1 Feb 2009 03:30
1 Feb 2009 10:49
1 Feb 2009 13:32
1 Feb 2009 15:44
Re: Expired or must change password with linux/unix/mac clients against Samba4 KDC
Matthieu Patou <mat+Informatique.Samba <at> matws.net>
2009-02-01 14:44:00 GMT
2009-02-01 14:44:00 GMT
Hello Love, I tried without success your patch ! First problem is that it's not only *_kdc_check_flags which returns KRB5KDC_ERR_KEY_EXPIRED* but also _kdc_windc_client_access. I first added some code to delay the return of KRB5KDC_ERR_KEY_EXPIRED until we have been able to check the identity of the client. It makes kinit ( v1.6 because v1.4 do nothing) to reissue a request to kadmin/changepw server. But as change_pw is not set I was "obliged" to add a hack on the server_name comparison. It's worth noting that when a windows client has an expired password it works (even without the patch), the reason of this is that when it gets into authsam_account_ok (which seems to be called by kdb_windc_client_access) the field pwdLastSet has the value that is set to current time for the request to server kadmin/changepw. I tried to find the place in the code doing this change but so far I'am out of luck so I have this poor hack. Matthieu. On 02/01/2009 01:08 AM, Love Hörnquist Åstrand wrote: > Mattheui, > > To get the windows behavior you need the attached patch. > > The reason the AS-REQ to kadmin/admin is probably that the hdb layer(Continue reading)
1 Feb 2009 21:52
Re: Unable to join a domain with windows 7 beta1
Unified-Sean <smaisonneuve <at> unifiedtechnologysolutions.com>
2009-02-01 20:52:12 GMT
2009-02-01 20:52:12 GMT
Luke Howard wrote: > > That's good to know. With DSfW, looking at NetSetup.log, somehow early > on it decides that the NetBIOS domain name is the least significant > component of the DNS domain name (which in my test environment it > isn't). > > Still trying to figure out what is triggering this; it appears that in > Windows 7 more of the join is done over LDAP than in previous versions > of Windows. > > Does anyone know if it's possible to disable LDAP sealing in the > domain join? > > --luke > > On 16/01/2009, at 6:27 PM, Volker Lendecke wrote: > >> Hi! >> >> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote: >>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and >>> Vista >>> clients, but no go with 7, I will attach what information I have >>> gathered. >> >> Jim Pinkerton asked me to post this message from Microsoft: >> >> Sincere apologies, but wanted to confirm that there is an issue(Continue reading)
1 Feb 2009 21:52
Re: Unable to join a domain with windows 7 beta1
Unified-Sean <smaisonneuve <at> unifiedtechnologysolutions.com>
2009-02-01 20:52:12 GMT
2009-02-01 20:52:12 GMT
Luke Howard wrote: > > That's good to know. With DSfW, looking at NetSetup.log, somehow early > on it decides that the NetBIOS domain name is the least significant > component of the DNS domain name (which in my test environment it > isn't). > > Still trying to figure out what is triggering this; it appears that in > Windows 7 more of the join is done over LDAP than in previous versions > of Windows. > > Does anyone know if it's possible to disable LDAP sealing in the > domain join? > > --luke > > On 16/01/2009, at 6:27 PM, Volker Lendecke wrote: > >> Hi! >> >> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote: >>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and >>> Vista >>> clients, but no go with 7, I will attach what information I have >>> gathered. >> >> Jim Pinkerton asked me to post this message from Microsoft: >> >> Sincere apologies, but wanted to confirm that there is an issue(Continue reading)
1 Feb 2009 21:52
Re: Unable to join a domain with windows 7 beta1
Unified-Sean <smaisonneuve <at> unifiedtechnologysolutions.com>
2009-02-01 20:52:12 GMT
2009-02-01 20:52:12 GMT
Luke Howard wrote: > > That's good to know. With DSfW, looking at NetSetup.log, somehow early > on it decides that the NetBIOS domain name is the least significant > component of the DNS domain name (which in my test environment it > isn't). > > Still trying to figure out what is triggering this; it appears that in > Windows 7 more of the join is done over LDAP than in previous versions > of Windows. > > Does anyone know if it's possible to disable LDAP sealing in the > domain join? > > --luke > > On 16/01/2009, at 6:27 PM, Volker Lendecke wrote: > >> Hi! >> >> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote: >>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and >>> Vista >>> clients, but no go with 7, I will attach what information I have >>> gathered. >> >> Jim Pinkerton asked me to post this message from Microsoft: >> >> Sincere apologies, but wanted to confirm that there is an issue(Continue reading)
1 Feb 2009 21:59
Re: CTDB 1.0.70 missing header file.
Michael Adam <obnox <at> samba.org>
2009-02-01 20:59:07 GMT
2009-02-01 20:59:07 GMT
Hi Ronnie, I hope, you are having a nice vacation!(Continue reading)I have pushed more changes to my branch git://git.samba.org/obnox/ctdb.git: Some bug fixes for the check_tcp_port monitoring. There were several cases when monitoring failed due to different locations of nectat and/or netstat binaries, and the netstat method did not correctly detect daemons listening on the ipv6 wildcard address ":::$port" (instead of ipv4 "0.0.0.0:$port). These should all be fixed now. Cheers - Michael ronnie sahlberg wrote: > Thanks for that Michael, > Ill merge it once im back from vacation > > > > On Thu, Jan 29, 2009 at 10:04 PM, Michael Adam <ma <at> sernet.de> wrote: > > Hi William, > > > > Thanks for reporting that error. > > I have reproduced it on our AIX machine. > > > > Your fix works but is not entirely correct > > since it is not portable.
1 Feb 2009 22:03
Re: Unable to join a domain with windows 7 beta1
Unified-Sean <smaisonneuve <at> unifiedtechnologysolutions.com>
2009-02-01 21:03:19 GMT
2009-02-01 21:03:19 GMT
Guys. I hate to be the one to suggest this and it might just sound proposterous but I think MS might have completely disabled the Domain feature in Windows 7 to avoid small business from basing their whole enterprise on a BETA OS that has not been thoroughly tested in that area of operation. MS Enterprise software has always been a HUGE thing to MS and they have always seemed to put most of their resources into making sure these things don't <at> #% up... To me this theory is pure speculation at best right now but I believe it's a sensible possibility. None the less, it's still a hail marry when it comes to fact. I have zilch for supporting evidence. I just see no other reason why after so much testing on our end using WK8 servers running the domain, and being able to join many and all other compatible clients, that windows 7 client STILL fails to join. I have also been scouring the internet for a solution and at this point, I've started scouring TechNet for an official document saying exactly what I'm saying here!! There's nothing out there though. I imagine we'll hear something about this soon enough though. Hundreds of people are wondering why Windows 7 Beta will not join a domain (still). for now, I will keep my eyes and ears open!!! Luke Howard wrote: > > That's good to know. With DSfW, looking at NetSetup.log, somehow early > on it decides that the NetBIOS domain name is the least significant > component of the DNS domain name (which in my test environment it > isn't). >(Continue reading)
1 Feb 2009 23:21
Re: Unable to join a domain with windows 7 beta1
Luke Howard <lukeh <at> padl.com>
2009-02-01 22:21:25 GMT
2009-02-01 22:21:25 GMT
On 02/02/2009, at 8:03 AM, Unified-Sean wrote: > > Guys. I hate to be the one to suggest this and it might just sound > proposterous but I think MS might have completely disabled the Domain > feature in Windows 7 to avoid small business from basing their whole That, I doubt very much. -- Luke
RSS Feed