[Samba] Cannot connect MacOSX domain member to PDC

Huyler, Christopher M CHRISTOPHER.HUYLER at ca.com
Tue May 18 18:29:07 GMT 2004 

There are several things wrong with your smb.conf file...

First, you should not have a netbios name and a workgroup with the same
name...I think you may be confusing yourself.  There is nothing wrong
with it, but I don't think that is what you intend.  Think of the
workgroup as the domain name and the netbios name as the machine name.

Your PDC Solaris machine should at least have the following:
(substitute HOME for your preferred domain name)

netbios name = Sun280
workgroup = HOME
security = domain
domain logons = Yes
domain master = Yes
preferred master = Yes
encrypt passwords = yes

And your domain member OSX machine should AT LEAST have the following:
(substitute HOME for the domain name you used above)

netbios name = G5server
workgroup = HOME
security = domain
domain logons = No
domain master = No
encrypt passwords = yes
password server = Sun280

Once you set all that up you should be able to simply call:

net join -S Sun280 -U username%password

You do not need to specify both the server name and ip address, and it
will pick up the workgroup/domain from the server which will be the same
as "HOME" in the above examples anyway.  The username and password
should be of an account that has privileges to add machines to the
domain.

Also, depending on your PDC settings, you may have to create a machine
account before running "net join...".  

~ Chris


-----Original Message-----
From: Tony Baker [mailto:tony at onestep.co.uk] 
Sent: Tuesday, May 18, 2004 12:15 PM
To: Huyler, Christopher M
Cc: samba at lists.samba.org
Subject: RE: [Samba] Cannot connect MacOSX domain member to PDC

I am not running LDAP or AD on the PDC (Sun running PCNetlink)
Is that the problem?? Will an Apple (Samba3.0) only join a domain runing
LDAP or AD??

#############################
##excerpt from logs from Apple##
############################
2004/05/18 10:32:42, 0]
/SourceCache/samba/samba-56/samba/source/nmbd/nmbd.c:process(540)
  Got SIGHUP dumping debug info.
[2004/05/18 10:32:42, 0]
/SourceCache/samba/samba-56/samba/source/nmbd/nmbd_workgroupdb.c:dump_wo
rkgroups(266)
  dump_workgroups()
   dump workgroup on subnet       10.1.1.61: netmask=  255.255.240.0:
  	G5SERVER(2) current master browser = UNKNOWN
  		G5SERVER 40009a03 (Mac OS X)
[2004/05/18 10:32:42, 0]
/SourceCache/samba/samba-56/samba/source/nmbd/nmbd_workgroupdb.c:dump_wo
rkgroups(266)
  dump_workgroups()
   dump workgroup on subnet  UNICAST_SUBNET: netmask=        0.0.0.0:
  	WORKGROUP(1) current master browser = UNKNOWN
  		G5SERVER 40009a03 (Mac OS X)
[2004/05/18 10:32:42, 0]
/SourceCache/samba/samba-56/samba/source/nmbd/nmbd_browsesync.c:collect_
all_workgroup_names_from_wins_server(585)
  collect_all_workgroup_names_from_wins_server:
  Cannot find my workgroup G5SERVER on subnet UNICAST_SUBNET.

##################################
##following when trying to join domain##
#################################
net join -S Sun280 -I x.x.x.x -w domainname
root password: 
could not initialise lsa pipe
could not obtain sid for domain

######################
##smb.conf from Apple##
#####################
more smb.conf
[global]
        workgroup = G5server
        display charset = UTF-8-MAC
        print command = /usr/sbin/PrintServiceAccess printps %p %s
        lprm command = /usr/sbin/PrintServiceAccess remove %p %j
        security = user
        guest account = unknown
        encrypt passwords = yes
        printing = BSD
        allow trusted domains = no
        preferred master = no
        lppause command = /usr/sbin/PrintServiceAccess hold %p %j
        netbios name = G5server
        wins support = no
        max smbd processes = 0
        printcap =  
        wins server = x.x.x.x
        server string = Mac OS X
        lpresume command = /usr/sbin/PrintServiceAccess release %p %j
        client ntlmv2 auth = no
        domain logons = no
        lpq command = /usr/sbin/PrintServiceAccess jobs %p
        passdb backend = opendirectorysam guest
        dos charset = CP437
        unix charset = UTF-8-MAC
        auth methods = guest opendirectory
        local master = no
        use spnego = no
        map to guest = Bad User
        domain master = no
        printer admin = @admin, @staff
        log level = 2
[homes]
        comment = User Home Directories
        root preexec = /usr/sbin/inituser %U
        create mode = 0750
        read only = no
        browseable = no
[Public]
        comment = macosx
        inherit permissions = no
        path = /Shared Items/Public
        directory mask = 0755
        map archive = no
        guest ok = 1
        read only = no
        create mask = 0644
[Users]
        comment = macosx
        inherit permissions = no
        path = /Users
        directory mask = 0755
        map archive = no
        guest ok = 1
        read only = no
        create mask = 0644
[Groups]
        comment = macosx
        inherit permissions = no
        path = /Groups
        directory mask = 0755
        map archive = no
        guest ok = 1
        read only = no
        create mask = 0644
[OData]
        oplocks = 0
        map archive = no
        path = /RAID/OData
        read only = no
        inherit permissions = 0
        strict locking = 1
        comment = macosx
        create mask = 0664
        guest ok = 1
        directory mask = 0775
[printers]
        printable = yes
        path = /tmp

>> From: Huyler, Christopher M [mailto:CHRISTOPHER.HUYLER at ca.com] 
>> Sent: 18 May 2004 13:24
>> To: tony at onestep.co.uk
>> Cc: samba at lists.samba.org
>> Subject: RE: [Samba] Cannot connect MacOSX domain member to PDC
>> 
>> 
>> What is it that you have tried so far?  Post your server and client
>> smb.conf files as well as the exact error so we can get a 
>> better grasp
>> of the problem.
>> 
>> You should also take a look at the "Directory Access" application in
>> /Applications/Utilities if you haven't already.  It will allow you to
>> use Active Directory or LDAP to authenticate your 
>> username/password when
>> you login.  Before you do that, though, you do need to join 
>> the domain
>> with samba using "net ads|rpc join -S servername -U username".  You
>> might be getting the master browser errors because you are not
>> specifying the server.

>> 
>> -----Original Message-----
>> From: Tony Baker [mailto:tony at onestep.co.uk] 
>> Sent: Tuesday, May 18, 2004 8:51 AM
>> To: samba at lists.samba.org
>> Subject: [Samba] Cannot connect MacOSX domain member to PDC
>> 
>> I have a PDC which is a Sun280R with Solaris 8 running PCNetlink2.0
>> (effectively a WindowsNT4.0 server)
>> 
>> I want to join a Apple G5 with MacOSX10.3.3 (Samba 3.0) as a domain
>> member of the above PDC.
>> 
>> It will not allow me to do this and has lots of "master browser -
>> unknown" in the logs of the Apple.
>> 
>> I have the IP address in the same range as the PDC and have 
>> the netmask
>> set the same also.
>> 
>> I can make the Apple a standalone server and can then map a 
>> drive in a
>> windows client, but it is still not seen in "Network Neighbourhood".
>> 
>> Has anybody had/seen these issues with Apples before and can 
>> pass on any
>> help.
>> 
>> 
>> Regards
>>  
>> Tony
>> 
>>

More information about the samba mailing list