Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I think I've sufficiently searched this forum and other forums without finding anyone with my unigue issues. Honestly, I have no idea what these issues are, simply that they are driving me up a wall at the moment.
After a lot of tinkering and hair pulling, I've come to the following using winbind:
Mandrake 9.1
Samba 2.2.7a
2k3 Domain
~~~~~smb.conf~~~~~
[global]
workgroup = DOMAIN
netbios name = TestLinux
server string = Samba Server %v
security = domain
encrypt passwords = Yes
password server = TestPDC
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
character set = ISO8859-15
os level = 18
local master = No
dns proxy = No
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
~~~~~~~~~~
root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
Error connecting to TestPDC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN
root# wbinfo -a Domain_User
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user Domain_User with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DOMAIN_INFO (0xc00000da)
Could not authenticate user Domain_User with challenge/response
root# wbinfo -p
'ping' to winbindd succeeded
root# wbinfo -t
Secret is bad
0xc00000e5
root# getent passwd
#Too much to type out, however it seems to display a list of users
#and their specific info for both my machine and for the domain.
#UIDs match what they should according to the specifications in smb.conf
#If specific lines are needed, I'll type it all/part out.
root# getent group
#Too much to type out, however it seems to display a list of groups
#and their specific info for both my machine and for the domain.
#GIDs match what they should according to the specifications in smb.conf
#If specific lines are needed, I'll type it all/part out.
~~~~~~~~~~
Tried:
root# cat /etc/passwd | /usr/bin/mksmbpasswd.sh > /etc/samba/smbpasswd
root# smbpasswd Test_User
New SMB password:
Retype new SMB password:
Password changed for Test_User.
Password changed for Test_User.
root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
Error connecting to TestPDC - NT_STATUS_ACCESS_DENIED
Unable to join domain DOMAIN
Tried:
Removing "Encrypt Passwords = Yes" from smb.conf (as suggested in one forum).
root# smbpasswd -j DOMAIN -r TestPDC -U Administrator
ERROR: Must have both SECURITY = DOMAIN and ECRYPT PASSWORDS = YES!
Originally posted by VertigoRay Win2k3 (first post, line 8; also in Subject)
you have to turn off smb signing. i went through the same problem. you can disable it in group policies some where under the computer policy settings, there will be two setting right next to each other. i'm not at home right now so i can't give you the exact path but i'm 100% positive that this is the answer.
good luck and let me know how ti turned out. maybe you can help me with my problem. i can't get the users to run startx. i always get an error.
Originally posted by hakcenter seriously try samba 3, I had a lot of unknown samba problems with a pre3 release. I upgraded and bam, everything worked.
i tried samba 3 and ran into the exact same problem. the problem lies in window security. since microsoft wants windows to be secure they have configured it to be this way. the problem with samba is that it emulates a pre-windows 2000 computer that needs netbios. microsoft is trying to due away with all operating systems that need it. so if smb signing is enabled on the post-windows DC, no 95/98/me/nt computer will be able to communicate effectively.
Originally posted by VertigoRay Win2k3 (first post, line 8; also in Subject)
on the domain controller policy,
the path to disable smb signing is computer settings, security settings, local policies, security options. there should be two settings that look like : microsoft network server: digitally sign communications.
Maybe I'm not trying hard enough, but I cant seem to find where you're getting this path from. I've gone to my computer manager and can't find it. Control Panel, Network properties, etc ... can't find it. You're talking Win2k3, right?
Thanks for your help though. I seem to be stuck atm on where this is found, I'll keep digging around.
Yes, I rebooted ...
Next step is to start over using Samba3 and possibly Mandrake 9.2
I'm lost at the moment, any more suggestions?
Am I possibly logging into the domain wrong?
How do I log into the domain? (Make sure I'm doing it right)
Thanks again for all your help.
Thanks in advance for all your help.
Last edited by VertigoRay; 10-14-2003 at 05:25 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.