samba PDC + Winbind + Windows NT PDC - SMB

This is a discussion on samba PDC + Winbind + Windows NT PDC - SMB ; Hello: Sorry for my English, i'm spanish. We have AIX 5.2 and samba 3.0.1. In addition we have a PDC Windows NT 4,0, call SERVIDOR_NT, with domain WINDOM. All the users do logon in domain WINDOM. I have created with ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: samba PDC + Winbind + Windows NT PDC

  1. samba PDC + Winbind + Windows NT PDC

    Hello:
    Sorry for my English, i'm spanish.
    We have AIX 5.2 and samba 3.0.1. In addition we have a PDC Windows
    NT 4,0, call SERVIDOR_NT, with domain WINDOM. All the users do logon in
    domain WINDOM.

    I have created with samba a domain in Aix, in a server SERVIDOR_AIX,
    with samba call AIXDOM (workgroup=AIXDOM, security=User).

    In another Aix machine, call SHARES_AIX, I have resources that I want to
    share by means of samba(workgroup=AIXDOM, security=Domain).

    I need that the WINDOM users accede to this resource and for it I used
    winbind, but does not work. wbinfo -u return "Error looking up domain
    users". I understand that winbind would have to be executing in
    SHARES_AIX.

    When i configure samba with (workgroup=WINDOM, security=domain)
    everything it works well.

    i have WINDOM how trusted domain of AIXDOM.("net rpc trustdom
    establish -S servidor_nt -U administrador" in SERVIDOR_AIX)

    ¿What step I have doing badly?

    smb.conf:
    SERVIDOR_AIX:
    [global]
    workgroup = AIXDOM
    netbios name = SERVIDOR_AIX
    server string = Sistema AIX 5L - N15
    interfaces = 172.30.10.15/24
    map to guest = Bad User
    passdb backend = tdbsam
    guest account = p01adm
    passwd program = /usr/bin/passwd %u
    passwd chat = \*New*password* %n\n *new*password* %n\n
    username map = /usr/local/samba/lib/usermap.conf
    username level = 5
    log level = 2
    log file = /usr/local/samba/var/log/log.%m
    max log size = 50
    announce version = 4.0
    announce as = NT Workstation
    name resolve order = wins lmhosts host
    lpq cache time = 60
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    add user script = /usr/bin/mkuser pgrp=sapsys groups=sapsys
    su=false home=/home/pdc/%u shell=/bin/false gecos=%u
    account_locked=true login=false rlogin=false %u
    add group script = /usr/bin/mkgroup -A %g
    add user to group script = /usr/bin/chuser pgrp=%g groups=%g %u
    set primary group script = /usr/bin/chuser pgrp=%g
    add machine script = /usr/bin/mkuser pgrp=sapsys groups=sapsys
    su=false home=/home/pdc/%u shell=/bin/false gecos=%u
    account_locked=true login=false rlogin=false %u
    domain logons = Yes
    os level = 64
    preferred master = Yes
    domain master = Yes
    wins server = 172.30.1.20
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    hosts deny = 0.0.0.0


    SHARES_AIX:
    [global]
    workgroup = AIXDOM
    security = domain
    netbios name = SHARES_AIX
    server string = Sistema AIX 5L - SHARES_AIX
    interfaces = 172.30.10.7/24
    allow trusted domains = yes
    map to guest = Bad User
    password server = *
    guest account = p01adm
    passdb backend = tdbsam
    username level = 5
    username map = /usr/local/samba/lib/usermap.conf
    log level = 2
    log file = /usr/local/samba/var/log/log.%m
    max log size = 50
    announce version = 4.0
    announce as = NT Workstation
    name resolve order = wins lmhosts host
    lpq cache time = 60
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    os level = 64
    wins server = 172.30.1.20
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    hosts allow = 172.30.0.0/255.255.248.0
    hosts deny = 0.0.0.0
    default case = upper
    preserve case = No

