[Samba] Gentoo, Samba, Upgrade, Authentications now failing
This is a discussion on [Samba] Gentoo, Samba, Upgrade, Authentications now failing within the Samba forums, part of the Networking and Network Related category; John Drescher wrote: >> Ok I have updated it and am no able to authenticate. It seems that even &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-03-2008
|
|||
|
|||
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
John Drescher wrote:
>> Ok I have updated it and am no able to authenticate. It seems that even >> though my smb.conf shows 'client plaintext auth = no' in the logs when >> performing a 'wbinfo --krb5auth=username%password' it shows >> >> plaintext kerberos password authentication for [username%password] failed >> (requesting cctype: FILE) >> >> Any ideas? I do appreciate any help I can get on this. Here is some version >> information: Version 3.0.30 >> -- > > Sorry that did not help. For now I am out of ideas. Hopefully someone > knows how to fix that soon otherwise I would go back to the last > version that worked. > No worries, I will roll it back to 3.0.28. I am not sure why it would use plaintext vs. the ntlmv2 that is specified in the config. > John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-03-2008
|
|||
|
|||
|
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
I rolled it back and experienced the same problems so I went ahead and
followed the following steps during the upgrade to 3.0.30 1. Removed machine from domain trust user account 2. Uninstalled samba 3. Re-installed latest 3.0.30 using Gentoo's emerge facility 4. Used Kinit with domain admin account 5. Joined machine to domain 6. Ensured that krb5auth using winbind worked (now working, had to modify user accounts in active directory. even having to go so far as to remove user, and recreate then apply the RFC2307 schema attributes) Everything is authenticating again but I am not able to get the pam_mkhomedir.so object create my user directories. relevant file info: nt acl support = yes inherit permissions = yes create mask = 0022 template homedir = /home/samba/%U comment = %U Home directory browsable = yes read only = yes create mask = 0022 force create mode = 0022 directory mask = 0022 force directory mode = 0022 path = /home/samba/%U %> ls -lah /home drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba Am I missing something with the permissions? I know, they are at 755 for now so I can figure out why its not working. What is the best practice for this folders permissions? Thanks. Jason Gerfen wrote: > John Drescher wrote: >>> Ok I have updated it and am no able to authenticate. It seems that even >>> though my smb.conf shows 'client plaintext auth = no' in the logs when >>> performing a 'wbinfo --krb5auth=username%password' it shows >>> >>> plaintext kerberos password authentication for [username%password] >>> failed >>> (requesting cctype: FILE) >>> >>> Any ideas? I do appreciate any help I can get on this. Here is some >>> version >>> information: Version 3.0.30 >>> -- >> >> Sorry that did not help. For now I am out of ideas. Hopefully someone >> knows how to fix that soon otherwise I would go back to the last >> version that worked. >> > No worries, I will roll it back to 3.0.28. I am not sure why it would > use plaintext vs. the ntlmv2 that is specified in the config. > > >> John > > -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-03-2008
|
|||
|
|||
|
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Ivan Ordonez wrote:
> Hi Jason, > > Sorry I can't be of any help but I am thinking about updating our PDC to > 3.0.30 but afraid it will have the same problem. I have a few questions > if you don't mind. > > 1. Can a PDC be remove on the domain and join again? if so, who will > be the login server to authenticate the process of joining the PDC to > the domain? I have two BDC and one PDC. %> net ads join -U ADMINISTRATOR@DOMAIN <-- joins samba server to domain (could be PDC, BDC or Domain member server types depending on config) %> net ads leave -U ADMINISTRATOR@DOMAIN <-- this will remove the machine account from active directory > 2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30 Nope, the lastest in portage right now is 3.0.28 > > > Thanks to any info you can provide. > > -Ivan > > > > Jason Gerfen wrote: >> I rolled it back and experienced the same problems so I went ahead and >> followed the following steps during the upgrade to 3.0.30 >> >> 1. Removed machine from domain trust user account >> 2. Uninstalled samba >> 3. Re-installed latest 3.0.30 using Gentoo's emerge facility >> 4. Used Kinit with domain admin account >> 5. Joined machine to domain >> 6. Ensured that krb5auth using winbind worked (now working, had to >> modify user accounts in active directory. even having to go so far as >> to remove user, and recreate then apply the RFC2307 schema attributes) >> >> >> Everything is authenticating again but I am not able to get the >> pam_mkhomedir.so object create my user directories. >> relevant file info: >> nt acl support = yes >> inherit permissions = yes >> create mask = 0022 >> template homedir = /home/samba/%U >> >> comment = %U Home directory >> browsable = yes >> read only = yes >> create mask = 0022 >> force create mode = 0022 >> directory mask = 0022 >> force directory mode = 0022 >> path = /home/samba/%U >> >> %> ls -lah /home >> drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba >> >> Am I missing something with the permissions? I know, they are at 755 >> for now so I can figure out why its not working. What is the best >> practice for this folders permissions? Thanks. >> >> Jason Gerfen wrote: >>> John Drescher wrote: >>>>> Ok I have updated it and am no able to authenticate. It seems that >>>>> even >>>>> though my smb.conf shows 'client plaintext auth = no' in the logs when >>>>> performing a 'wbinfo --krb5auth=username%password' it shows >>>>> >>>>> plaintext kerberos password authentication for [username%password] >>>>> failed >>>>> (requesting cctype: FILE) >>>>> >>>>> Any ideas? I do appreciate any help I can get on this. Here is some >>>>> version >>>>> information: Version 3.0.30 >>>>> -- >>>> >>>> Sorry that did not help. For now I am out of ideas. Hopefully someone >>>> knows how to fix that soon otherwise I would go back to the last >>>> version that worked. >>>> >>> No worries, I will roll it back to 3.0.28. I am not sure why it would >>> use plaintext vs. the ntlmv2 that is specified in the config. >>> >>> >>>> John >>> >>> >> >> -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
|
06-03-2008
|
|||
|
|||
|
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
>> 2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30
> Save the ebuild from 3.0.24 into a local portage overlay See here: http://gentoo-wiki.com/HOWTO_Install..._Party_Ebuilds The ebuild will be in /var/db/pkg/net-fs/samba-3.0.24 And then do a quickpkg --include-config=y =net-fs/samba-3.0.24 Then to restore emerge -K =net-fs/samba-3.0.24 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
|
Linear Mode
