|

Computer Security

»

»

Endian Firewall

»

AD Join with Endian 2.3

View: New views

5 Messages — Rating Filter: Alert me

	AD Join with Endian 2.3 by Israel Junior-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Guys, Since Endian 2.3-rc1 I can't join my W2K domain (2.2 could join successfully) and apply NTLM authentication in Squid. All requirements needed in EFW 2.2 were tried with no luck in 2.3-rc1 and now in 2.3: - Add PDC and BDC hostnames in Network -> Edit Hosts - Add Domain name and PDC IP in Proxy -> DNS -> DNS Routing - Add Domain name in Authentication Realm and PDC/BDC hostnames/IPs in Proxy -> HTTP -> Authentication Then, after clicking in "Join Domain" button and inserting my domain admin user/pass, all I get is "Failed to join domain". In /var/log/messages there's only a notification about restarting samba: Oct 28 09:54:06 efw-1256721870 sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/bin/restartsamba.py --winbind-only Running restartsamba.py manually returns: # ./restartsamba.py --winbind-only Traceback (most recent call last): File "./restartsamba.py", line 348, in ? restartWinbind() File "./restartsamba.py", line 273, in restartWinbind write_winbind_config(proxy_conf) File "./restartsamba.py", line 144, in write_winbind_config write_config(WINBIND_TPL,WINBIND_CONF,proxy_conf) File "./restartsamba.py", line 134, in write_config content = t.respond() File "_etc_samba_winbind_conf_tmpl.py", line 96, in respond AttributeError: 'str' object has no attribute 'VFFSL' Although /var/efw/proxy/settings is correctly set, /etc/samba/smb.conf doesn't get modified after applying proxy configs/domain joining: -rw-r--r-- 1 root root 9.5K Oct 8 11:51 smb.conf And there aren't any smb/winbind related processes running. I wonder if any of you guys could help me :) -- Israel Junior http://www.linkedin.com/in/israeljunior ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: AD Join with Endian 2.3 by Luca Giovenzana-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Guys, just a quick suggestion to everybody: when you have a problem you can find interesting information on our bug tracker. You may save time.. About this issue, can you try without the BDC address? Using just the PDC you should avoid the attribute error. Can you check your krb5.conf.tmpl and smb.conf.tmpl like this bug says? http://bugs.endian.it/view.php?id=2202 In case, you'd better have to open a bug report. Bye, Luca > Date: Wed, 28 Oct 2009 10:07:18 -0300 > From: Israel Junior <israel@...> > Subject: [Efw-user] AD Join with Endian 2.3 > To: efw-user@... > Message-ID: > <ccaba4bd0910280607x76ff9aa3w2ba2258bf7b84efe@...> > Content-Type: text/plain; charset=ISO-8859-1 > > Guys, > > Since Endian 2.3-rc1 I can't join my W2K domain (2.2 could join > successfully) and apply NTLM authentication in Squid. All requirements > needed in EFW 2.2 were tried with no luck in 2.3-rc1 and now in 2.3: > > - Add PDC and BDC hostnames in Network -> Edit Hosts > - Add Domain name and PDC IP in Proxy -> DNS -> DNS Routing > - Add Domain name in Authentication Realm and PDC/BDC hostnames/IPs in > Proxy -> HTTP -> Authentication > > Then, after clicking in "Join Domain" button and inserting my domain > admin user/pass, all I get is "Failed to join domain". > > In /var/log/messages there's only a notification about restarting samba: > > Oct 28 09:54:06 efw-1256721870 sudo: root : TTY=unknown ; PWD=/ ; > USER=root ; COMMAND=/usr/local/bin/restartsamba.py --winbind-only > > Running restartsamba.py manually returns: > > # ./restartsamba.py --winbind-only > Traceback (most recent call last): > File "./restartsamba.py", line 348, in ? > restartWinbind() > File "./restartsamba.py", line 273, in restartWinbind > write_winbind_config(proxy_conf) > File "./restartsamba.py", line 144, in write_winbind_config > write_config(WINBIND_TPL,WINBIND_CONF,proxy_conf) > File "./restartsamba.py", line 134, in write_config > content = t.respond() > File "_etc_samba_winbind_conf_tmpl.py", line 96, in respond > AttributeError: 'str' object has no attribute 'VFFSL' > > Although /var/efw/proxy/settings is correctly set, /etc/samba/smb.conf > doesn't get modified after applying proxy configs/domain joining: > > -rw-r--r-- 1 root root 9.5K Oct 8 11:51 smb.conf > > And there aren't any smb/winbind related processes running. > > I wonder if any of you guys could help me :) -- :: e n d i a n :: open source - open minds :: luca giovenzana :: phone +39 0471 631763 :: gpg key id 3B741128 :: http://www.endian.com :: luca (AT) endian.com ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user signature.asc (204 bytes) Download Attachment
