I have Windows 2008R2 Server acting as Domain Controller for Windows7/XP clients. and CentOS 5.3 Installed configured as Samba Server, I want to make it as ADS member server so any user to login to any machine, and be able to access their Samba share.
View 3 Repliesif there are any repositories with the newest samba version? I'm having a hard time installing it with my W2k8 Server.
View 1 Replies View RelatedI've been working for hours with Samba on Ubuntu Server 9.10 (Samba version 3.4.0), trying to get it setup simply as a fileserver that performs authentication to an NT 4 server (yes, I know, old and out of date). After much struggling, I finally realized that my configuration *was* working when the clients connecting (from XP, and Win2k clients, mostly) were actually joined to the domain (where the PDC is the NT 4 Server) and logged into the domain.For various reasons, many of the Windows clients at this location don't actually log into the domain, even though they have login/passwords that are valid users on the domain and they'll typically have some drives mapped to the PDC.
By the way, I have this working on another Linux box running Samba 3.0.28, so I'm sure it's possible, I'm just lost as to how to do it.I can provide plenty more information if it would help diagnose the situation. Does anyone have an idea of how I can get this to work? I'm sure it's possible, since the exact scenario worked in a recent version of Samba.
I need to connect a Server CentOS 5.6 with DB MySQL with a DB SQL Server 2008 on Windows Server 2008 R2 64bit, but i don't know how to do this.
So that MySQL DB has to import data from SQL Server on Windows Server.
Wanting to join my CentOS5.3 to a windows 2003 active directory. Configured kerberos and samba.
Code:
[libdefaults]
default_realm = domain
dns_lookup_realm = false
[code].....
I've been searching around the web for help and have been really pulling my hair on this one. I have a Windows 2003 Server w/ AD on it. I have two linux machine, both running the same version of RHEL 5 (compute-1, compute-4)
When I log into compute-1, and do an "id dhuynh", I get this:
uid=1501(dhuynh) gid=1500(domain users) groups=1500(domain users),2013(dusers),1501(certsvc_dcom_access),1507 (BUILTIN+users)
When I log into compute-4, do do the same command, I get this:
uid=1500(dhuynh) gid=1504(domain users) groups=1504(domain users),1505(certsvc_dcom_access),1501(BUILTIN+user s)
Notice that the uid and gid are different. How do I get them to be the same? This is affective the file permissions in certain shared directories. I've check /etc/samba/smb.conf and they are identical. I also check /etc/nsswitch.conf and they are identical too.
CentoS 5.5
[root@osra ~]# rpm -q samba3x
samba3x-3.3.8-0.52.el5_5.2
[root@osra ~]# rpm -q krb5-workstation
krb5-workstation-1.6.1-36.el5_5.5
Domain controller windows 2k3 sp3
I follow those guides: [URL] and [URL]. I join the domain, I can test the user
[root@osra ~]# wbinfo -a mbottalico%
plaintext password authentication succeeded
challenge/response password authentication succeeded
[root@osra ~]# wbinfo -u
administrator
guest
krbtgt
[root@osra ~]# wbinfo -g
utenti wins
dhcp users
dhcp administrators
computer del dominio
controller di dominio
getent passwd and group ok without "DOMAIN+"
kinit e klist ok.
I can browser the samba server, but I can enter on "temp", but not in "test" (access denied)
[root@osra ~]# smbclient \\osra\test -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > ls
NT_STATUS_NETWORK_ACCESS_DENIED listing * (I noticed only writing this message)
[root@osra ~]# smbclient \\osra\tmp -U administrator
Enter administrator's password:
Domain=[DOMAINSHORT] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2]
smb: > dir .....
53488 blocks of size 2097152. 49908 blocks available
smb: > q
0 blocks of size 0. 511 blocks available .....
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/03 19:04:39, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID)
wbinfo -s SID (returns proper text group name)
wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a
Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux
lsb_release -a
No LSB modules are available.
[code]....
I am using Samba on the lastest CentOS 5 64bit however the netlogon for windows authentication isn't working.
View 18 Replies View RelatedI had been reading about how to join a samba server to my current PDC running samba+ldap.
My PDC have a BDC and they are working, I want to add another samba server and be a domain member server and get the benefits.
