AD Auth Trusted Domain issues
in [Samba]
|
From: Paul Lauss on 30 Mar 2010 10:10 Hello, Thank you so much for your reply! We are using AD 2003 R2 on both the domain and the child domain. I am using 10000-29999 for IDs on the main domain (RDOMAIN) and 30000-100000 on the child domain (KID). Interestingly, in the Unix tab (in AD Users and Computers for any object) under "NIS Domain" on any of the RDOMAIN servers we get the pulldown option "RDOMAIN" but on the Trusted domains server the only option is "KID". I'm not sure if that is expected or would affect this but I can't seem to get the RDOMAIN option in the KID Trusted domain. Thanks, -Paul On 3/30/2010 2:27 AM, François Legal wrote: > Hello, > > I'm not familiar with this kind of setup, but I wonder whether or not the > KID domain has the SFU schema extensions setup for idmapping (see idmap > backend = ad) and if porperly setup, check that the defined uid/gid for > that domain fall in the idmap uid range > > François > > On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss <plauss(a)protocolgs.com> > wrote: > >> I have been killing myself on this issue over the last 2 weeks. I have >> setup pam AD authentication using winbind on our companies email >> servers. That part is currently working. I have been trying to add an >> existing "Trusted" child domain and allow authentication from that >> domain as well. I am part of the way there, but not quite to the >> functional point as of yet. Our primary domain is rdomainprv or >> rdomain.prv and the child domain is kid.rdomain.prv. Below is what I am >> seeing, followed by my configs. Also, we had to open ports 88, 139 and >> 389 (I believe those are the correct ports, though the networking guys >> opened them) from the email/winbind server to the child domain, at the >> firewall. Any help would be very much appreciated! >> >> mailtestbed:~# wbinfo --all-domains >> BUILTIN >> MAILTESTBED >> RDOMAINPRV >> KID >> >> mailtestbed:~# wbinfo -u | grep testuser >> KID\testuser >> >> mailtestbed:~# wbinfo -a KID\\testuser%password >> plaintext password authentication succeeded >> challenge/response password authentication succeeded >> >> Here is where it's falling apart: >> mailtestbed:~# wbinfo -i KID\\testuser >> Could not get info for user KID\testuser >> >> mailtestbed:~# id KID\\testuser >> id: KID\testuser: No such user >> >> mailtestbed:~# id testuser >> id: testuser: No such user >> >> mailtestbed:~# getent passwd KID\\testuser >> mailtestbed:~# >> >> mailtestbed:~# getent passwd testuser >> mailtestbed:~# >> >> mailtestbed:~# id RDOMAINPRV\\testmer >> uid=10001(testmer) gid=10001 groups=999(users) >> >> mailtestbed:~# getent passwd RDOMAINPRV\\testmer >> testmer:*:10001:10001::/home/testmer:/bin/bash >> >> mailtestbed:~# wbinfo -i RDOMAINPRV\\testmer >> testmer:*:10001:10001::/home/testmer:/bin/bash >> >> Versions (Debian Lenny) >> samba 2:3.2.5-4lenny9 >> winbind 2:3.2.5-4lenny9 >> >> smb.conf >> [global] >> workgroup = RDOMAINPRV >> realm = RDOMAIN.PRV >> server string = %h server >> dns proxy = no >> name resolve order = lmhosts host wins bcast >> log file = /var/log/samba/log.%m >> max log size = 1000 >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> security = ADS >> encrypt passwords = yes >> passdb backend = tdbsam >> obey pam restrictions = yes >> unix password sync = yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> pam password change = yes >> allow trusted domains = yes >> winbind trusted domains only = no >> idmap backend = ad >> idmap uid = 10000-1000000 >> idmap gid = 10000-1000000 >> template homedir = /home/%U >> winbind use default domain = yes >> winbind nss info = rfc2307 >> winbind nested groups = yes >> client use spnego = yes >> client ntlmv2 auth = yes >> restrict anonymous = 2 >> winbind enum groups = no >> winbind enum users = no >> winbind cache time = 30 >> >> krb5.conf >> [libdefaults] >> default_realm = RDOMAIN.PRV >> krb4_config = /etc/krb.conf >> krb4_realms = /etc/krb.realms >> kdc_timesync = 1 >> ccache_type = 4 >> forwardable = true >> proxiable = true >> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 >> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 >> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >> permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 >> des-cbc-crc des-cbc-md5 >> v4_instance_resolve = false >> v4_name_convert = { >> host = { >> rcmd = host >> ftp = ftp >> } >> plain = { >> something = something-else >> } >> } >> fcc-mit-ticketflags = true >> [realms] >> RDOMAIN.PRV = { >> default_domain = RDOMAIN.PRV >> master_kdc = dc02.rdomain.prv >> admin_server = dc02.rdomain.prv >> kdc = aurad.rdomain.prv >> kdc = addc01.rdomain.prv >> kdc = addc02.rdomain.prv >> kdc = addc03.rdomain.prv >> #kdc = addc04.rdomain.prv >> kdc = addc05.rdomain.prv >> kdc = chlddc01.kid.rdomain.prv >> } >> KID.RDOMAIN.PRV = { >> default_domain = KID.RDOMAIN.PRV >> kdc = chlddc01.kid.rdomain.prv >> master_kdc = addc02.rdomain.prv >> admin_server = addc02.rdomain.prv >> kdc = addc01.rdomain.prv >> kdc = addc02.rdomain.prv >> } >> [domain_realm] >> .rdomain.prv = RDOMAIN.PRV >> rdomain.prv = RDOMAIN.PRV >> .kid.rdomain.prv = KID.RDOMAIN.PRV >> kid.rdomain.prv = KID.RDOMAIN.PRV >> [kdc] >> profile = /var/kerberos/krb5kdc/kdc.conf >> [appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> validate = true >> } >> [login] >> krb4_convert = true >> krb4_get_tickets = false >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Paul Lauss on 30 Mar 2010 14:30 The trust check succeeded... I have attached the pertinent logs... it looks like it is timing out... I am not sure why though. The link should be a little slower but it shouldn't be terrible, it is a 2Mb pipe. mailtestbed:~# wbinfo -t checking the trust secret via RPC calls succeeded On 3/30/2010 9:47 AM, François Legal wrote: > I'm not sure to 100% understand what you mean (it's been a long time since > I last used an AD server with SFU). > However, next step now will be to increase winbindd debug level while > issuing the wbinfo -i command, and see what fails there. > > Try first an wbinfo -t, then if it succeeds, increase winbindd verbosity. > > François > > On Tue, 30 Mar 2010 09:09:09 -0500, Paul Lauss <plauss(a)protocolgs.com> > wrote: > >> Hello, >> Thank you so much for your reply! We are using AD 2003 R2 on both the >> domain and the child domain. I am using 10000-29999 for IDs on the main >> domain (RDOMAIN) and 30000-100000 on the child domain (KID). >> Interestingly, in the Unix tab (in AD Users and Computers for any >> object) under "NIS Domain" on any of the RDOMAIN servers we get the >> pulldown option "RDOMAIN" but on the Trusted domains server the only >> option is "KID". I'm not sure if that is expected or would affect this >> but I can't seem to get the RDOMAIN option in the KID Trusted domain. >> >> Thanks, >> -Paul >> >> On 3/30/2010 2:27 AM, François Legal wrote: >> >>> Hello, >>> >>> I'm not familiar with this kind of setup, but I wonder whether or not >>> > the > >>> KID domain has the SFU schema extensions setup for idmapping (see idmap >>> backend = ad) and if porperly setup, check that the defined uid/gid for >>> that domain fall in the idmap uid range >>> >>> François >>> >>> On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss <plauss(a)protocolgs.com> >>> wrote: >>> >>> >>>> I have been killing myself on this issue over the last 2 weeks. I >>>> > have > >>>> setup pam AD authentication using winbind on our companies email >>>> servers. That part is currently working. I have been trying to add >>>> > an > >>>> existing "Trusted" child domain and allow authentication from that >>>> domain as well. I am part of the way there, but not quite to the >>>> functional point as of yet. Our primary domain is rdomainprv or >>>> rdomain.prv and the child domain is kid.rdomain.prv. Below is what I >>>> > am > >>>> seeing, followed by my configs. Also, we had to open ports 88, 139 >>>> > and > >>>> 389 (I believe those are the correct ports, though the networking guys >>>> opened them) from the email/winbind server to the child domain, at the >>>> firewall. Any help would be very much appreciated! >>>> >>>> mailtestbed:~# wbinfo --all-domains >>>> BUILTIN >>>> MAILTESTBED >>>> RDOMAINPRV >>>> KID >>>> >>>> mailtestbed:~# wbinfo -u | grep testuser >>>> KID\testuser >>>> >>>> mailtestbed:~# wbinfo -a KID\\testuser%password >>>> plaintext password authentication succeeded >>>> challenge/response password authentication succeeded >>>> >>>> Here is where it's falling apart: >>>> mailtestbed:~# wbinfo -i KID\\testuser >>>> Could not get info for user KID\testuser >>>> >>>> mailtestbed:~# id KID\\testuser >>>> id: KID\testuser: No such user >>>> >>>> mailtestbed:~# id testuser >>>> id: testuser: No such user >>>> >>>> mailtestbed:~# getent passwd KID\\testuser >>>> mailtestbed:~# >>>> >>>> mailtestbed:~# getent passwd testuser >>>> mailtestbed:~# >>>> >>>> mailtestbed:~# id RDOMAINPRV\\testmer >>>> uid=10001(testmer) gid=10001 groups=999(users) >>>> >>>> mailtestbed:~# getent passwd RDOMAINPRV\\testmer >>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>> >>>> mailtestbed:~# wbinfo -i RDOMAINPRV\\testmer >>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>> >>>> Versions (Debian Lenny) >>>> samba 2:3.2.5-4lenny9 >>>> winbind 2:3.2.5-4lenny9 >>>> >>>> smb.conf >>>> [global] >>>> workgroup = RDOMAINPRV >>>> realm = RDOMAIN.PRV >>>> server string = %h server >>>> dns proxy = no >>>> name resolve order = lmhosts host wins bcast >>>> log file = /var/log/samba/log.