	Proxy Authentication by Anas-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 1.Password change not working(chpasswd.cgi) password db file path not changed to new location. edited to proxy/ncsauser now it works fine. 2.DHCP custom option causing to stop DHCP "service option wpad code 252= text; "option wpad "http://172.20.0.254/proxy.pac"; Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: AD Join with Endian 2.3 by Israel Junior-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, Oct 30, 2009 at 06:14, Luca Giovenzana <luca@...> wrote: > just a quick suggestion to everybody: when you have a problem you can > find interesting information on our bug tracker. You may save time.. No bug report can help, that's why I came in the list. > About this issue, can you try without the BDC address? > Using just the PDC you should avoid the attribute error. No success > Can you check your krb5.conf.tmpl and smb.conf.tmpl like this bug says? > http://bugs.endian.it/view.php?id=2202 krb5.conf.tmpl is set correctly: [realms] $AUTH_REALM.upper() = { kdc = ${NTLM_PDC}.${NTLM_DOMAIN} #if $NTLM_BDC != '' then "%s.%s" % ($NTLM_BDC, $NTLM_DOMAIN) else ""# } smb.conf.tmpl has no reference like the one in krb5.conf.tmpl. Instead, winbind.conf.tmpl has this line: password server = $NTLM_PDC.$NTLM_DOMAIN #if $NTLM_BDC != '' then $NTLM_BDC.$NTLM_DOMAIN else ""# But changing it as suggested in the bug report doesn't change anything. > In case, you'd better have to open a bug report. It's opened: http://bugs.endian.it/view.php?id=2333 -- Israel Junior Analista de Redes http://www.linkedin.com/in/israeljunior ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user
	Re: AD Join with Endian 2.3 by NoDough :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Please forgive this, but I've got to ask this stupid question. In my email client, the line from krb5.conf.tmpl ends like this... >> ($NTLM_BDC, $NTLM_DOMAIN) else ""# } ...Does the closing bracket really follow a comment hash on the same line? Lane Beneke Southern Piping Company http://www.southernpiping.com -----Original Message----- From: Israel Junior [mailto:israel@...] Sent: Friday, October 30, 2009 7:30 AM To: efw-user@... Subject: Re: [Efw-user] AD Join with Endian 2.3 On Fri, Oct 30, 2009 at 06:14, Luca Giovenzana <luca@...> wrote: > just a quick suggestion to everybody: when you have a problem you can > find interesting information on our bug tracker. You may save time.. No bug report can help, that's why I came in the list. > About this issue, can you try without the BDC address? > Using just the PDC you should avoid the attribute error. No success > Can you check your krb5.conf.tmpl and smb.conf.tmpl like this bug says? > http://bugs.endian.it/view.php?id=2202 krb5.conf.tmpl is set correctly: [realms] $AUTH_REALM.upper() = { kdc = ${NTLM_PDC}.${NTLM_DOMAIN} #if $NTLM_BDC != '' then "%s.%s" % ($NTLM_BDC, $NTLM_DOMAIN) else ""# } smb.conf.tmpl has no reference like the one in krb5.conf.tmpl. Instead, winbind.conf.tmpl has this line: password server = $NTLM_PDC.$NTLM_DOMAIN #if $NTLM_BDC != '' then $NTLM_BDC.$NTLM_DOMAIN else ""# But changing it as suggested in the bug report doesn't change anything. > In case, you'd better have to open a bug report. It's opened: http://bugs.endian.it/view.php?id=2333 -- Israel Junior Analista de Redes http://www.linkedin.com/in/israeljunior ------------------------------------------------------------------------ ------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Efw-user mailing list Efw-user@... https://lists.sourceforge.net/lists/listinfo/efw-user