Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#718865: Update and minimize /etc/samba/smbldap-machineadd-gosa
51 views
Skip to first unread message
Mike Gabriel
Aug 6, 2013, 6:40:02 AM8/6/13
to
Package: debian-edu-config
Version: 1.711
The script /etc/samba/smbldap-machineadd-gosa is a fork of
smbldap-useradd and contains many lines of unused code.
Furthermore, the fork was taken from smbldap-tools 0.9.5 whereas it
uses the Perl package shipped with the smbldap-tools Debian package.
In order to remain compliant with the Perl package, we should update
smbldap-machineadd-gosa to a current version (compared to
smbldap-tools, currently 0.9.7 in wheezy). On the run, we should
minimize our customized smbldap-machineadd-gosa script to the
functionality required by us.
I guess, this issue is assigned to myself, immediately when I click on
the Send-button of my mail client ;-)
Best,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Version: 1.711
The script /etc/samba/smbldap-machineadd-gosa is a fork of
smbldap-useradd and contains many lines of unused code.
Furthermore, the fork was taken from smbldap-tools 0.9.5 whereas it
uses the Perl package shipped with the smbldap-tools Debian package.
In order to remain compliant with the Perl package, we should update
smbldap-machineadd-gosa to a current version (compared to
smbldap-tools, currently 0.9.7 in wheezy). On the run, we should
minimize our customized smbldap-machineadd-gosa script to the
functionality required by us.
I guess, this issue is assigned to myself, immediately when I click on
the Send-button of my mail client ;-)
Best,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.g...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Holger Levsen
Aug 6, 2013, 7:20:01 AM8/6/13
to
control: tags -1 + moreinfo
Hi,
On Dienstag, 6. August 2013, Mike Gabriel wrote:
> The script /etc/samba/smbldap-machineadd-gosa is a fork of
> smbldap-useradd and contains many lines of unused code.
sigh :-(
> Furthermore, the fork was taken from smbldap-tools 0.9.5 whereas it
> uses the Perl package shipped with the smbldap-tools Debian package.
> In order to remain compliant with the Perl package, we should update
> smbldap-machineadd-gosa to a current version (compared to
> smbldap-tools, currently 0.9.7 in wheezy). On the run, we should
> minimize our customized smbldap-machineadd-gosa script to the
> functionality required by us.
why do we need the fork in the first place?
cheers,
Holger
Hi,
On Dienstag, 6. August 2013, Mike Gabriel wrote:
> The script /etc/samba/smbldap-machineadd-gosa is a fork of
> smbldap-useradd and contains many lines of unused code.
> Furthermore, the fork was taken from smbldap-tools 0.9.5 whereas it
> uses the Perl package shipped with the smbldap-tools Debian package.
> In order to remain compliant with the Perl package, we should update
> smbldap-machineadd-gosa to a current version (compared to
> smbldap-tools, currently 0.9.7 in wheezy). On the run, we should
> minimize our customized smbldap-machineadd-gosa script to the
> functionality required by us.
cheers,
Holger
Mike Gabriel
Aug 6, 2013, 3:20:01 PM8/6/13
to
control: tags -1 - moreinfo
Hi Holger,
Because it is the script that gets triggered by Samba whenever new
Windows workstation attempt to join the SKOLELINUX NT-Domain. To make
this attempt a success smbldap-machineadd-gosa adds an object to LDAP
with default settings for a Gosa-Samba-Machine account. Theses
settings then get filled with Samba during the domain join up.
Hi Holger,
Windows workstation attempt to join the SKOLELINUX NT-Domain. To make
this attempt a success smbldap-machineadd-gosa adds an object to LDAP
with default settings for a Gosa-Samba-Machine account. Theses
settings then get filled with Samba during the domain join up.
Holger Levsen
Aug 6, 2013, 5:00:02 PM8/6/13
to
control: tags -1 + moreinfo
Hi,
On Dienstag, 6. August 2013, Mike Gabriel wrote:
> Because it is the script that gets triggered by Samba whenever new
> Windows workstation attempt to join the SKOLELINUX NT-Domain. To make
> this attempt a success smbldap-machineadd-gosa adds an object to LDAP
> with default settings for a Gosa-Samba-Machine account. Theses
> settings then get filled with Samba during the domain join up.
why the fork?
Hi,
On Dienstag, 6. August 2013, Mike Gabriel wrote:
> Because it is the script that gets triggered by Samba whenever new
> Windows workstation attempt to join the SKOLELINUX NT-Domain. To make
> this attempt a success smbldap-machineadd-gosa adds an object to LDAP
> with default settings for a Gosa-Samba-Machine account. Theses
> settings then get filled with Samba during the domain join up.
cheers,
Holger
Petter Reinholdtsen
Aug 7, 2013, 2:00:01 AM8/7/13
to
I fetched version 0.9.5 of the smbldap-tools source, and ran diff
between smbldap-tools-0.9.5/smbldap-useradd and
smbldap-machineadd-gosa to see what was changed:
--- smbldap-tools-0.9.5/smbldap-useradd 2008-04-22 10:13:29.000000000 +0200
+++ smbldap-machineadd-gosa 2013-07-03 23:37:42.000000000 +0200
@@ -1,5 +1,17 @@
#!/usr/bin/perl -w
+# This script has been taken von smbldap-tools 0.9.5, its original name
+# is smbldap-useradd. It has been modified so that machine accounts can
+# be created and so that they will be compliant to the pre-requisites of
+# GOsa as in Debian Edu squeeze.