%m >>>> max log size = 1000 >>>> syslog = 0 >>>> panic action = /usr/share/samba/panic-action %d >>>> security = ADS >>>> encrypt passwords = yes >>>> passdb backend = tdbsam >>>> obey pam restrictions = yes >>>> unix password sync = yes >>>> passwd program = /usr/bin/passwd %u >>>> passwd chat = *Enter\snew\s*\spassword:* %n\n >>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >>>> pam password change = yes >>>> allow trusted domains = yes >>>> winbind trusted domains only = no >>>> idmap backend = ad >>>> idmap uid = 10000-1000000 >>>> idmap gid = 10000-1000000 >>>> template homedir = /home/%U >>>> winbind use default domain = yes >>>> winbind nss info = rfc2307 >>>> winbind nested groups = yes >>>> client use spnego = yes >>>> client ntlmv2 auth = yes >>>> restrict anonymous = 2 >>>> winbind enum groups = no >>>> winbind enum users = no >>>> >> >>>> winbind cache time = 30 >>>> >>>> krb5.conf >>>> [libdefaults] >>>> default_realm = RDOMAIN.PRV >>>> krb4_config = /etc/krb.conf >>>> krb4_realms = /etc/krb.realms >>>> kdc_timesync = 1 >>>> ccache_type = 4 >>>> forwardable = true >>>> proxiable = true >>>> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 >>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 >>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>> permitted_enctypes = aes256-cts arcfour-hmac-md5 >>>> > des3-hmac-sha1 > >>>> des-cbc-crc des-cbc-md5 >>>> v4_instance_resolve = false >>>> v4_name_convert = { >>>> host = { >>>> rcmd = host >>>> ftp = ftp >>>> } >>>> plain = { >>>> something = something-else >>>> } >>>> } >>>> fcc-mit-ticketflags = true >>>> [realms] >>>> RDOMAIN.PRV = { >>>> default_domain = RDOMAIN.PRV >>>> master_kdc = dc02.rdomain.prv >>>> admin_server = dc02.rdomain.prv >>>> kdc = aurad.rdomain.prv >>>> kdc = addc01.rdomain.prv >>>> kdc = addc02.rdomain.prv >>>> kdc = addc03.rdomain.prv >>>> #kdc = addc04.rdomain.prv >>>> kdc = addc05.rdomain.prv >>>> kdc = chlddc01.kid.rdomain.prv >>>> } >>>> KID.RDOMAIN.PRV = { >>>> default_domain = KID.RDOMAIN.PRV >>>> kdc = chlddc01.kid.rdomain.prv >>>> master_kdc = addc02.rdomain.prv >>>> admin_server = addc02.rdomain.prv >>>> kdc = addc01.rdomain.prv >>>> kdc = addc02.rdomain.prv >>>> } >>>> [domain_realm] >>>> .rdomain.prv = RDOMAIN.PRV >>>> rdomain.prv = RDOMAIN.PRV >>>> .kid.rdomain.prv = KID.RDOMAIN.PRV >>>> kid.rdomain.prv = KID.RDOMAIN.PRV >>>> [kdc] >>>> profile = /var/kerberos/krb5kdc/kdc.conf >>>> [appdefaults] >>>> pam = { >>>> debug = false >>>> ticket_lifetime = 36000 >>>> renew_lifetime = 36000 >>>> forwardable = true >>>> krb4_convert = false >>>> validate = true >>>> } >>>> [login] >>>> krb4_convert = true >>>> krb4_get_tickets = false >>>> >>>>
From: Paul Lauss on 31 Mar 2010 10:10 I am so sorry, I was trying to stay fairly concise... Here is the whole log file I extracted. On 3/30/2010 1:56 PM, devel(a)thom.fr.eu.org wrote: > Could you provide the part that you removed, I can see that winbind is trying to connect to chlddc01.kid.rdomain.prv for domain kid, but then you removed that part of the transaction, and we end up with some info returned from main domain dc. > > François > > -----Message d'origine----- > De : samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] De la part de Paul Lauss > Envoyé : mardi 30 mars 2010 20:23 > à : samba(a)lists.samba.org > Objet : Re: [Samba] AD Auth Trusted Domain issues > > The trust check succeeded... I have attached the pertinent logs... it looks like it is timing out... I am not sure why though. The link should be a little slower but it shouldn't be terrible, it is a 2Mb pipe. > > mailtestbed:~# wbinfo -t > checking the trust secret via RPC calls succeeded > > On 3/30/2010 9:47 AM, François Legal wrote: > >> I'm not sure to 100% understand what you mean (it's been a long time >> since I last used an AD server with SFU). >> However, next step now will be to increase winbindd debug level while >> issuing the wbinfo -i command, and see what fails there. >> >> Try first an wbinfo -t, then if it succeeds, increase winbindd verbosity. >> >> François >> >> On Tue, 30 Mar 2010 09:09:09 -0500, Paul Lauss <plauss(a)protocolgs.com> >> wrote: >> >> >>> Hello, >>> Thank you so much for your reply! We are using AD 2003 R2 on both >>> the domain and the child domain. I am using 10000-29999 for IDs on >>> the main domain (RDOMAIN) and 30000-100000 on the child domain (KID). >>> Interestingly, in the Unix tab (in AD Users and Computers for any >>> object) under "NIS Domain" on any of the RDOMAIN servers we get the >>> pulldown option "RDOMAIN" but on the Trusted domains server the only >>> option is "KID". I'm not sure if that is expected or would affect >>> this but I can't seem to get the RDOMAIN option in the KID Trusted domain. >>> >>> Thanks, >>> -Paul >>> >>> On 3/30/2010 2:27 AM, François Legal wrote: >>> >>> >>>> Hello, >>>> >>>> I'm not familiar with this kind of setup, but I wonder whether or >>>> not >>>> >>>> >> the >> >> >>>> KID domain has the SFU schema extensions setup for idmapping (see >>>> idmap backend = ad) and if porperly setup, check that the defined >>>> uid/gid for that domain fall in the idmap uid range >>>> >>>> François >>>> >>>> On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss >>>> <plauss(a)protocolgs.com> >>>> wrote: >>>> >>>> >>>> >>>>> I have been killing myself on this issue over the last 2 weeks. I >>>>> >>>>> >> have >> >> >>>>> setup pam AD authentication using winbind on our companies email >>>>> servers. That part is currently working. I have been trying to >>>>> add >>>>> >>>>> >> an >> >> >>>>> existing "Trusted" child domain and allow authentication