The docs of samba had open my mind about the technical stuff but I still cannot make this thing works.
samba docs
Quote:
Centos 5.6 Samba Version 3.5.4-0.83.el5_7.2 PDC
Centos to 5.7 Version 3.5.4-0.83.el5_7.2 Domain Member
Centos version: 2.6.18-92.el5
Processor:Intel Xeon L5420 Quad-Core
Guest OS:Windows Server 2008 Web
KVM is istalled using these instructions: [URL] When I run qemu-kvm to boot a VM off the Windows Install .iso with the -no-acpi parameter the VM displays the following:
Windows Boot Manager
Windows failed to start...
Status 0xc0000225
Info: Windows failed to load because the firmware (BIOS) is not ACPI compatible
Without the -no-acpi parameter, the Windows Server 2008 guest shows a blue screen with "stop: 0x000000A5" meaning "The ACPI Bios in this system is not fully compliant to the specification." [URL] 386/32bit and x86/64bit versions of CentOs both exhibit the problem. IT WORKS after I compiled and installed the latest versions of the Kernel (2.6.28.7) and KVM (84) (Using these instructions: [URL] Following advice [URL] I really don't want to run a custom kernel. I compiled various KVM versions with the 2.6.18 kernel but still get the ACPI problem or compiler errors or "Hypervisor too old: KVM_CAP_USER_MEMORY extension not supported" How to get a Windows Server 2008 guest running in KVM on Centos?
I have a CentOS + Samba server and Windows XP client machines. Users, passwords and permissions are entered on the server machine.users and passwords ( same as on the server ) are entered in the XP client machine.When attempting to access a public file on the server using a XP client machine and the IP address of my server, I am asked a user name and password and none of the already entered seem to work. I cannot access the server file (prompted again and again to enter user name and password). What did i miss
View 7 Replies View RelatedI am trying to play with /etc/pam.d/samba on Centos 5.6 (2.6.18-238.19.1.el5) but it seems that Samba is ignoring this file.
Example:
And samba authentication is still possible afterwards.
Default samba packages:
The package seems to be compiled with PAM enabled:
Good evening, I get the following error when prompted for my user name and password credentials that have access to the domain rights on the server. After typing in root and the password I get the following.
"The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted, unjoin, reboot and rejoin the domain."
Posted below is my smb.conf file, however I feel like I am screwing up the last steps with group-mapping, net commands, and creating accounts.
[global]
workgroup = SCRUGGSHOME
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
[Code].....
I have configured NIS, DNS, NFS and DHCP servers at my home network. I can easily authenticate another Linux machine to these servers and make that machine as a client and also users can locin using the automounter. My Question is, is it possible that by using the same setup I can authenticate a windows Xp machine and make it as a client, and also users can login using the passwords that I have provided on my NIS server?
View 1 Replies View RelatedI have Redhat 5 playing nice as it authenticates against windows server 2008. But I ran into issues trying to get Redhat 6 to do it as well.
Here is where I stand on my redhat 6 box:
I have my certificates working between the windows and the redhat box.
From Root user I can SU to an Active Directory user. getent works. I can see all the users info. ldapsearch works with the CA certificate so my SSL handshake is working. I do not suspect cert issues
But when I try to login as active directory on my Redhat 6 box I get told I used an invalid password. The password works just fine on the windows server, so I didn't fat finger anything. I am just confused as to why I can have getent and ldapsearching but can not login.
I have turned off iptables on redhat and the firewall on 2008 server to see if that would change the situation but no luck.
I noted that in Redhat 6 I need to config SSSD rather then NSCD.
Let me know if you need to see my:
ldap.conf
nsswitch.conf
sssd.conf
var messages
What I maybe doing wrong or leaving out in my configurations.
I can get a connection to Windows server 2008 using rdesktop 1.6, but after a few seconds the connection is dropped and I get a message of and internal licensing error. I think rdesktop 1.6 uses rdp 5.x, and WIndows server 2008 uses rdp 6, but there must be some way to get a linux terminal server client to connect to Windows Server 2008.
View 2 Replies View RelatedI h ave a samba server which authenticate with MS AD, and this is working fine with XP and etc. But recently we have bought some pc's with Windows7 and when I try to access this share through Windos7
I am getting this error:
Is there any special thing that I need to do on client (windows7) side or server side for this to work?