+#
+# This script depends on package smbldap-tools (i.e. on its
+# smbldap_tool.pm).
+#
+# Modifcations have been done by several people, initially by
+# Mike Gabriel <mike.g...@das-netzwerkteam.de>
+#
+
# This code was developped by Jerome Tournier (jtou...@gmail.com) and
# contributors (their names can be found in the CONTRIBUTORS file).
@@ -34,8 +46,42 @@
use Getopt::Std;
my %Options;
+# success = add_posix_machine($user, $uid, $gid)
+sub add_posix_machine_gosa {
+ my ( $user, $uid, $gid, $wait ) = @_;
+ if ( !defined $wait ) {
+ $wait = 0;
+ }
+
+ # bind to a directory with dn and password
+ my $add = $smbldap_tools::ldap->add(
+ "uid=$user,$config{computersdn}",
+ attr => [
+
+ 'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'gotoWorkstation'],
+ #'objectclass' => [ 'top', 'account', 'posixAccount' ],
+ 'cn' => "$user",
+
+ 'sn' => "$user",
+ 'uid' => "$user",
+ 'uidNumber' => "$uid",
+ 'gidNumber' => "$gid",
+ 'homeDirectory' => '/dev/null',
+ 'loginShell' => '/bin/false',
+ 'description' => 'Computer',
+ 'gecos' => 'Computer',
+ 'sn' => 'Computer',
+ ]
+ );
+
+ $add->code && warn "failed to add entry: ", $add->error;
+ sleep($wait);
+ return 1;
+}
+
+
my $ok =
- getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:?', \%Options );
+ getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:Z:?', \%Options );
if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'?'} ) ) {
print_banner;
@@ -304,7 +350,7 @@
}
if (
- !add_posix_machine(
+ !add_posix_machine_gosa(
$userName, $userUidNumber, $userGidNumber, $Options{'t'}
)
)
@@ -342,8 +388,9 @@
changes => [
replace => [
objectClass =>
- [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
],
+ add => [ sn => 'Computer' ],
add => [ sambaLogonTime => '0' ],
add => [ sambaLogoffTime => '2147483647' ],
add => [ sambaKickoffTime => '2147483647' ],
@@ -367,8 +414,9 @@
changes => [
replace => [
objectClass =>
- [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
],
+ add => [ sn => 'Computer' ],
add => [ sambaLogonTime => '0' ],
add => [ sambaLogoffTime => '2147483647' ],
add => [ sambaKickoffTime => '2147483647' ],
Quite a lot has changed in the original since the fork, and our script
no longer work because the /usr/share/perl5/smbldap_tools.pm library
no longer provide the get_next_id() function, as reported in
<URL: http://lists.debian.org/debian-edu/2013/08/msg00059.html >.
--
Happy hacking
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
between smbldap-tools-0.9.5/smbldap-useradd and
smbldap-machineadd-gosa to see what was changed:
--- smbldap-tools-0.9.5/smbldap-useradd 2008-04-22 10:13:29.000000000 +0200
+++ smbldap-machineadd-gosa 2013-07-03 23:37:42.000000000 +0200
@@ -1,5 +1,17 @@
#!/usr/bin/perl -w
+# This script has been taken von smbldap-tools 0.9.5, its original name
+# is smbldap-useradd. It has been modified so that machine accounts can
+# be created and so that they will be compliant to the pre-requisites of
+# GOsa as in Debian Edu squeeze.
+#
+# This script depends on package smbldap-tools (i.e. on its
+# smbldap_tool.pm).
+#
+# Modifcations have been done by several people, initially by
+# Mike Gabriel <mike.g...@das-netzwerkteam.de>
+#
+
# This code was developped by Jerome Tournier (jtou...@gmail.com) and
# contributors (their names can be found in the CONTRIBUTORS file).
@@ -34,8 +46,42 @@
use Getopt::Std;
my %Options;
+# success = add_posix_machine($user, $uid, $gid)
+sub add_posix_machine_gosa {
+ my ( $user, $uid, $gid, $wait ) = @_;
+ if ( !defined $wait ) {
+ $wait = 0;
+ }
+
+ # bind to a directory with dn and password
+ my $add = $smbldap_tools::ldap->add(
+ "uid=$user,$config{computersdn}",
+ attr => [
+
+ 'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount', 'gotoWorkstation'],
+ #'objectclass' => [ 'top', 'account', 'posixAccount' ],
+ 'cn' => "$user",
+
+ 'sn' => "$user",
+ 'uid' => "$user",
+ 'uidNumber' => "$uid",
+ 'gidNumber' => "$gid",
+ 'homeDirectory' => '/dev/null',
+ 'loginShell' => '/bin/false',
+ 'description' => 'Computer',
+ 'gecos' => 'Computer',
+ 'sn' => 'Computer',
+ ]
+ );
+
+ $add->code && warn "failed to add entry: ", $add->error;
+ sleep($wait);
+ return 1;
+}
+
+
my $ok =
- getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:?', \%Options );
+ getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:Z:?', \%Options );
if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'?'} ) ) {
print_banner;
@@ -304,7 +350,7 @@
}
if (
- !add_posix_machine(
+ !add_posix_machine_gosa(
$userName, $userUidNumber, $userGidNumber, $Options{'t'}
)
)
@@ -342,8 +388,9 @@
changes => [
replace => [
objectClass =>
- [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
],
+ add => [ sn => 'Computer' ],
add => [ sambaLogonTime => '0' ],
add => [ sambaLogoffTime => '2147483647' ],
add => [ sambaKickoffTime => '2147483647' ],
@@ -367,8 +414,9 @@
changes => [
replace => [
objectClass =>
- [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+ [ 'top', 'posixAccount', 'person', 'organizationalPerson', 'inetOrgPerson', 'gosaAccount', 'sambaSamAccount', 'shadowAccount' ]
],
+ add => [ sn => 'Computer' ],
add => [ sambaLogonTime => '0' ],
add => [ sambaLogoffTime => '2147483647' ],
add => [ sambaKickoffTime => '2147483647' ],
Quite a lot has changed in the original since the fork, and our script
no longer work because the /usr/share/perl5/smbldap_tools.pm library
no longer provide the get_next_id() function, as reported in
<URL: http://lists.debian.org/debian-edu/2013/08/msg00059.html >.
