samba domain integration
-
-
@Tom-Elliott in fact i just begin to wonder if it worked once
I cant understand why it works with netdom command and not with fog clientDo i have to uninstall and reinstall client to ?
-
@plegrand Well can you provide a teamviewer session (in chat) with me and I can try to help narrow down exactly where the problem lies? I’m going to guess it has to do with the user having the domain as a part of the field.
-
@Tom-Elliott Eureka !!
I made some tests, and i know why i said it worked before : it works with the legacy client and
“Domain Password Legacy” field filled
without problem.
Then i uninstalled legacy client and install new client but now there is an other error29/09/2015 16:39 Client-Info Version: 0.9.5 29/09/2015 16:39 HostnameChanger Running... 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/service/servicemodule-active.php?moduleid=hostnamechanger&mac=00:21:85:71:BD:8E|&newService=1 29/09/2015 16:39 Middleware::Communication Response: Success 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/service/hostname.php?moduleid=hostnamechanger&mac=00:21:85:71:BD:8E|&newService=1 29/09/2015 16:39 Middleware::Communication Response: Invalid host certificate 29/09/2015 16:39 Middleware::Communication URL: http://192.168.39.243/fog/management/other/ssl/srvpublic.crt 29/09/2015 16:39 Data::RSA CA cert found 29/09/2015 16:39 Middleware::Authentication Cert OK 29/09/2015 16:39 Middleware::Communication POST URL: http://192.168.39.243/fog/management/index.php?sub=authorize 29/09/2015 16:39 Middleware::Communication Response: Invalid security token -
So does that seem to indicate a difference in the passwords?
-
@Tom-Elliott it’s the same password used
i put the “real” password into “Domain Password” field
and same password encrypted with FogCrypt into “Domain Password Legacy” field -
@Tom-Elliott May be i didn’t understand your question?
Do you need more information ?
I think legacy client and new client doesn’t use the same method to join domain. Am i wrong ?
Just to be clear
join domain works fine with legacy client and doesn’t works with the new client
I made the tests with the same domain user and the same password
clear for new client
and encrypted with Fog Crypt for the legacy client -
@Tom-Elliott Hello Tom, do you think my problem come from a bug in the new client, or from me and my configuration?
Do you want i make some other tests ?
Thanks -
I guess @Jbob would know…
-
I would ask if you have updated again.
See, I’ve tested what I can, but I don’t have a logical answer as to why it’s not working for you. It should be.
-
@Uncle-Frank
Do you think he could explain me why i can join to samba domain with “all” method except with the new client ?It works with the classic manual method
It works with netdom command line
It works with legacy client
It does not works with new client
I cant see anything in samba log
May be he could told me what is the difference between “legacy client” method an “new client” method.
I’m ok to make some test if it’s usefull
Thanks for your and Tom helpI cant understand what happen
-
@Tom-Elliott
As i install, uninstall, reinstall fog client, is it possible that windows kept first credential, the first i use with apostrophe in password ?
while fog show (http://192.168.39.243/fog/service/hostname.php?mac=00:21:85:71:bd:8e) the good samba adminisrator ? -
Hmmm… may be it’s important : i’m making this test on a windows XP machine
Do i have to use legacy client for windows XP or it should works also with the new client ?
May be new client use powershell for domain integration ? -
@plegrand The error you reported in your last log “Invalid security token” is because you re-installed the client. You have to click “Reset Encryption Data” for the host on the web portal whenever you do that.
Now then as for Samba. The most likely reason this only occurs for the new client is because the server can’t properly parse your ’ character. Here is why: The new client does on-the-fly encryption, meaning the server encrypts the AD password with a special encryption key only the client knows and sends it to the client. With the legacy client, you were giving the server the FOGCrypt’d password, which from a plain text perspective did not contain a ’ . More than likely it is because the server is stripping out the ’ , and nothing to do with the client. Every release the client is tested against multiple AD scenarios, and LDAP scenarios. In addition, it is XP compatible.
I will try and confirm this shortly.
-
Confirmed. The server is replace ’ with '. This is now in @Tom-Elliott s domain
Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.
-
@Jbob i made all my test with a password without apostrophe " ’ ".
domain : samba_domain
domain admin : admin_samba
password domain admin : password
and then with this configuration :
It works with the classic manual method
It works with netdom command line
It works with legacy client
It does not works with new client
Thanks for your help -
As I previously stated, according to your log its because the client couldn’t authenticate. You have to press 'Reset Encryption Data"
-
@Jbob i already do that . It was because i uninstalled legacy client and reinstall new client
Then i pressed 'Reset Encryption Data"
But afater that the problem is still there.
I cant join domain with new client -
-
also, can you update again, only this time, also re-enter the password in the ADPass field and/or fields.