from that >>>>> domain as well. I am part of the way there, but not quite to the >>>>> functional point as of yet. Our primary domain is rdomainprv or >>>>> rdomain.prv and the child domain is kid.rdomain.prv. Below is what >>>>> I >>>>> >>>>> >> am >> >> >>>>> seeing, followed by my configs. Also, we had to open ports 88, 139 >>>>> >>>>> >> and >> >> >>>>> 389 (I believe those are the correct ports, though the networking >>>>> guys opened them) from the email/winbind server to the child >>>>> domain, at the firewall. Any help would be very much appreciated! >>>>> >>>>> mailtestbed:~# wbinfo --all-domains BUILTIN MAILTESTBED RDOMAINPRV >>>>> KID >>>>> >>>>> mailtestbed:~# wbinfo -u | grep testuser KID\testuser >>>>> >>>>> mailtestbed:~# wbinfo -a KID\\testuser%password plaintext password >>>>> authentication succeeded challenge/response password authentication >>>>> succeeded >>>>> >>>>> Here is where it's falling apart: >>>>> mailtestbed:~# wbinfo -i KID\\testuser Could not get info for user >>>>> KID\testuser >>>>> >>>>> mailtestbed:~# id KID\\testuser >>>>> id: KID\testuser: No such user >>>>> >>>>> mailtestbed:~# id testuser >>>>> id: testuser: No such user >>>>> >>>>> mailtestbed:~# getent passwd KID\\testuser mailtestbed:~# >>>>> >>>>> mailtestbed:~# getent passwd testuser mailtestbed:~# >>>>> >>>>> mailtestbed:~# id RDOMAINPRV\\testmer >>>>> uid=10001(testmer) gid=10001 groups=999(users) >>>>> >>>>> mailtestbed:~# getent passwd RDOMAINPRV\\testmer >>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>> >>>>> mailtestbed:~# wbinfo -i RDOMAINPRV\\testmer >>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>> >>>>> Versions (Debian Lenny) >>>>> samba 2:3.2.5-4lenny9 >>>>> winbind 2:3.2.5-4lenny9 >>>>> >>>>> smb.conf >>>>> [global] >>>>> workgroup = RDOMAINPRV >>>>> realm = RDOMAIN.PRV >>>>> server string = %h server >>>>> dns proxy = no >>>>> name resolve order = lmhosts host wins bcast >>>>> log file = /var/log/samba/log.%m >>>>> max log size = 1000 >>>>> syslog = 0 >>>>> panic action = /usr/share/samba/panic-action %d >>>>> security = ADS >>>>> encrypt passwords = yes >>>>> passdb backend = tdbsam >>>>> obey pam restrictions = yes >>>>> unix password sync = yes >>>>> passwd program = /usr/bin/passwd %u >>>>> passwd chat = *Enter\snew\s*\spassword:* %n\n >>>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >>>>> pam password change = yes >>>>> allow trusted domains = yes >>>>> winbind trusted domains only = no >>>>> idmap backend = ad >>>>> idmap uid = 10000-1000000 >>>>> idmap gid = 10000-1000000 >>>>> template homedir = /home/%U >>>>> winbind use default domain = yes >>>>> winbind nss info = rfc2307 >>>>> winbind nested groups = yes >>>>> client use spnego = yes >>>>> client ntlmv2 auth = yes >>>>> restrict anonymous = 2 >>>>> winbind enum groups = no >>>>> winbind enum users = no >>>>> >>>>> >>> >>> >>>>> winbind cache time = 30 >>>>> >>>>> krb5.conf >>>>> [libdefaults] >>>>> default_realm = RDOMAIN.PRV >>>>> krb4_config = /etc/krb.conf >>>>> krb4_realms = /etc/krb.realms >>>>> kdc_timesync = 1 >>>>> ccache_type = 4 >>>>> forwardable = true >>>>> proxiable = true >>>>> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 >>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 >>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>> permitted_enctypes = aes256-cts arcfour-hmac-md5 >>>>> >>>>> >> des3-hmac-sha1 >> >> >>>>> des-cbc-crc des-cbc-md5 >>>>> v4_instance_resolve = false >>>>> v4_name_convert = { >>>>> host = { >>>>> rcmd = host >>>>> ftp = ftp >>>>> } >>>>> plain = { >>>>> something = something-else >>>>> } >>>>> } >>>>> fcc-mit-ticketflags = true >>>>> [realms] >>>>> RDOMAIN.PRV = { >>>>> default_domain = RDOMAIN.PRV >>>>> master_kdc = dc02.rdomain.prv >>>>> admin_server = dc02.rdomain.prv >>>>> kdc = aurad.rdomain.prv >>>>> kdc = addc01.rdomain.prv >>>>> kdc = addc02.rdomain.prv >>>>> kdc = addc03.rdomain.prv >>>>> #kdc = addc04.rdomain.prv >>>>> kdc = addc05.rdomain.prv >>>>> kdc = chlddc01.kid.rdomain.prv >>>>> } >>>>> KID.RDOMAIN.PRV = { >>>>> default_domain = KID.RDOMAIN.PRV >>>>> kdc = chlddc01.kid.rdomain.prv >>>>> master_kdc = addc02.rdomain.prv >>>>> admin_server = addc02.rdomain.prv >>>>> kdc = addc01.rdomain.prv >>>>> kdc = addc02.rdomain.prv >>>>> } >>>>> [domain_realm] >>>>> .rdomain.prv = RDOMAIN.PRV >>>>> rdomain.prv = RDOMAIN.PRV >>>>> .kid.rdomain.prv = KID.RDOMAIN.PRV >>>>> kid.rdomain.prv = KID.RDOMAIN.PRV [kdc] profile = >>>>> /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { >>>>> debug = false >>>>> ticket_lifetime = 36000 >>>>> renew_lifetime = 36000 >>>>> forwardable = true >>>>> krb4_convert = false >>>>> validate = true >>>>> } >>>>> [login] >>>>> krb4_convert = true >>>>> krb4_get_tickets = false >>>>> >>>>> >>>>> >