--
Happy hacking
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Mike Gabriel
Aug 7, 2013, 5:40:01 AM8/7/13
to
control: tag -1 - moreinfo
Hi Holger,
Because smbldap-useradd does not cover the objectClasses /
attributeDescriptions required by GOsa² to recognize the SMB-machine
object.
See patch below that shows the fork... (patch has been created on a
squeeze-TJENER).
Best,
Mike
"""
--- /usr/sbin/smbldap-useradd 2009-10-15 21:34:13.000000000 +0200
+++ /etc/samba/smbldap-machineadd-gosa 2011-08-27 18:21:48.000000000 +0200
Hi Holger,
attributeDescriptions required by GOsa² to recognize the SMB-machine
object.
See patch below that shows the fork... (patch has been created on a
squeeze-TJENER).
Best,
Mike
"""
--- /usr/sbin/smbldap-useradd 2009-10-15 21:34:13.000000000 +0200
+++ /etc/samba/smbldap-machineadd-gosa 2011-08-27 18:21:48.000000000 +0200
Holger Levsen
Aug 7, 2013, 5:50:02 AM8/7/13
to
Hi Mike,
On Mittwoch, 7. August 2013, Mike Gabriel wrote:
> control: tag -1 - moreinfo
I suggest you stop removing "moreinfo" tags if you are not the one who have
set them.
> Because smbldap-useradd does not cover the objectClasses /
> attributeDescriptions required by GOsa² to recognize the SMB-machine
> object.
I see. I'm still worried about this approach as it easily leads to the problem
we're having now.
cheers,
Holger
On Mittwoch, 7. August 2013, Mike Gabriel wrote:
> control: tag -1 - moreinfo
set them.
> Because smbldap-useradd does not cover the objectClasses /
> attributeDescriptions required by GOsa² to recognize the SMB-machine
> object.
we're having now.
cheers,
Holger
Mike Gabriel
Aug 7, 2013, 6:00:03 AM8/7/13
to
Hi Holger,
On Mi 07 Aug 2013 11:41:00 CEST Holger Levsen wrote:
> Hi Mike,
>
> On Mittwoch, 7. August 2013, Mike Gabriel wrote:
>> control: tag -1 - moreinfo
>
> I suggest you stop removing "moreinfo" tags if you are not the one who have
> set them.
Ack.
>> Because smbldap-useradd does not cover the objectClasses /
>> attributeDescriptions required by GOsa² to recognize the SMB-machine
>> object.
>
> I see. I'm still worried about this approach as it easily leads to
> the problem
> we're having now.
My approach for getting this straight is:
o grab functions from smbldap_tools Perl package
o put them into our script
o remove all unneeded cruft from smbldap-machineadd-gosa
o do not use /etc/smbldap-tools/smbldap.conf anymore
Before I do that, I will check if it may be possible with
smbldap-tools 0.9.7 that we can use smbldap-tools directly, but my gut
feelings say that won't work.
Mike
On Mi 07 Aug 2013 11:41:00 CEST Holger Levsen wrote:
> Hi Mike,
>
> On Mittwoch, 7. August 2013, Mike Gabriel wrote:
>> control: tag -1 - moreinfo
>
> I suggest you stop removing "moreinfo" tags if you are not the one who have
> set them.
>> Because smbldap-useradd does not cover the objectClasses /
>> attributeDescriptions required by GOsa² to recognize the SMB-machine
>> object.
>
> I see. I'm still worried about this approach as it easily leads to
> the problem
> we're having now.
o grab functions from smbldap_tools Perl package
o put them into our script
o remove all unneeded cruft from smbldap-machineadd-gosa
o do not use /etc/smbldap-tools/smbldap.conf anymore
Before I do that, I will check if it may be possible with
smbldap-tools 0.9.7 that we can use smbldap-tools directly, but my gut
feelings say that won't work.