My systems details:
OS - Red Hat Enterprise Linux Server release 5 (Tikanga)
Kernel - Linux server 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux
Samba - samba-3.0.23c-2
you can install vmware on opensuse but can you run windows server 2008 from vmware installed on opensuse?
not that i care, but the only use of vmware ive used is for network simulation
honestly i'm not sure what vmware is for besides that, exept i've heard for programming I think
I have the following version of centos,kerbose and samba (Samba version 3.0.33-3.29.el5_5.1, krb5-libs-1.6.1-36.el5_5.5 , krb5-workstation-1.6.1-36.el5_5.5 , centos-release-5-5.el5.centos) i have configured it and qhw i givit give me the following error Failed to set password for machine account NT_STATUS_ACCESS_DENIED) Failed to join domain: Access denied
[Code]...
Can anyone point me in the direction of setting up shares for windows machines on centos. I have found a few document but never managed to get it up and running correctly. I need to be able to get access to subfolder etc for different users. Is there any way of doing it with some sort of gui?
View 2 Replies View RelatedI'm using on my smb.conf
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
[code]....
I was trying to connect to Windows server from 11.04 I knew the connection worked from a Windows 7 PC
terminal services client (rdp or rdpv5)An error has occurred Details: recv: ~Connection reset by peer
Fix I'd forgotten about the Windows server security. Control Panel, System & Security, System Remote Settings, Remote Desktop has 3 radio buttons. I changed from most secure to medium security.
I am trying to set up samba in my CentOS virtual machine that is running on a Windows 7 host. I have found a tutorial in the How-Tos on this site but I'm not sure if they are exact and I'm paranoid about messing something up. The link to the tutorial is below. Is there anything that I should do different or anything that I should be aware of? Also, once this is set up, how do I transfer files between the two machines?
[URL]
I can't be the first one with this problem. What am I missing?
I have setup Samba servers in the past, just none under SELinux. The last one I configured was a couple years ago, so I wouldn't doubt I'm a bit rusty.
---- Environment summary:
Clean server install of CentOS 5.4 includes SELinux
- lets call this 'server'
- updated samba to 3.0.33-3.15.el5_4.1
Client1 - Windows XP sp4 - WINS configuration uses 'server' noted above
Client2 - Windows Vista - WINS configuration uses 'server' noted above
---- What works / what doesn't ------
Clients can see the server (XP and vista) in network neighborhood.
The following does not work from windows (xp or vista)
net view
net view \server
net view \server-ip
net view \servershare
This does work on the server
smbclient -L \server
smbclient -L \server --user validuser
smbclient -L \client1 --user validuser
---- What I have configured and tried (config/output below) --------
firewall ports for samba are open
SELinux enforcing or permissive
file context is set on share
samba booleans are set
***firewall
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p udp --dport 139 -j ACCEPT
***SELinux mode/booleans
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
# getsebool -a | grep smb
allow_smbd_anon_write --> off
smbd_disable_trans --> on
# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
virt_use_samba --> off
***filesystem
# semanage fcontext -a -t samba_share_t �/share/photos(/.*)?�
# restorecon -R -v /share/photos
***Disks
]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 9920624 2070872 7337684 23% /
/dev/sda1 101086 19146 76721 20% /boot
tmpfs 1846656 0 1846656 0% /dev/shm
/dev/mapper/VolGroup00-xen
100791728 202540 95469188 1% /xen
/dev/mapper/VolGroup00-photo00
251981556 191716 238989840 1% /share/photos
/dev/mapper/VolGroup00-dmsdoc00
100791728 192256 95479472 1% /share/alfresco
none 1846656 104 1846552 1% /var/lib/xenstored
***smb.conf
[global]
workgroup = workgroup
netbios name = server
security = user
name resolve order = wins hosts lmhosts bcast
encrypt passwords = yes
hosts allow = 192.168.0.
hosts deny = 192.168.122.
interfaces = eth0
passdb backend = tdbsam
oslevel = 222
local master = yes
domain master = yes
preferred master = yes
cups options = raw
username map = /etc/samba/smbusers
wins support = yes
log level = 4
guest ok = yes
[photo]
comment = Photos
path = /share/photos
read only = yes
guest ok = yes
I'm trying to set up a VPN connection between our CentOS 5.3 server at work and my bosses XP computer at home. At this point, we are kinda locked into Quickbooks. I'm testing the connection from my XP boot at home to see if it works. I can log into our servicemanuals easily enough from XP at home however, the windows takes forever to update. I have the Samba server only listening on port 445 because is seems to work more efficiently at work. I connect to the Samba shares via linux from home and everything works well but, when I try to do anything with the shares from Windows client at home, it's very slow!