From: Paul Lauss on 1 Apr 2010 10:00 We have corrected the issues of "KID" not being native but this does not seem to have helped. We did however see this error in the Windows Event Viewer at the point that I am trying to make the connection. I am not certain what it means that there are no logon servers available... Thoughts? Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 3/31/2010 Time: 3:19:00 AM User: N/A Computer: CHLDDC01 Description: The Security System detected an authentication error for the server ldap/chlddc01.kid.rdomain.prv. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request. (0xc000005e)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 5e 00 00 c0 ^..à On 3/30/2010 6:20 PM, devel(a)thom.fr.eu.org wrote: > So, as I already told you, I'm not familiar with that kind of setup. > > From what I could see, the fact that domain KID is not in ADS native may be the problem as you've got security = ADS and that expects native mode. > > You should try to go back to the list to confirm that. Your setup does not seem to be that odd, I could read lots of people trying (successfully for most of them if I remember correctly) to accomplish that kind of things. > > Sorry to not be able to help you more. > > François > > -----Message d'origine----- > De : Paul Lauss [mailto:plauss(a)protocolgs.com] > Envoyé : mardi 30 mars 2010 23:26 > à : devel(a)thom.fr.eu.org > Objet : Fwd: Re: [Samba] AD Auth Trusted Domain issues > > This didn't seem to go through the listserv... > > > I am so sorry, I was trying to stay fairly concise... Here is the whole log file I extracted. > > On 3/30/2010 1:56 PM, devel(a)thom.fr.eu.org wrote: > >> Could you provide the part that you removed, I can see that winbind is trying to connect to chlddc01.kid.rdomain.prv for domain kid, but then you removed that part of the transaction, and we end up with some info returned from main domain dc. >> >> François >> >> -----Message d'origine----- >> De : samba-bounces(a)lists.samba.org >> [mailto:samba-bounces(a)lists.samba.org] De la part de Paul Lauss Envoyé >> : mardi 30 mars 2010 20:23 à : samba(a)lists.samba.org Objet : Re: >> [Samba] AD Auth Trusted Domain issues >> >> The trust check succeeded... I have attached the pertinent logs... it looks like it is timing out... I am not sure why though. The link should be a little slower but it shouldn't be terrible, it is a 2Mb pipe. >> >> mailtestbed:~# wbinfo -t >> checking the trust secret via RPC calls succeeded >> >> On 3/30/2010 9:47 AM, François Legal wrote: >> >> >>> I'm not sure to 100% understand what you mean (it's been a long time >>> since I last used an AD server with SFU). >>> However, next step now will be to increase winbindd debug level while >>> issuing the wbinfo -i command, and see what fails there. >>> >>> Try first an wbinfo -t, then if it succeeds, increase winbindd verbosity. >>> >>> François >>> >>> On Tue, 30 Mar 2010 09:09:09 -0500, Paul Lauss >>> <plauss(a)protocolgs.com> >>> wrote: >>> >>> >>> >>>> Hello, >>>> Thank you so much for your reply! We are using AD 2003 R2 on both >>>> the domain and the child domain. I am using 10000-29999 for IDs on >>>> the main domain (RDOMAIN) and 30000-100000 on the child domain (KID). >>>> Interestingly, in the Unix tab (in AD Users and Computers for any >>>> object) under "NIS Domain" on any of the RDOMAIN servers we get the >>>> pulldown option "RDOMAIN" but on the Trusted domains server the only >>>> option is "KID". I'm not sure if that is expected or would affect >>>> this but I can't seem to get the RDOMAIN option in the KID Trusted domain. >>>> >>>> Thanks, >>>> -Paul >>>> >>>> On 3/30/2010 2:27 AM, François Legal wrote: >>>> >>>> >>>> >>>>> Hello, >>>>> >>>>> I'm not familiar with this kind of setup, but I wonder whether or >>>>> not >>>>> >>>>> >>>>> >>> the >>> >>> >>> >>>>> KID domain has the SFU schema extensions setup for idmapping (see >>>>> idmap backend = ad) and if porperly setup, check that the defined >>>>> uid/gid for that domain fall in the idmap uid range >>>>> >>>>> François >>>>> >>>>> On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss >>>>> <plauss(a)protocolgs.com> >>>>> wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> I have been killing myself on this issue over the last 2 weeks. I >>>>>> >>>>>> >>>>>> >>> have >>> >>> >>> >>>>>> setup pam AD authentication using winbind on our companies email >>>>>> servers. That part is currently working. I have been trying to >>>>>> add >>>>>> >>>>>> >>>>>> >>> an >>> >>> >>> >>>>>> existing "Trusted" child domain and allow authentication from that >>>>>> domain as well. I am part of the way there, but not quite to the >>>>>> functional point as of yet. Our primary domain is rdomainprv or >>>>>> rdomain.prv and the child domain is kid.rdomain.prv. Below is >>>>>> what I >>>>>> >>>>>> >>>>>> >>> am >>> >>> >>> >>>>>> seeing, followed by my configs. Also, we had to open ports 88, >>>>>> 139 >>>>>> >>>>>> >>>>>> >>> and >>> >>> >>> >>>>>> 389 (I believe those are the correct ports, though the networking >>>>>> guys opened them) from the email/winbind server to the child >>>>>> domain, at the firewall. Any help would be very much appreciated! >>>>>> >>>>>> mailtestbed:~# wbinfo --all-domains BUILTIN MAILTESTBED RDOMAINPRV >>>>>> KID >>>>>> >>>>>> mailtestbed:~# wbinfo -u | grep testuser KID\testuser >>>>>> >>>>>> mailtestbed:~# wbinfo -a KID\\testuser%password plaintext password >>>>>> authentication succeeded challenge/response password >>>>>> authentication succeeded >>>>>> >>>>>> Here is where it's falling apart: >>>>>> mailtestbed:~# wbinfo -i KID\\testuser Could not get info for user >>>>>> KID\testuser >>>>>> >>>>>> mailtestbed:~# id KID\\testuser >>>>>> id: KID\testuser: No such user >>>>>> >>>>>> mailtestbed:~# id testuser >>>>>> id: testuser: No such user >>>>>> >>>>>> mailtestbed:~# getent passwd KID\\testuser mailtestbed:~# >>>>>> >>>>>> mailtestbed:~# getent passwd testuser mailtestbed:~# >>>>>> >>>>>> mailtestbed:~# id RDOMAINPRV\\testmer >>>>>> uid=10001(testmer) gid=10001 groups=999(users) >>>>>> >>>>>> mailtestbed:~# getent passwd RDOMAINPRV\\testmer >>>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>>> >>>>>> mailtestbed:~# wbinfo -i RDOMAINPRV\\testmer >>>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>>> >>>>>> Versions (Debian Lenny) >>>>>> samba 2:3.2.5-4lenny9 >>>>>> winbind 2:3.2.5-4lenny9 >>>>>> >>>>>> smb.conf >>>>>> [global] >>>>>> workgroup = RDOMAINPRV >>>>>> realm = RDOMAIN.PRV >>>>>> server string = %h server >>>>>> dns proxy = no >>>>>> name resolve order = lmhosts host wins bcast >>>>>> log file = /var/log/samba/log.%m >>>>>> max log size = 1000 >>>>>> syslog = 0 >>>>>> panic action = /usr/share/samba/panic-action %d >>>>>> security = ADS >>>>>> encrypt passwords = yes >>>>>> passdb backend = tdbsam >>>>>> obey pam restrictions = yes >>>>>> unix password sync = yes >>>>>> passwd program = /usr/bin/passwd %u >>>>>> passwd chat = *Enter\snew\s*\spassword:* %n\n >>>>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >>>>>> pam password change = yes >>>>>> allow trusted domains = yes >>>>>> winbind trusted domains only = no >>>>>> idmap backend = ad >>>>>> idmap uid = 10000-1000000 >>>>>> idmap gid = 10000-1000000 >>>>>> template homedir = /home/%U >>>>>> winbind use default domain = yes >>>>>> winbind nss info = rfc2307 >>>>>> winbind nested groups = yes >>>>>> client use spnego = yes >>>>>> client ntlmv2 auth = yes >>>>>> restrict anonymous = 2 >>>>>> winbind enum groups = no >>>>>> winbind enum users = no >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >>>>>> winbind cache time = 30 >>>>>> >>>>>> krb5.conf >>>>>> [libdefaults] >>>>>> default_realm = RDOMAIN.PRV >>>>>> krb4_config = /etc/krb.conf >>>>>> krb4_realms = /etc/krb.realms >>>>>> kdc_timesync = 1 >>>>>> ccache_type = 4 >>>>>> forwardable = true >>>>>> proxiable = true >>>>>> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 >>>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>>> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 >>>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>>> permitted_enctypes = aes256-cts arcfour-hmac-md5 >>>>>> >>>>>> >>>>>> >>> des3-hmac-sha1 >>> >>> >>> >>>>>> des-cbc-crc des-cbc-md5 >>>>>> v4_instance_resolve = false >>>>>> v4_name_convert = { >>>>>> host = { >>>>>> rcmd = host >>>>>> ftp = ftp >>>>>> } >>>>>> plain = { >>>>>> something = something-else >>>>>> } >>>>>> } >>>>>> fcc-mit-ticketflags = true [realms] >>>>>> RDOMAIN.PRV = { >>>>>> default_domain = RDOMAIN.PRV >>>>>> master_kdc = dc02.rdomain.prv >>>>>> admin_server = dc02.rdomain.prv >>>>>> kdc = aurad.rdomain.prv >>>>>> kdc = addc01.rdomain.prv >>>>>> kdc = addc02.rdomain.prv >>>>>> kdc = addc03.rdomain.prv >>>>>> #kdc = addc04.rdomain.prv >>>>>> kdc = addc05.rdomain.prv >>>>>> kdc = chlddc01.kid.rdomain.prv >>>>>> } >>>>>> KID.RDOMAIN.PRV = { >>>>>> default_domain = KID.RDOMAIN.PRV >>>>>> kdc = chlddc01.kid.rdomain.prv >>>>>> master_kdc = addc02.rdomain.prv >>>>>> admin_server = addc02.rdomain.prv >>>>>> kdc = addc01.rdomain.prv >>>>>> kdc = addc02.rdomain.prv >>>>>> } >>>>>> [domain_realm] >>>>>> .rdomain.prv = RDOMAIN.PRV >>>>>> rdomain.prv = RDOMAIN.PRV >>>>>> .kid.rdomain.prv = KID.RDOMAIN.PRV >>>>>> kid.rdomain.prv = KID.RDOMAIN.PRV [kdc] profile = >>>>>> /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { >>>>>> debug = false >>>>>> ticket_lifetime = 36000 >>>>>> renew_lifetime = 36000 >>>>>> forwardable = true >>>>>> krb4_convert = false >>>>>> validate = true >>>>>> } >>>>>> [login] >>>>>> krb4_convert = true >>>>>> krb4_get_tickets = false >>>>>> >>>>>> >>>>>> >>>>>> >> >> > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Paul Lauss on 2 Apr 2010 15:00 Greetings, I figured out that since we made KID ADS native I have been able to query for the SID successfully. I was unable to do that before. wbinfo -n testuser actually returns a sid but it doesn't seem to want to map it to anything so I am thinking my issue may be with how I am configuring idmap. Any thoughts or suggestions? Thanks, -Paul On 4/1/2010 8:55 AM, Paul Lauss wrote: > We have corrected the issues of "KID" not being native but this does not > seem to have helped. We did however see this error in the Windows Event > Viewer at the point that I am trying to make the connection. I am not > certain what it means that there are no logon servers available... > Thoughts? > > Event Type: Warning > Event Source: LSASRV > Event Category: SPNEGO (Negotiator) > Event ID: 40960 > Date: 3/31/2010 > Time: 3:19:00 AM > User: N/A > Computer: CHLDDC01 > Description: > The Security System detected an authentication error for the server > ldap/chlddc01.kid.rdomain.prv. The failure code from authentication > protocol Kerberos was "There are currently no logon servers available to > service the logon request. > (0xc000005e)". > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > Data: > 0000: 5e 00 00 c0 ^..