    [interfaces]
    comment = xinter
    path = /interfaces
    valid users = WINDOM\Juan_SR
    read only = No
    create mask = 0770
    force create mode = 0770
    directory mask = 0770
    force directory mode = 0770
    veto files = /lost+found/ARCHIVING/

    ---------------------------


    Thank's



  2. Re: samba PDC + Winbind + Windows NT PDC


    wrote in message
    news:N_Pcc.3436$9c.232204@news.ono.com...
    > Hello:
    > Sorry for my English, i'm spanish.
    > We have AIX 5.2 and samba 3.0.1. In addition we have a PDC Windows
    > NT 4,0, call SERVIDOR_NT, with domain WINDOM. All the users do logon in
    > domain WINDOM.
    >
    > I have created with samba a domain in Aix, in a server SERVIDOR_AIX,
    > with samba call AIXDOM (workgroup=AIXDOM, security=User).
    >
    > In another Aix machine, call SHARES_AIX, I have resources that I want to
    > share by means of samba(workgroup=AIXDOM, security=Domain).
    >
    > I need that the WINDOM users accede to this resource and for it I used
    > winbind, but does not work. wbinfo -u return "Error looking up domain
    > users". I understand that winbind would have to be executing in
    > SHARES_AIX.
    >
    > When i configure samba with (workgroup=WINDOM, security=domain)
    > everything it works well.
    >
    > i have WINDOM how trusted domain of AIXDOM.("net rpc trustdom
    > establish -S servidor_nt -U administrador" in SERVIDOR_AIX)
    >
    > ¿What step I have doing badly?
    >


    Hi,

    First of all, why such a complicated setup with two domains? Just joining
    the Samba server to the domain as a member server is a lot easier.

    When you created the trust relationship between the two domains, what was
    the output of the command? Did the log files show anything? (Samba has a
    very good logging system).

    Judging from your configurations and the information you posted, you run two
    different security modes... don't do that. Run everything as
    security=domain.

    regards,
    Rob






  3. Re: samba PDC + Winbind + Windows NT PDC

    > Hi,
    >
    > First of all, why such a complicated setup with two domains? Just joining
    > the Samba server to the domain as a member server is a lot easier.
    >
    > When you created the trust relationship between the two domains, what

    was
    > the output of the command? Did the log files show anything? (Samba

    has a
    > very good logging system).
    >
    > Judging from your configurations and the information you posted, you

    run two
    > different security modes... don't do that. Run everything as
    > security=domain.
    >
    > regards,
    > Rob


    Hi,

    The reason by that there are two domains must to that the domain of
    samba AIXDOM is of a company and the one of WINDOM is of another
    one. In fact, there is another dominion more, than I have not put not to
    complicate it. The one of both security ways must to that he is not
    recommendable to put security=domain when samba is PDC(testparm say
    it), for that reason I must security=user. In the other server
    security=domain because I want that the authentication makes samba PDC
    (AIXDOM) or Windows PDC(WINDOM).

    I believe that that is correct. In logs he appears to me in
    log.172.30.10.15 (172,30,10,15 are the external interface of samba PDC)
    the following thing:
    [ 2004/04/07 10:02:27, 2 ] passdb/secrets.c:secrets_get_trusted_domains
    (625) Secrets record SECRETS/$DOMTRUST.ACC/WINDOMDOM^P is invalid!

    and in log.winbindd:
    [2004/04/07 10:03:24, 0] nsswitch/winbindd_sid.c:winbindd_lookupname
    (111)
    could not find domain entry for domain WINDOM


    Thanks!


  4. Re: samba PDC + Winbind + Windows NT PDC



    The problem is :
    Create the file lmshost in /usr/local/samba/lib with
    IP SERVIDOR_NT
    Run the command :
    net join -S servidor_nt -U administrador
    And :
    wbinfo --set-auth-user administrador%password



+ Reply to Thread