Mike
Arne Sørli
Aug 8, 2013, 2:50:01 AM8/8/13
to
The get_next_id-error was fixed with this:
[Petter Reinholdtsen]
> Checked the original and the library, and thus function is now called
> user_next_uid(); Try editing machineadd-gosa and replace
> 'get_next_id($config{usersdn}, "uidNumber" );' with
> 'user_next_uid();'.
And I am now able to join the domain from a Windows XP PC :-)
However, I'm still unable to log in.
I get the error: "The system could not log you on. Make sure your User name
and domain are correct, then type the password again". My
/var/log/samba/log.static21 only contains:
[2013/08/08 07:27:52.459238, 0]
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
In Gosa, in have tried both to add the PC-entry before joining the domain
(Create, Workstation as didn't find any winstation entry in the menu) and not
adding it (letting join domain add the entry).
In the first case the entry shows up in Gosa as static 21. I am able to set
Activated mode and view and set NIS netgroups (added only winstations-hosts).
In the second case the entry shows up in Gosa as static21$ with a windows icon
in the second column. But I have no "Activated" mode drop-down box and when I
go to the NIS netgroups tab, it shows:
"This host cannot be added to NIS Netgroups
Only hosts with a fully qualified domain name or those with DNS settings
enabled in GOsa can be added to NIS Netgroups!"
I have enabled DHCP and DNS for static21 so this should not be the problem.
--
Arne Sørli
[Petter Reinholdtsen]
> Checked the original and the library, and thus function is now called
> user_next_uid(); Try editing machineadd-gosa and replace
> 'get_next_id($config{usersdn}, "uidNumber" );' with
> 'user_next_uid();'.
And I am now able to join the domain from a Windows XP PC :-)
However, I'm still unable to log in.
I get the error: "The system could not log you on. Make sure your User name
and domain are correct, then type the password again". My
/var/log/samba/log.static21 only contains:
[2013/08/08 07:27:52.459238, 0]
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
In Gosa, in have tried both to add the PC-entry before joining the domain
(Create, Workstation as didn't find any winstation entry in the menu) and not
adding it (letting join domain add the entry).
In the first case the entry shows up in Gosa as static 21. I am able to set
Activated mode and view and set NIS netgroups (added only winstations-hosts).
In the second case the entry shows up in Gosa as static21$ with a windows icon
in the second column. But I have no "Activated" mode drop-down box and when I
go to the NIS netgroups tab, it shows:
"This host cannot be added to NIS Netgroups
Only hosts with a fully qualified domain name or those with DNS settings
enabled in GOsa can be added to NIS Netgroups!"
I have enabled DHCP and DNS for static21 so this should not be the problem.
--
Arne Sørli
Petter Reinholdtsen
Aug 8, 2013, 3:20:02 PM8/8/13
to
Note, our script causes two warnings to show up:
root@tjener:/etc# ./samba/smbldap-machineadd-gosa -t0 -w "floffa"
Use of uninitialized value $encoding in string eq at /usr/share/perl5/smbldap_tools.pm line 1387.
Use of uninitialized value $encoding in string eq at /usr/share/perl5/smbldap_tools.pm line 1387.
root@tjener:/etc#
It is caused by these utf8Encode() calls in
/etc/samba/smbldap-machineadd-gosa:
$givenName = ( utf8Encode( $Options{'N'} ) || $userName );
$userSN = ( utf8Encode( $Options{'S'} ) || $userName );
When the options are not used, the function is called with no
argument, triggering the warning. Perhaps we should rewrite it for
wheezy to avoid the warnings?
--
Happy hacking
Petter Reinholdtsen
root@tjener:/etc# ./samba/smbldap-machineadd-gosa -t0 -w "floffa"
Use of uninitialized value $encoding in string eq at /usr/share/perl5/smbldap_tools.pm line 1387.
Use of uninitialized value $encoding in string eq at /usr/share/perl5/smbldap_tools.pm line 1387.
root@tjener:/etc#
It is caused by these utf8Encode() calls in
/etc/samba/smbldap-machineadd-gosa:
$givenName = ( utf8Encode( $Options{'N'} ) || $userName );
$userSN = ( utf8Encode( $Options{'S'} ) || $userName );
When the options are not used, the function is called with no
argument, triggering the warning. Perhaps we should rewrite it for
wheezy to avoid the warnings?
--
Happy hacking
Petter Reinholdtsen
Petter Reinholdtsen
Aug 9, 2013, 4:10:01 AM8/9/13
to
[Arne Sørli]
repository now.
> However, I'm still unable to log in.
Hm. Could this be the same problem I see when I try to run this
command (which should work according to Mike Gabriel on IRC):
smbclient //tjener/pere -U pere
It fail with "tree connect failed: NT_STATUS_ACCESS_DENIED", which
seem to be the wrong response for a working samba setup.
I lack a windows machine (I do not accept the terms of use), and need
to be able to reproduce the problem using a Linux machine to debug the
problem. :)
--
Happy hacking
Petter Reinholdtsen
> And I am now able to join the domain from a Windows XP PC :-)
Great. All the required fixes for this should be in our wheezy-test
repository now.
> However, I'm still unable to log in.
command (which should work according to Mike Gabriel on IRC):
smbclient //tjener/pere -U pere
It fail with "tree connect failed: NT_STATUS_ACCESS_DENIED", which
seem to be the wrong response for a working samba setup.
