similar to: Confused about Active Directory, Winbind, and Kerberos

Hi all, I've finally almost gotten my desired Samba+AD integration working: I've joined a domain, AD users can login, kerberos works (keytab integration, caching, etc.), etc. However, this is only true as long as I hack my /etc/hosts and /etc/samba/lmhosts files to trick Samba into always using my networks Windows 2000 Active Directory Server. The second a Samba command finds and

I'm new to Kerberos. I don't understand how Samba uses the system keytab (/etc/krb5.keytab) when "use kerberos keytab = true". Does Samba use service specific tickets? What tickets does Samba add? Do I need a cron job to keep them fresh or does Winbind take care of it? Sorry if these are elementary questions, but the Samba HOWTO didn't help me understand Samba's

Hi, I'm trying to figure out how to find users by IP. I'm parsing a firewall log and would like to map internal IPs to users. I noticed "nmblookup -A <ip>" returns interesting results: COMPUTER <00> - M <ACTIVE> DOMAIN <00> - <GROUP> M <ACTIVE> COMPUTER <03> - M <ACTIVE>

Hi all, At my new job I'm able to use Linux, but I need it to integrate it as tightly as possible with the organizations ActiveDirectory network. So of course I've been working with samba, winbind, and pam_krb5 a lot over the past few days. One problem I'm running into is that running "net ads keytab create" fails with the error: "ads_connect: Operations error"

You could do what we do - just replace the local machine policies each time you rev the policy set. They're stored in c:\windows\system32\grouppolicy. Using gpscript.exe (Google for it, don't have a specific site) you can dump the contents of either registry.pol file to text. You can also recombine textfiles back into a .pol file, and subsequently rev the gpt.ini file so your new .pol

Samba 3.0.23c, FreeBSD 6.1-RELEASE, Windows domain on W2K Advanced Server. When I have tried to join a domain I had have cought with a very strange occassion: # net ads join -U adminuser -w ASKD Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Using short domain name -- ASKD Disabled

quick question how do i tell winbind to use PAM to authenticate user against 03 AD? vi /etc/pam.d/samba #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth auth required pam_winbind.so account required pam_winbind.so account required pam_stack.so service=system-auth session required pam_mkhomedir.so

Greetings, I have followed the steps to get Samba setup as a member of AD. Following the instructions I was able to get the samba server added to the AD. When I run wbinfo -g for example, I see all of the groups on the AD. If I do something like kinit with my AD login, I enter my password and it works. I enter a bad AD password and it fails. So I think alot of this is setup. My problem is I

I am trying to add a (CentOS4.4) Samba-3.0.23d server to a AD Win2K3 domain and the following error occurs # /usr/kerberos/bin/kinit administrator@SUBDOM.DOMAIN # net join Using short domain name -- SUBDOM Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for

Hi folks, I have a samba file server joining a Windows 2k AD as member server. I wonder how I can setup the files on the samba share to be modifiable by users, but no one can delete them. Is it possible? linux chattr command doesn't seems to help, and I can only setup windows share permission (full control, read,write) for the samba files from windows interface, not NTFS detailed permissions.

I know it's ridiculous, but I have a userbase where every username has a space in it. IE: "temp user". Is it possible to use samba to authenticate these users? So far I have been able to accept usernames without spaces flawlessly, but not the ones with spaces. Any help would be appreciated, thanks! -- View this message in context:

I am trying to get smb4k (KDE) client working. It displays the computers on the network but not the shares (localhost has the only share that shows up :-(). The command line may give a clue. This works: # smbclient -L //compaq but it prompts me for a password but I can just press return to get a list of shares.

What is the difference between %u and %U? The documentation says they both return the value of the connected username, but will they return different values? James Dinkel Network Engineer Butler County of Kansas There are 10 types of people in the world: those who understand binary, and those who don't.

I am trying to join a samba 3 server to a Windows domain. Samba is configured, but when I try to join the domain using the net command net ads join -UAdministrator%password I get net: not found Is there something I'm missing? greg@getpaid.com

Hello! Can anybody tell me what is the meaning of following logs (/var/log/messages). Feb 28 09:16:10 espl nmbd[3086]: process_local_master_announce: Server VINAY at IP 192.168.10.50 is announcing itself as a local master browser for workgroup EXCELIZE and we think we are master. Forcing election. Feb 28 09:16:10 espl nmbd[3086]: Samba name server ESPL has stopped being a local

Samsung OfficeServ for OS500 PBX cannot run - 'Run-time error 3633' err:iphlpapi:getRouteTable Received unsupported sockaddr family 0x12 err:iphlpapi:getRouteTable Unexpected address type 0x10 err:iphlpapi:getRouteTable Unexpected address type 0x20 err:iphlpapi:getRouteTable Received unsupported sockaddr family 0x12 err:iphlpapi:getRouteTable Unexpected address type 0x10

Hello, I've got a FreeBSD 5.5 box running Samba 3.0.21 and every-time I try to do a "mount -t smbfs -o username=username,password=password // server/share /mnt/folder" I get the error "smbfs: -o username=: option not supported". I've google'd this with no luck... any help in the right direction is appreciated. --- Jason Zondor

Stupid question ahead background: Our office is moving, and we are currently using a samba server with an aging nt4 pdc. The NT4 will not be a part of the new network, either we replace it or promote the samba (3.0.21c AFAIK) to pdc. To me the obvious choice is to install ldap and promote the samba server to pdc, but... (OK, here it comes...) It is a bit tempting to replace the nt4 pdc

We have this working. however Some developers edit files using "windows editors" and when they then copy them to the Windows Drive Letter which is mapped to a Unix machine, the resultant file is full of ^M characters..... build breaks..... and so on Until now we have been telling users to run "dos2unix" beforehand, but somebody told me that "Samba" can

Hello! I have direstory with following acl: getfacl Visio2002 # file: Visio2002 # owner: ilyin # group: ilyin user::rwx user:dm:rwx user:pitomtsev:rwx user:nap:rwx user:mav:rwx user:goi:rwx user:ilyin:rwx user:huzyahmetov:rwx group::r-x group:common:r-x mask::rwx other::--- default:user::rwx default:user:pitomtsev:rwx default:user:nap:rwx default:user:mav:rwx default:user:goi:rwx