I'm thinking that it must have something either to do with the Windows OpenVPN client or the client.conf file. Is there anything I should look at in the .conf file for answers?
I have too many problems to join my OpenSuSE 11.2 with Samba 3.5.4 in a Windows 2008 Active directory Forest (MYDOMAIN.LOCAL). I have updated Samba to 3.5.4 after read that default 11.2 version have too many bugs. Now, when I try to join the Domain MYDOMAIN.LOCAL via yast i have only an undebuggable error "unknown error". For yast, my Suse is joined but i'm unable to authenticate, i can't see "MYDOMAIN.LOCAL" at KDM login and if i try to lookup forest i have this error:
Code:
wbinfo -u
Error looking up domain users
but i'm able to retrive ticket via kinit
Code:
# kinit Administrator
Password for Administrator@MYDOMAIN.LOCAL:
[Code]...
have you a samba version tested against Active Directory 2008? can you link me the repository or help me to solve this?
I am trying to mount a shared drive on a Windows Server 2008 machine using a Linux machine (Fedora 13). I try mounting by
# mount //HOSTNAME/SHARENAME /mnt/FOLDER
and I get mount error(13): Permission denied.
I have tried other options like # mount -t nfs //HOSTNAME/SHARENAME /mnt/FOLDER -o username=USERNAME and the same thing with different filesystem types (ntfs, smbfs, cifs).
I have:
checked all firewall configurations.
verified security/sharing settings
for the drive
verified registry keys under HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNfsSvrParameters
verified NFS server is running
I am familiar with Windows Server 2008 but I have never configured a system from scratch on my own. The computer I'm using used to have Windows 7 for sharing folders to a Linux server. I have just switched to Server 2008 and have not been able to mount anymore.
One thing that I think is that I tried setting up an identity mapping solution; however, I do not have a domain controller setup. I am still functioning on a workgroup.
I want to dual boot Windows Server 2008 r2 and Ubuntu 10.10 . First, I installed Server 2008 r2 then Ubuntu. After the installation, Grub only found Ubuntu, and "Windows Recovery Enviroment (loader)" on dev/sda1. The Windows OS is installed on dev/sda2. When i load "Windows Recovery Enviroment (loader)" it does a chdsk, then reboot the PC.
How can i make grub find the Windows OS?
Edit: The partition on dev/sda1 is called System Reserved
I am having issues mounting a share on a Windows 2008 Server from all of our Redhat 4 machines. I am trying to back up files before wiping and upgrading them to 5. I will try and post as much information that I gathered after trying different things. I am a newer hire for this network and a Linux newbie.
The scenario is this:
1. Windows 2008 Active Directory.
2. Redhat Enterprise 4 machines
I have root access and I tried entering at the terminal:
" smbclient -L "servername" -U "username"
get the "password" prompt I enter my password and get:
"session setup failed: NT_STATUS_ACCOUNT_LOCKED_OUT."
I check event viewer on the 2008 box and last week was seeing:
Event ID: 4625
Keywords: Audit Failure
etc, etc
"Account for which Logon failed:
Security ID: NULL SID
Account name: anonymous
Account Domain:MYGROUP
Failure Information:
Failure Reason: Uknown user name or bad password
etc, etc
Now the last couple of days the audit failures have not shown up on the 2008 Server box even though I attempted to log in.
The end users used to just use Konquerer smb://"servername"/"share" and it worked but for some reason starting last week this no longer works. Nothing was changed that I know of, this network is in a sealed classified environment with no external access. All additions to the network are monitored and no unapproved software is installed. The lab is in a vault type environment and only a few people know the combination and alarm pass codes so no chance of somebody adding stuff without me knowing it.
I would think with the locked out message it was an issue with my user account but that works fine on the Windows side so I tried my Linux credentials with no success when trying to mount the directory.
Is there something anybody can suggest Linux or Windows side to check? No user accounts work connecting to the Windows share.
p.s. I am aware the above command is only to see the Windows shares but i get the same thing when I just try and mount using CIFS or SMBFS.