Trusted domain user login
in [Samba]
|
Prev: inotify trouble
Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3
From: Carlos Lorenzo Matés on 25 Jan 2008 13:10 Hi. El Viernes, 25 de Enero de 2008, Jay Santillan escribió: > Greetings, > > We are currently experiencing logon problems with a trusted domain user(s). > > Example: We have DomainA and DomainB > DomainA and DomainB both have workstations joined on their respective > domain. > DomainA and DomainB both have trust relationships. DomainA trusts DomainB > and vise versa. > DomainA is where being served by a Samba PDC, while DomainB has a PDC using > Windows NT 4.0 Server > We have a similar problem We are unable to estabilish a full bi directional trust between an NT domain and a smaba domain we can make the NT to trust the samba, but not in the reverse, the samba is not able to estabilish the trust with the NT in version 3.0.24 this make not much trouble as the system seems to work like the trust is correctly established, but in 3.0.25 through 3.0.28 does not work, and makes the samba browsing to lag continuously when we make net rpc trustdom establish NTDOMAIN ntpassword the system says that the trust could not be verified when we make net rpc trustdom list the system says trusted domains NTDOMAIN none trusting domains NTDOMAIN from the NT the trust seems to be estabilished but the reality is that the NT server is unable to browse the samba shares without entering a true samba user and password where you able to set the trust right? thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com
From: Thorkil Olesen on 25 Jan 2008 14:00 Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > We are unable to estabilish a full bi directional trust between an NT domain > and a smaba domain > > we can make the NT to trust the samba, but not in the reverse, the samba is > not able to estabilish the trust with the NT Try to manually authenticate a user from the NT-domain at the samba-server using wbinfo -a If that succeeds then try to access a samba-share with that user. It will not solve the problem, but it may point out where the problem is. -- Thorkil Olesen. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 25 Jan 2008 14:30 Hi. El Viernes, 25 de Enero de 2008, Thorkil Olesen escribió: > Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > > We are unable to estabilish a full bi directional trust between an NT > > domain and a smaba domain > > > > we can make the NT to trust the samba, but not in the reverse, the samba > > is not able to estabilish the trust with the NT > > Try to manually authenticate a user from the NT-domain at the samba-server > using wbinfo -a > > If that succeeds then try to access a samba-share with that user. > > It will not solve the problem, but it may point out where the problem is. > how? log in a shell in the samba server and use wbinfo -a from there? i'll try this on monday. Many Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com
From: Jay Santillan on 27 Jan 2008 21:10 Greetings! To check trustdomains, i used the following to check: ----------------------------------------------------------------------------------------- [root(a)aphrodite ~]# net rpc trustdom list -U Administrator Password: Trusted domains list: RLDP_DESIGN3 S-1-5-21-1368937059-1125409327-331614939 RLDP_NT S-1-5-21-835351122-509441910-1850952788 none Trusting domains list: RLDP_NT S-1-5-21-835351122-509441910-1850952788 RLDP_DESIGN3 S-1-5-21-1368937059-1125409327-331614939 ------------------------------------------------------------------------------ Then, i also tried wbinfo -a, if samba could authenticate trusted domain users properly. ---------------------------------------------------------------------------------- [root(a)aphrodite ~]# wbinfo -a rldp_nt\\jay%secret plaintext password authentication succeeded challenge/response password authentication succeeded ---------------------------------------------------------------------------------- It seems to be running ok. I tried to set debug level to 10 and tried to look at the log files. I may have found something. On the logfile, the profile path, logon script and dir drive seems to be blank. I suspect that these might be the problem. If this is, any ideas what might have caused it? [2008/01/25 21:58:44, 10] passdb/pdb_get_set.c:pdb_set_logon_script(626) pdb_set_logon_script: setting logon script , was default.bat [2008/01/25 21:58:44, 10] passdb/pdb_get_set.c:pdb_set_profile_path(649) pdb_set_profile_path: setting profile path , was \\aphrodite\profiles\RLDP_NT\jay [2008/01/25 21:58:44, 10] passdb/pdb_get_set.c:pdb_set_homedir(696) pdb_set_homedir: setting home dir , was \\aphrodite\home\RLDP_NT\jay [2008/01/25 21:58:44, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(672) pdb_set_dir_drive: setting dir drive , was G: thanks regards, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Carlos Lorenzo Matés on 28 Jan 2008 15:30 Hi. El Viernes, 25 de Enero de 2008, Thorkil Olesen escribió: > Carlos Lorenzo Matés <clmates <at> mundo-r.com> writes: > > We are unable to estabilish a full bi directional trust between an NT > > domain and a smaba domain > > > > we can make the NT to trust the samba, but not in the reverse, the samba > > is not able to estabilish the trust with the NT > > Try to manually authenticate a user from the NT-domain at the samba-server > using wbinfo -a > > If that succeeds then try to access a samba-share with that user. > > It will not solve the problem, but it may point out where the problem is. I have logged in the samba server as root and tried this myserver:~ # wbinfo -a clorenzo%myrealpassword plaintext password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user clorenzo%myrealpassword with plaintext password challenge/response password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user clorenzo with challenge/response And if i try logged as my user it says clorenzo(a)myserver:~> wbinfo -a clorenzo%myrealpassword plaintext password authentication failed error code was NT_STATUS_INVALID_HANDLE (0xc0000008) error messsage was: Invalid handle Could not authenticate user clorenzo%myrealpassword with plaintext password challenge/response password authentication failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) error messsage was: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. Could not authenticate user clorenzo with challenge/response wbinfo -u and wbinfo -g gets right the list of users and groups from the NT domain Thanks -- Un saludo. Carlos Lorenzo Matés. clmates AT mundo-r DOT com
|
Next
|
Last
Pages: 1 2 3 Prev: inotify trouble Next: [Samba] possible repost: Samba 3.28 compilation fails, locking unavailable on FreeBSD 6.3 |