I lack a windows machine (I do not accept the terms of use), and need
to be able to reproduce the problem using a Linux machine to debug the
problem. :)
--
Happy hacking
Petter Reinholdtsen
Petter Reinholdtsen
Aug 10, 2013, 5:50:02 AM8/10/13
to
[Wolfgang Schweer]
> This is most probably caused by a missing samba account. (The first user
> account hasn't got one by default.)
Aha. Good point. Adding a samba account and setting the password (to
ensure the samba hash is set too) got me a bit further.
I seem to remember that we do not set up a samba account because the
information needed to do that is missing when the initial user is
created, but might be mistaken.
> Using a normal user account, the failure message is:
>
> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> reproducible.
I get this too when I provide the password. But when I just press
[enter] on the password prompt, I am logged in and can see my files.
I guess Kerberos login work, while password check do not.
Arne, could your problem be that you use the initial account which is
without a samba account?
> This is most probably caused by a missing samba account. (The first user
> account hasn't got one by default.)
Aha. Good point. Adding a samba account and setting the password (to
ensure the samba hash is set too) got me a bit further.
I seem to remember that we do not set up a samba account because the
information needed to do that is missing when the initial user is
created, but might be mistaken.
> Using a normal user account, the failure message is:
>
> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> reproducible.
I get this too when I provide the password. But when I just press
[enter] on the password prompt, I am logged in and can see my files.
I guess Kerberos login work, while password check do not.
Arne, could your problem be that you use the initial account which is
without a samba account?
Arne Sørli
Aug 10, 2013, 10:50:01 AM8/10/13
to
[Petter Reinholdtsen]
that they are registered as samba-users.
sudo pdbedit -L shows:
Administrator:50500:Administrator
nobody:65534:nobody
newteacher:1001:NewTeacher NewTeacher
newstudent:1002:NewStudent NewStudent
solhem:1003:Solveig Hem Sørli
static21$:51000:STATIC21$
katgren:1004:Katya Grenness
and the relevant parts of the output from sudo pdbedit -L -v shows:
Unix username: solhem
NT username: solhem
Account Flags: [UX ]
User SID: S-1-5-21-3333393992-2949466011-2278170263-3006
Primary Group SID: S-1-5-21-3333393992-2949466011-2278170263-3007
Full Name: Solveig Hem Sørli
Home Directory: \\tjener\solhem
HomeDir Drive: H:
Logon Script: logon-teachers.bat
Profile Path: \\tjener\solhem\.ntprofile
Domain: SKOLELINUX
Account desc:
Workstations:
Munged dial: [removed long line]
Logon time: 0
Logoff time: ti., 19 jan. 2038 04:14:07 CET
Kickoff time: never
Password last set: on., 07 aug. 2013 22:23:35 CEST
Password can change: on., 07 aug. 2013 22:23:35 CEST
Password must change: ti., 19 jan. 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: static21$
NT username: static21$
Account Flags: [W ]
User SID: S-1-5-21-3333393992-2949466011-2278170263-1001
Primary Group SID: S-1-5-21-3333393992-2949466011-2278170263-553
Full Name: STATIC21$
Home Directory: \\TJENER\static21_\.win9xprofile
HomeDir Drive: h:
Logon Script: debian-edu-login.bat
Profile Path: \\TJENER\static21_\.ntprofile
Domain: SKOLELINUX
Account desc: Computer
Workstations:
Munged dial: [removed long line]
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: on., 07 aug. 2013 22:06:56 CEST
Password can change: on., 07 aug. 2013 22:06:56 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
--
Arne Sørli
> Arne, could your problem be that you use the initial account which is
> without a samba account?
No, I have tried with with two newly created teacher-users, and I have checked
> without a samba account?
that they are registered as samba-users.
sudo pdbedit -L shows:
Administrator:50500:Administrator
nobody:65534:nobody
newteacher:1001:NewTeacher NewTeacher
newstudent:1002:NewStudent NewStudent
solhem:1003:Solveig Hem Sørli
static21$:51000:STATIC21$
katgren:1004:Katya Grenness
and the relevant parts of the output from sudo pdbedit -L -v shows:
Unix username: solhem
NT username: solhem
Account Flags: [UX ]
User SID: S-1-5-21-3333393992-2949466011-2278170263-3006
Primary Group SID: S-1-5-21-3333393992-2949466011-2278170263-3007
Full Name: Solveig Hem Sørli
Home Directory: \\tjener\solhem
HomeDir Drive: H:
Logon Script: logon-teachers.bat
Profile Path: \\tjener\solhem\.ntprofile
Domain: SKOLELINUX
Account desc:
Workstations:
Munged dial: [removed long line]
Logon time: 0
Logoff time: ti., 19 jan. 2038 04:14:07 CET
Kickoff time: never
Password last set: on., 07 aug. 2013 22:23:35 CEST
Password can change: on., 07 aug. 2013 22:23:35 CEST
Password must change: ti., 19 jan. 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username: static21$
NT username: static21$
Account Flags: [W ]
User SID: S-1-5-21-3333393992-2949466011-2278170263-1001
Primary Group SID: S-1-5-21-3333393992-2949466011-2278170263-553
Full Name: STATIC21$
Home Directory: \\TJENER\static21_\.win9xprofile
HomeDir Drive: h:
Logon Script: debian-edu-login.bat
Profile Path: \\TJENER\static21_\.ntprofile
Domain: SKOLELINUX
Account desc: Computer
Workstations:
Munged dial: [removed long line]
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: on., 07 aug. 2013 22:06:56 CEST
Password can change: on., 07 aug. 2013 22:06:56 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
--
Arne Sørli
Wolfgang Schweer
Aug 11, 2013, 8:10:02 AM8/11/13
to
On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:
> [Wolfgang Schweer]
immediatly into a smb shell.