à > > > On 3/30/2010 6:20 PM, devel(a)thom.fr.eu.org wrote: > >> So, as I already told you, I'm not familiar with that kind of setup. >> >> From what I could see, the fact that domain KID is not in ADS native may be the problem as you've got security = ADS and that expects native mode. >> >> You should try to go back to the list to confirm that. Your setup does not seem to be that odd, I could read lots of people trying (successfully for most of them if I remember correctly) to accomplish that kind of things. >> >> Sorry to not be able to help you more. >> >> François >> >> -----Message d'origine----- >> De : Paul Lauss [mailto:plauss(a)protocolgs.com] >> Envoyé : mardi 30 mars 2010 23:26 >> à : devel(a)thom.fr.eu.org >> Objet : Fwd: Re: [Samba] AD Auth Trusted Domain issues >> >> This didn't seem to go through the listserv... >> >> >> I am so sorry, I was trying to stay fairly concise... Here is the whole log file I extracted. >> >> On 3/30/2010 1:56 PM, devel(a)thom.fr.eu.org wrote: >> >> >>> Could you provide the part that you removed, I can see that winbind is trying to connect to chlddc01.kid.rdomain.prv for domain kid, but then you removed that part of the transaction, and we end up with some info returned from main domain dc. >>> >>> François >>> >>> -----Message d'origine----- >>> De : samba-bounces(a)lists.samba.org >>> [mailto:samba-bounces(a)lists.samba.org] De la part de Paul Lauss Envoyé >>> : mardi 30 mars 2010 20:23 à : samba(a)lists.samba.org Objet : Re: >>> [Samba] AD Auth Trusted Domain issues >>> >>> The trust check succeeded... I have attached the pertinent logs... it looks like it is timing out... I am not sure why though. The link should be a little slower but it shouldn't be terrible, it is a 2Mb pipe. >>> >>> mailtestbed:~# wbinfo -t >>> checking the trust secret via RPC calls succeeded >>> >>> On 3/30/2010 9:47 AM, François Legal wrote: >>> >>> >>> >>>> I'm not sure to 100% understand what you mean (it's been a long time >>>> since I last used an AD server with SFU). >>>> However, next step now will be to increase winbindd debug level while >>>> issuing the wbinfo -i command, and see what fails there. >>>> >>>> Try first an wbinfo -t, then if it succeeds, increase winbindd verbosity. >>>> >>>> François >>>> >>>> On Tue, 30 Mar 2010 09:09:09 -0500, Paul Lauss >>>> <plauss(a)protocolgs.com> >>>> wrote: >>>> >>>> >>>> >>>> >>>>> Hello, >>>>> Thank you so much for your reply! We are using AD 2003 R2 on both >>>>> the domain and the child domain. I am using 10000-29999 for IDs on >>>>> the main domain (RDOMAIN) and 30000-100000 on the child domain (KID). >>>>> Interestingly, in the Unix tab (in AD Users and Computers for any >>>>> object) under "NIS Domain" on any of the RDOMAIN servers we get the >>>>> pulldown option "RDOMAIN" but on the Trusted domains server the only >>>>> option is "KID". I'm not sure if that is expected or would affect >>>>> this but I can't seem to get the RDOMAIN option in the KID Trusted domain. >>>>> >>>>> Thanks, >>>>> -Paul >>>>> >>>>> On 3/30/2010 2:27 AM, François Legal wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Hello, >>>>>> >>>>>> I'm not familiar with this kind of setup, but I wonder whether or >>>>>> not >>>>>> >>>>>> >>>>>> >>>>>> >>>> the >>>> >>>> >>>> >>>> >>>>>> KID domain has the SFU schema extensions setup for idmapping (see >>>>>> idmap backend = ad) and if porperly setup, check that the defined >>>>>> uid/gid for that domain fall in the idmap uid range >>>>>> >>>>>> François >>>>>> >>>>>> On Mon, 29 Mar 2010 17:54:37 -0500, Paul Lauss >>>>>> <plauss(a)protocolgs.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> I have been killing myself on this issue over the last 2 weeks. I >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> have >>>> >>>> >>>> >>>> >>>>>>> setup pam AD authentication using winbind on our companies email >>>>>>> servers. That part is currently working. I have been trying to >>>>>>> add >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> an >>>> >>>> >>>> >>>> >>>>>>> existing "Trusted" child domain and allow authentication from that >>>>>>> domain as well. I am part of the way there, but not quite to the >>>>>>> functional point as of yet. Our primary domain is rdomainprv or >>>>>>> rdomain.prv and the child domain is kid.rdomain.prv. Below is >>>>>>> what I >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> am >>>> >>>> >>>> >>>> >>>>>>> seeing, followed by my configs. Also, we had to open ports 88, >>>>>>> 139 