[Samba] Linux as PDC

Rob Watkin rob at enprise.co.uk
Fri Sep 1 14:04:58 GMT 2006


Hi Robert

I will post the latest version smb.conf file below. I have followed the
instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO-
Collection/FastStart.html section "Domain Controller" for the most part.

I have one server (TAU) and one Windows XP client (vm-201). I can get
vm-201 to join my BC workgroup but not the domain. I am rebooting the XP
machine and restarting samba on TAU between experiments.

I have just noticed the following error in the log file which I think is
at the bottom of all this! When I try to get the XP box to join the BC
domain it asks for a username and password, I give tom ****** and then
Windows says
      "Computer Name Changes" 
   The following error occurred attempting to join the domain "BC":
   The user name could not be found.
       <OK>

log.smbd
===========================================================
[2006/09/01 14:39:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0
useradd: unable to lock password file
[2006/09/01 14:39:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user
(2415)
  _samr_create_user: Running the command `/usr/sbin/useradd -
s /bin/false/ -d /var/lib/nobody vm-201$' gave 1



smb.conf
====================================================

[global]
   workgroup = BC
   netbios name = TAU
   server string = %h server (Samba, Ubuntu)

   
   passdb backend = tdbsam
   security = user
   username map = /etc/samba/smbusers
   name resolve order = wins bcast hosts
   domain logons = yes
   os level = 35
   domain master = yes
   preferred master = yes
   wins support = yes
   
   # Set CUPS for printing
   printcap name = CUPS
   printing = CUPS
   
   # Default logon
   logon drive = H:
   logon home = \\%L\%U
   ### logon script = scripts/logon.bat
   logon script = scripts\logon.bat
   logon path = \\%L\profile\%U


   # Useradd scripts
   add user script = /usr/sbin/useradd -m %u
   delete user script = /usr/sbin/userdel -r %u
   add group script = /usr/sbin/groupadd %g
   delete group script = /usr/sbin/groupdel %g
   add user to group script = /usr/sbin/usermod -G %g %u
   add machine script = /usr/sbin/useradd -s /bin/false/ -
d /var/lib/nobody %u
   idmap uid = 15000-20000
   idmap gid = 15000-20000


   # sync smb passwords woth linux passwords
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
\spassword:* %n\n .
   passwd chat debug = yes
   unix password sync = yes
   
   # set the loglevel
   log level = 3


[homes]
   comment = Home Directories
   valid users = %S
   read only = no
   browsable = no


[printers]
   comment = All Printers
   path = /var/spool/samba
   printer admin = root, rob
   create mask = 0600
   printable = yes
   guest ok = yes
   browsable = no

[print$]
   comment = Printer Drivers Share
   path = /var/lib/samba/drivers
   write list = rob, root
   printer admin = rob, root

[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   admin users = root, rob
   guest ok = yes
   browseable = no
   ### admin users = Administrator
   ### valid users = %U
   ### read only = no


[profile]
   comment = Roaming profile share
   path = /home/samba/profiles
   read only = no
   profile acls = yes
   ### valid users = %U
   ### create mode = 0600
   ### directory mode = 0700
   ### writable = yes
   ### browsable = no

[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users 
  create mask = 0660
  directory mask = 0771
  writable = yes


On Fri, 2006-09-01 at 09:25 -0400, Robert Adkins wrote:
> Rob,
> 
>     Post your smb.conf file, remove identifying information or 
> substitute it for something else, such as IP Address ranges and 
> Server/Workgroup names. You may also wish to cut out any information 
> about the shares as well.
> 
>     Beyond that, with these workstations you are attempting to join to 
> the domain, are they already in a workgroup using the same name as the 
> domain? Also, do they have any mounted drives on the server you are 
> setting up as the Samba PDC?
> 
>     Both of those will cause a failure for Samba to allow the creation 
> of computer accounts and Domain joining.
> 
>     If the computers are not part of DomainX and are part of WorkGroupY, 
> but you have a share from the PDC of DomainX mounted, type the following 
> in the Windows command line...
> 
>    net use * /D (Yes, with a capital D)
> 
>     This will disconnect all connections to the server and will allow 
> you to join the workstation to the domain, just fine.
> 
> --
> 
>     Regards,  
>     Robert Adkins
>     IT Manager/Buyer
>     Impel Industries, Inc.
> 
> Rob Watkin wrote:
> > Hi,
> >
> > I am trying to configure Samba as a primary domain controller so that
> > our local school can have roaming logins. I am using Ubuntu server
> > 6.06.1 on i386. So far I can get everything working as a workgroup but I
> > can't get my windows clients to join the domain.
> >
> > I have read and followed several HOWTO's but I keep hitting the same
> > problems. Are there any documents which explain what a PDC is and how I
> > can tell why my windows clients wont join my domain.
> >
> > Thanks
> >
> > Rob W
> >
> >   
> 



More information about the samba mailing list