I noticed a really scaring thing:
Logged in as a student using a teacher's uid with the above command, I'm
able to get/put/rename/delete files and dirs, cause I seem to get the
smb shell under that uid. Something seems to be misconfigured.
Can someone try to reproduce this behaviour?
Wolfgang
> [Wolfgang Schweer]
> > Using a normal user account, the failure message is:
> >
> > "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> > reproducible.
>
> I get this too when I provide the password. But when I just press
> [enter] on the password prompt, I am logged in and can see my files.
> I guess Kerberos login work, while password check do not.
Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you
> >
> > "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> > reproducible.
>
> I get this too when I provide the password. But when I just press
> [enter] on the password prompt, I am logged in and can see my files.
> I guess Kerberos login work, while password check do not.
immediatly into a smb shell.
I noticed a really scaring thing:
Logged in as a student using a teacher's uid with the above command, I'm
able to get/put/rename/delete files and dirs, cause I seem to get the
smb shell under that uid. Something seems to be misconfigured.
Can someone try to reproduce this behaviour?
Wolfgang
Arne Sørli
Aug 12, 2013, 1:20:02 AM8/12/13
to
[Petter Reinholdtsen]
Could log in as a teacher only knowing the teacher uid (using no password) and
could then delete files and so on. The same ting for browsing
\\TJENER\<username> (not logged in).
> I noticed a really scaring thing:
> Logged in as a student using a teacher's uid with the above command, I'm
> able to get/put/rename/delete files and dirs, cause I seem to get the
> smb shell under that uid. Something seems to be misconfigured.
>
> Can someone try to reproduce this behaviour?
Yes, I got the same behaviour from XP SP3.
> Logged in as a student using a teacher's uid with the above command, I'm
> able to get/put/rename/delete files and dirs, cause I seem to get the
> smb shell under that uid. Something seems to be misconfigured.
>
> Can someone try to reproduce this behaviour?
Could log in as a teacher only knowing the teacher uid (using no password) and
could then delete files and so on. The same ting for browsing
\\TJENER\<username> (not logged in).
Mike Gabriel
Aug 12, 2013, 12:40:02 PM8/12/13
to
Hi Wolfgang, Arne,
Reproducible here, as well.
On the other hand (with the correct password entered):
"""
ldapadmin@tjener:~$ smbclient -L tjener -U mg
WARNING: The "null passwords" option is deprecated
WARNING: The "use spnego" option is deprecated
Enter mg's password:
session setup failed: NT_STATUS_LOGON_FAILURE
ldapadmin@tjener:~$
"""
With this in the log file
"""
ldapadmin@tjener:~$ sudo tail -f /var/log/samba/log.tjener
Password:
[2013/08/12 17:57:38.669988, 0]
sambaDomainName=SKOLELINUX object (like described here [1]):
# SAMBADOM, sambadom.local
dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local
sambaDomainName: SAMBADOM
sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaMinPwdLength: 7
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 1
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaForceLogoff: -1
sambaNextRid: 1021
[1] https://lists.samba.org/archive/samba/2011-September/164127.html
Urggghhh...
On the other hand (with the correct password entered):
"""
ldapadmin@tjener:~$ smbclient -L tjener -U mg
WARNING: The "null passwords" option is deprecated
WARNING: The "use spnego" option is deprecated
Enter mg's password:
session setup failed: NT_STATUS_LOGON_FAILURE
ldapadmin@tjener:~$
"""
With this in the log file
"""
ldapadmin@tjener:~$ sudo tail -f /var/log/samba/log.tjener
Password:
[2013/08/12 17:57:38.669988, 0]
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:57:41.705334, 0]
pdb_increment_bad_password_count: pdb_get_account_policy failed.
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:57:44.155758, 0]
pdb_increment_bad_password_count: pdb_get_account_policy failed.
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:59:23.792979, 0]
pdb_increment_bad_password_count: pdb_get_account_policy failed.
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 18:10:10.901732, 0]
pdb_increment_bad_password_count: pdb_get_account_policy failed.
passdb/passdb.c:2247(pdb_increment_bad_password_count)
pdb_increment_bad_password_count: pdb_get_account_policy failed.
"""
Further more, I miss some policy entries in the
pdb_increment_bad_password_count: pdb_get_account_policy failed.
"""
sambaDomainName=SKOLELINUX object (like described here [1]):
# SAMBADOM, sambadom.local
dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local
sambaDomainName: SAMBADOM
sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaMinPwdLength: 7
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 1
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaForceLogoff: -1
sambaNextRid: 1021
[1] https://lists.samba.org/archive/samba/2011-September/164127.html
Urggghhh...
Wolfgang Schweer
Aug 13, 2013, 7:30:01 AM8/13/13
to
On Mon, Aug 12, 2013 at 06:37:19PM +0200, Mike Gabriel wrote:
> On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote:
>
> >On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:
> >>[Wolfgang Schweer]
> >>> Using a normal user account, the failure message is:
> >>>
> >>> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> >>> reproducible.
