Re: W2K3 Domain and Redhat 7.3 Samba

Doug Holtz <dholtz@wi.rr.com> wrote on Tuesday 24 June 2003 04:32 in
comp.os.linux.networking:

> I have a RedHat server running Samba. I added a Windows 2003 server and
> used it as a domain controller. I converted my static IP address
> workgroup
> over to the domain. Now I can't log on to the linux box. I changed my
> smb.conf to add the machine to the domain, and not as a controller. The
> linux box shows up in network neighborhood, but the W2K3 and XP Pro PC's
> can't log in.

AFAIK Win2k3 does not support NTLM anymore unless you go tweaking. And SAMBA
AFAIR relies on this for the authentication.....if you can enable NTLM on
your Win2k03 domain controller, try again and report back.

--
email: mussi@snoop.alphanet.ch | "If you're taking flak,
Fidonet: 2:301/133 | you're above the target."

"Rene Laederach" <mussi@snoop.alphanet.ch> wrote in message
news:bd9r42$mvg$2@shakotay.alphanet.ch...
> Doug Holtz <dholtz@wi.rr.com> wrote on Tuesday 24 June 2003 04:32 in
> comp.os.linux.networking:
>
> > I have a RedHat server running Samba. I added a Windows 2003 server and
> > used it as a domain controller. I converted my static IP address
> > workgroup
> > over to the domain. Now I can't log on to the linux box. I changed my
> > smb.conf to add the machine to the domain, and not as a controller. The
> > linux box shows up in network neighborhood, but the W2K3 and XP Pro PC's
> > can't log in.
>
> AFAIK Win2k3 does not support NTLM anymore unless you go tweaking. And
SAMBA
> AFAIR relies on this for the authentication.....if you can enable NTLM on
> your Win2k03 domain controller, try again and report back.
>
> --
> email: mussi@snoop.alphanet.ch | "If you're taking flak,
> Fidonet: 2:301/133 | you're above the target."

Rene;

OK.

Now all I need to know is "What is NTLM?".

D

"Rene Laederach" <mussi@snoop.alphanet.ch> wrote in message
news:bd9r42$mvg$2@shakotay.alphanet.ch...
> Doug Holtz <dholtz@wi.rr.com> wrote on Tuesday 24 June 2003 04:32 in
> comp.os.linux.networking:
>
> > I have a RedHat server running Samba. I added a Windows 2003 server and
> > used it as a domain controller. I converted my static IP address
> > workgroup
> > over to the domain. Now I can't log on to the linux box. I changed my
> > smb.conf to add the machine to the domain, and not as a controller. The
> > linux box shows up in network neighborhood, but the W2K3 and XP Pro PC's
> > can't log in.
>
> AFAIK Win2k3 does not support NTLM anymore unless you go tweaking. And
SAMBA
> AFAIR relies on this for the authentication.....if you can enable NTLM on
> your Win2k03 domain controller, try again and report back.
>
> --
> email: mussi@snoop.alphanet.ch | "If you're taking flak,
> Fidonet: 2:301/133 | you're above the target."

Rene;

I found the explanation and enabled the service in Policies. Haven't gotten
it to work yet, but wanted to let you know. W2K3 has a great search
capability.

doug

"Doug Holtz" <dholtz@wi.rr.com> wrote in message
news:Yb7Ka.148806$jT4.2663407@twister.rdc-kc.rr.com...

<snip>

> OK.
>
> Now all I need to know is "What is NTLM?".
>
> D
>

OK, here's what NTLM is all about, as far as the authentication process
goes.

NTLM (NT LanMan) is an authentication process that's used by all members of
the Windows NT family of products. Like its predecessor LanMan, NTLM uses a
challenge/response process to prove the client's identity without requiring
that either a password or a hashed password be sent across the network.

When the authentication process begins, the user's system (client) sends a
login request to the server. The server replies with a randomly generated
"token" (or challenge) to the client. The client hashes the currently
logged-on user's cryptographically protected password with the challenge and
sends the resulting "response" to the server.

The server receives the challenge-hashed response and compares it to what it
knows to be the appropriate response. (The server takes a copy of the
original token - which it generated - and hashes it against what it knows to
be the user's password hash from its own user account database.) If the
received response matches the expected response, the user is successfully
authenticated to the server.

BTW, you will also need to do the same stuff you would do for XP, turn off
the smb signing, etc. 2K3 as a DC definitely fsck's up Samba. More locked
down than a 2000 DC. Probably have to wait until 3.0 is in final release and
mess with it.

Glen

"Doug Holtz" <dholtz@wi.rr.com> writes:

[...]

>I found the explanation and enabled the service in Policies. Haven't gotten
>it to work yet, but wanted to let you know. W2K3 has a great search
>capability.

Actually, if your Win2003 server uses AD, then you're out of luck (and AFAICT,
both 2000 and 2003 need AD if they're used as PDC). Samba at this time does
not support AD yet, due to the fact that MS doesn't publish the specs.

Michael
--
Michael Buchenrieder * mibu@scrum.greenie.muc.de * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.

"Doug Holtz" <dholtz@wi.rr.com> writes:

[...]

>I am using Active Directory. This is bad news. I need to get my web site
>off the linux server by way of samba.

Try rsync or simply ftp for this task. AD will not be supported AFAIK unti
Samba v3.x is out.


Michael

--
Michael Buchenrieder * mibu@scrum.greenie.muc.de * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.

"Michael Buchenrieder" <mibu@scrum.muc.de> wrote in message
news:HH2t4C.DM5@scrum.muc.de...
> "Doug Holtz" <dholtz@wi.rr.com> writes:
>
> [...]
>
> >I am using Active Directory. This is bad news. I need to get my web
site
> >off the linux server by way of samba.
>
> Try rsync or simply ftp for this task. AD will not be supported AFAIK unti
> Samba v3.x is out.
>
>
> Michael
>
> --
> Michael Buchenrieder * mibu@scrum.greenie.muc.de * http://www.muc.de/~mibu
> Lumber Cartel Unit #456 (TINLC) & Official Netscum
> Note: If you want me to send you email, don't munge your address.

Michael;

Good idea. I forgot about setting up ftp.

Doug