi?id=765 And Jeremy Naylor created a patch to add TLS support in libads. The TLS method is potentially more secure, but it requires a certificate be installed on the KDC. You could try applying the patch and setting up the

Thanks for that interesting information. But how come it works in my lab (where I'm running Fedora Core 3)? Could it be because I'm running a newer version of LDAP? You think this will be fixed in future releases without the need to put certificated on the DC? Are there any detailinformation where to put the certificate on our DC:s? Unfourtunately we're not running any CA in our