> >>
> >>I get this too when I provide the password. But when I just press
> >>[enter] on the password prompt, I am logged in and can see my files.
> >>I guess Kerberos login work, while password check do not.
> >
> >Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you
> >immediatly into a smb shell.
> >
> >I noticed a really scaring thing:
> >Logged in as a student using a teacher's uid with the above command, I'm
> >able to get/put/rename/delete files and dirs, cause I seem to get the
> >smb shell under that uid. Something seems to be misconfigured.
> >
> >Can someone try to reproduce this behaviour?
>
> Reproducible here, as well.
To fix at least the security issue for the moment, disable the samba
> On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote:
>
> >On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:
> >>[Wolfgang Schweer]
> >>> Using a normal user account, the failure message is:
> >>>
> >>> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> >>> reproducible.
> >>
> >>I get this too when I provide the password. But when I just press
> >>[enter] on the password prompt, I am logged in and can see my files.
> >>I guess Kerberos login work, while password check do not.
> >
> >Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you
> >immediatly into a smb shell.
> >
> >I noticed a really scaring thing:
> >Logged in as a student using a teacher's uid with the above command, I'm
> >able to get/put/rename/delete files and dirs, cause I seem to get the
> >smb shell under that uid. Something seems to be misconfigured.
> >
> >Can someone try to reproduce this behaviour?
>
> Reproducible here, as well.
service or add this to the [global] section of smb.conf and restart the
service.
auth methods = ntdomain
Access and logon won't work.
Wolfgang
Wolfgang Schweer
Aug 16, 2013, 6:30:03 AM8/16/13
to
On Mon, Aug 12, 2013 at 07:09:34AM +0200, Arne Sørli wrote:
> [Petter Reinholdtsen]
> > I noticed a really scaring thing:
> > Logged in as a student using a teacher's uid with the above command, I'm
> > able to get/put/rename/delete files and dirs, cause I seem to get the
> > smb shell under that uid. Something seems to be misconfigured.
> >
> > Can someone try to reproduce this behaviour?
>
> Yes, I got the same behaviour from XP SP3.
>
> Could log in as a teacher only knowing the teacher uid (using no password) and
> could then delete files and so on. The same ting for browsing
> \\TJENER\<username> (not logged in).
Most probably all this was due to empty LM and NT password hashes stored
> [Petter Reinholdtsen]
> > I noticed a really scaring thing:
> > Logged in as a student using a teacher's uid with the above command, I'm
> > able to get/put/rename/delete files and dirs, cause I seem to get the
> > smb shell under that uid. Something seems to be misconfigured.
> >
> > Can someone try to reproduce this behaviour?
>
> Yes, I got the same behaviour from XP SP3.
>
> Could log in as a teacher only knowing the teacher uid (using no password) and
> could then delete files and so on. The same ting for browsing
> \\TJENER\<username> (not logged in).
in LDAP, caused by changes in GOsa 2.7.4 (squeeze version was 2.6.x).
To get the hashes right, /etc/gosa/gosa.conf has to be changed (first
backup the file).
Replace the string
"perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;""
with
'perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen %password), $/;"'
Then all user passwords have to be changed using GOsa. Connections
should then be possible using the new password, empty passwords should
fail.
Please test if this works for Windows clients.
Wolfgang
Arne Sørli
Aug 16, 2013, 8:30:02 AM8/16/13
to
[Wolfgang Schweer]
I can now log in with username and password from XP SP3, and blank password is
declined, as it should. Thanks!
> At the momend Arne cannot join the domain with his machines. So Arne, you
> can only test with non-domain workstations.
> I still have the domin joining on my list.
Actually, I can join the domain with a patch from Petter Reinholdtsen, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865#56
> Replace the string
> "perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]),
> $/;""
>
> with
>
> 'perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen %password), $/;"'
>
> Then all user passwords have to be changed using GOsa. Connections
> should then be possible using the new password, empty passwords should
> fail. Please test if this works for Windows clients.
It worked!
> "perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]),
> $/;""
>
> with
>
> 'perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen %password), $/;"'
>
> Then all user passwords have to be changed using GOsa. Connections
> should then be possible using the new password, empty passwords should
> fail. Please test if this works for Windows clients.
I can now log in with username and password from XP SP3, and blank password is
declined, as it should. Thanks!
> At the momend Arne cannot join the domain with his machines. So Arne, you
> can only test with non-domain workstations.
> I still have the domin joining on my list.
Actually, I can join the domain with a patch from Petter Reinholdtsen, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865#56
Arne Sørli
Aug 18, 2013, 9:40:02 AM8/18/13
to
When testing on a fresh install of
cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso,
timestamp 2013-08-17 16:30, I discovered that
joining the domain still does not work. (It works
in my beta0+patches described in
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865).
This time I get the following error on the XP PC
when trying to join: "A device attached to the system is not functioning".