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> and >>>> >>>> >>>> >>>> >>>>>>> 389 (I believe those are the correct ports, though the networking >>>>>>> guys opened them) from the email/winbind server to the child >>>>>>> domain, at the firewall. Any help would be very much appreciated! >>>>>>> >>>>>>> mailtestbed:~# wbinfo --all-domains BUILTIN MAILTESTBED RDOMAINPRV >>>>>>> KID >>>>>>> >>>>>>> mailtestbed:~# wbinfo -u | grep testuser KID\testuser >>>>>>> >>>>>>> mailtestbed:~# wbinfo -a KID\\testuser%password plaintext password >>>>>>> authentication succeeded challenge/response password >>>>>>> authentication succeeded >>>>>>> >>>>>>> Here is where it's falling apart: >>>>>>> mailtestbed:~# wbinfo -i KID\\testuser Could not get info for user >>>>>>> KID\testuser >>>>>>> >>>>>>> mailtestbed:~# id KID\\testuser >>>>>>> id: KID\testuser: No such user >>>>>>> >>>>>>> mailtestbed:~# id testuser >>>>>>> id: testuser: No such user >>>>>>> >>>>>>> mailtestbed:~# getent passwd KID\\testuser mailtestbed:~# >>>>>>> >>>>>>> mailtestbed:~# getent passwd testuser mailtestbed:~# >>>>>>> >>>>>>> mailtestbed:~# id RDOMAINPRV\\testmer >>>>>>> uid=10001(testmer) gid=10001 groups=999(users) >>>>>>> >>>>>>> mailtestbed:~# getent passwd RDOMAINPRV\\testmer >>>>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>>>> >>>>>>> mailtestbed:~# wbinfo -i RDOMAINPRV\\testmer >>>>>>> testmer:*:10001:10001::/home/testmer:/bin/bash >>>>>>> >>>>>>> Versions (Debian Lenny) >>>>>>> samba 2:3.2.5-4lenny9 >>>>>>> winbind 2:3.2.5-4lenny9 >>>>>>> >>>>>>> smb.conf >>>>>>> [global] >>>>>>> workgroup = RDOMAINPRV >>>>>>> realm = RDOMAIN.PRV >>>>>>> server string = %h server >>>>>>> dns proxy = no >>>>>>> name resolve order = lmhosts host wins bcast >>>>>>> log file = /var/log/samba/log.%m >>>>>>> max log size = 1000 >>>>>>> syslog = 0 >>>>>>> panic action = /usr/share/samba/panic-action %d >>>>>>> security = ADS >>>>>>> encrypt passwords = yes >>>>>>> passdb backend = tdbsam >>>>>>> obey pam restrictions = yes >>>>>>> unix password sync = yes >>>>>>> passwd program = /usr/bin/passwd %u >>>>>>> passwd chat = *Enter\snew\s*\spassword:* %n\n >>>>>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >>>>>>> pam password change = yes >>>>>>> allow trusted domains = yes >>>>>>> winbind trusted domains only = no >>>>>>> idmap backend = ad >>>>>>> idmap uid = 10000-1000000 >>>>>>> idmap gid = 10000-1000000 >>>>>>> template homedir = /home/%U >>>>>>> winbind use default domain = yes >>>>>>> winbind nss info = rfc2307 >>>>>>> winbind nested groups = yes >>>>>>> client use spnego = yes >>>>>>> client ntlmv2 auth = yes >>>>>>> restrict anonymous = 2 >>>>>>> winbind enum groups = no >>>>>>> winbind enum users = no >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>> winbind cache time = 30 >>>>>>> >>>>>>> krb5.conf >>>>>>> [libdefaults] >>>>>>> default_realm = RDOMAIN.PRV >>>>>>> krb4_config = /etc/krb.conf >>>>>>> krb4_realms = /etc/krb.realms >>>>>>> kdc_timesync = 1 >>>>>>> ccache_type = 4 >>>>>>> forwardable = true >>>>>>> proxiable = true >>>>>>> default_tgs_enctypes = aes256-cts arcfour-hmac-md5 >>>>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>>>> default_tkt_enctypes = aes256-cts arcfour-hmac-md5 >>>>>>> des3-hmac-sha1 des-cbc-crc des-cbc-md5 >>>>>>> permitted_enctypes = aes256-cts arcfour-hmac-md5 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> des3-hmac-sha1 >>>> >>>> >>>> >>>> >>>>>>> des-cbc-crc des-cbc-md5 >>>>>>> v4_instance_resolve = false >>>>>>> v4_name_convert = { >>>>>>> host = { >>>>>>> rcmd = host >>>>>>> ftp = ftp >>>>>>> } >>>>>>> plain = { >>>>>>> something = something-else >>>>>>> } >>>>>>> } >>>>>>> fcc-mit-ticketflags = true [realms] >>>>>>> RDOMAIN.PRV = { >>>>>>> default_domain = RDOMAIN.PRV >>>>>>> master_kdc = dc02.rdomain.prv >>>>>>> admin_server = dc02.rdomain.prv >>>>>>> kdc = aurad.rdomain.prv >>>>>>> kdc = addc01.rdomain.prv >>>>>>> kdc = addc02.rdomain.prv >>>>>>> kdc = addc03.rdomain.prv >>>>>>> #kdc = addc04.rdomain.prv >>>>>>> kdc = addc05.rdomain.prv >>>>>>> kdc = chlddc01.kid.rdomain.prv >>>>>>> } >>>>>>> KID.RDOMAIN.PRV = { >>>>>>> default_domain = KID.RDOMAIN.PRV >>>>>>> kdc = chlddc01.kid.rdomain.prv >>>>>>> master_kdc = addc02.rdomain.prv >>>>>>> admin_server = addc02.rdomain.prv >>>>>>> kdc = addc01.rdomain.prv >>>>>>> kdc = addc02.rdomain.prv >>>>>>> } >>>>>>> [domain_realm] >>>>>>> .rdomain.prv = RDOMAIN.PRV >>>>>>> rdomain.prv = RDOMAIN.PRV >>>>>>> .kid.rdomain.prv = KID.RDOMAIN.PRV >>>>>>> kid.rdomain.prv = KID.RDOMAIN.PRV [kdc] profile = >>>>>>> /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { >>>>>>> debug = false >>>>>>> ticket_lifetime = 36000 >>>>>>> renew_lifetime = 36000 >>>>>>> forwardable = true >>>>>>> krb4_convert = false >>>>>>> validate = true >>>>>>> } >>>>>>> [login] >>>>>>> krb4_convert = true >>>>>>> krb4_get_tickets = false >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>> >>> >>> >> >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Next
|
Last
Pages: 1 2 Prev: ham,Re: Samba / Lucid / Windows 7 problem Next: Mess-Windows dumbness... |