The /var/samba/log.static26 shows:
[2013/08/18 08:53:49.301213, 0]
rpc_server/netlogon/srv_netlog_nt.c:954(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: failed to get
machine password for account STATIC26$: NT_STATUS_NONE_MAPPED
[2013/08/18 08:54:59.862772, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
[2013/08/18 08:59:24.883102, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
[2013/08/18 08:59:25.232265, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
I also notice that when trying to browse \\TJENER
as described in chapter 1.1 in
<https://wiki.debian.org/DebianEdu/Documentation/Wheezy/HowTo/Samba>https://wiki.debian.org/DebianEdu/Documentation/Wheezy/HowTo/Samba,
I am now asked for username and password.
According to the documentation, and in
beta0+patches, this should be possible without
password. It's first when you browse for
\\TJENER\<username> login credentials should be required.
I have also made diff of the following files from
beta0+patches (working) and wheezy-test (not working):
gosa.conf
smbldap-machineadd
But I don't see any significant changes. So I
think the changed behaviour must be caused by something else.
cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso,
timestamp 2013-08-17 16:30, I discovered that
joining the domain still does not work. (It works
in my beta0+patches described in
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718865).
This time I get the following error on the XP PC
when trying to join: "A device attached to the system is not functioning".
The /var/samba/log.static26 shows:
[2013/08/18 08:53:49.301213, 0]
rpc_server/netlogon/srv_netlog_nt.c:954(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: failed to get
machine password for account STATIC26$: NT_STATUS_NONE_MAPPED
[2013/08/18 08:54:59.862772, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
[2013/08/18 08:59:24.883102, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
[2013/08/18 08:59:25.232265, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam()
failed with 'NT_STATUS_UNSUCCESSFUL'
I also notice that when trying to browse \\TJENER
as described in chapter 1.1 in
<https://wiki.debian.org/DebianEdu/Documentation/Wheezy/HowTo/Samba>https://wiki.debian.org/DebianEdu/Documentation/Wheezy/HowTo/Samba,
I am now asked for username and password.
According to the documentation, and in
beta0+patches, this should be possible without
password. It's first when you browse for
\\TJENER\<username> login credentials should be required.
I have also made diff of the following files from
beta0+patches (working) and wheezy-test (not working):
gosa.conf
smbldap-machineadd
But I don't see any significant changes. So I
think the changed behaviour must be caused by something else.
Petter Reinholdtsen
Aug 20, 2013, 12:40:02 PM8/20/13
to
[Arne S�rli]
SID handling this morning, and it solve another problem with samba. I
hope it solve your problem too.
--
Happy hacking
Petter Reinholdtsen
> When testing on a fresh install of
> cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso, timestamp
> 2013-08-17 16:30, I discovered that joining the domain still does
> not work.
Please try again with the wheey-test iso. I fixed a bug in the samba
> cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso, timestamp
> 2013-08-17 16:30, I discovered that joining the domain still does
> not work.
SID handling this morning, and it solve another problem with samba. I
hope it solve your problem too.
--
Happy hacking
Petter Reinholdtsen
Arne Soerli
Aug 21, 2013, 10:20:02 AM8/21/13
to
[Petter Reinholdtsen]
I noticed that from a non-joined PC I could not browse \\TJENER (it asks for username and password), documentation says it should be possible. But I don't think that is important (not to me, anyway).
--
Arne Sørli
> Please try again with the wheey-test iso. I fixed a bug in the samba
> SID handling this morning, and it solve another problem with samba. I
> hope it solve your problem too.
With cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso, timestamp 2013-08-20, I was able to join the domain from Windows XP SP3 and could log in with username and password :-)
> SID handling this morning, and it solve another problem with samba. I
> hope it solve your problem too.
I noticed that from a non-joined PC I could not browse \\TJENER (it asks for username and password), documentation says it should be possible. But I don't think that is important (not to me, anyway).
--
Arne Sørli
Mike Gabriel
Oct 14, 2015, 10:00:03 AM10/14/15
to
Hi Petter, hi all,
On Di 20 Aug 2013 18:34:29 CEST, Petter Reinholdtsen wrote:
> [Arne Sørli]
in Debian Edu jessie is broken? Haven't run a Debian Edu (jessie)
system with MS Win attached for a while.
Thanks for feedback. If this bug is still an issue, I'll see to
getting it fixed for a jessie-pu.
On Di 20 Aug 2013 18:34:29 CEST, Petter Reinholdtsen wrote:
> [Arne Sørli]
>> When testing on a fresh install of
>> cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso, timestamp
>> 2013-08-17 16:30, I discovered that joining the domain still does
>> not work.
>
> Please try again with the wheey-test iso. I fixed a bug in the samba
> SID handling this morning, and it solve another problem with samba. I
> hope it solve your problem too.
>
> --
> Happy hacking
> Petter Reinholdtsen
I am just astounded by this bug. Is it really so, that domain joining
>> cd-wheezy-test-usbstick/debian-edu-amd64-i386-BD-1.iso, timestamp
>> 2013-08-17 16:30, I discovered that joining the domain still does
>> not work.
>
> Please try again with the wheey-test iso. I fixed a bug in the samba
> SID handling this morning, and it solve another problem with samba. I
> hope it solve your problem too.
>
> --
> Happy hacking
> Petter Reinholdtsen
in Debian Edu jessie is broken? Haven't run a Debian Edu (jessie)
system with MS Win attached for a while.
Thanks for feedback. If this bug is still an issue, I'll see to
getting it fixed for a jessie-pu.
0 new messages