security = DOMAIN??

Dan Christopherson danch at str.com
Tue May 25 16:01:42 GMT 1999


The short explanation is that, if this is to be your PDC, you want
security = user. Security = domain means that it will be a member of the
domain, not a controller. 

If you _don't_ want this to be the PDC, you can (i think this will work,
if, on the other hand, i've been smoking something, someone please
correct me for the greater good 8^}) ) remove the file named
<domain>.SID, in the samba's 'private' directory and/or use a different
domain name. Check the FAQ & doco for instructions on getting samba to
join a domain.

Here's my version of the long explanation of what's happening. This is
information i've gleaned from when I did this and wandered through the
code trying to figure out what was wrong. If I'm in error anywhere here,
please feel free to correct me (anyone)

OK, you had it working with security = user encrypt password = yes and
domain logons = yes, correct? That means that your samba box thought it
was the PDC for whatever domain you named in the 'workgroup = ' entry in
your config file. At that point, it generated a <domain>.SID file in
it's private directory. It now thinks that it should respond as the PDC
for that domain. 
Now what happens when you set security = domain is that it looks for the
PDC for that domain. It answers itself, at which point it says something
like "Hey, that's me! If I try to talk to myself about authentication,
I'll just try to talk to myself about authentication and we'll never get
out of this loop. Therefore I'll ignore the fact that I replied as the
controller for this domain and try to find someone else." Naturally, it
can't find another controller, so it gives up. Now, where does that
leave us? The same place we were: if you want this machine to be a PDC,
use 'security = user' and if you don't you need to persuade it that it
isn't.

danch




Nardus Geldenhuys wrote:
> 
> Hi Jerry
> 
> The smb log file :
> 
> [1999/05/25 15:14:33, 1] smbd/server.c:main(605)
> 
> smbd version 2.1.0-prealpha started.
>   Copyright Andrew Tridgell 1992-1998
> [1999/05/25 15:14:33, 2] smbd/server.c:main(609)
>   uid=0 gid=0 euid=0 egid=0
> [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276)
>   Processing section "[homes]"
> [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276)
>   Processing section "[printers]"
> [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276)
>   Processing section "[FTP]"
> [1999/05/25 15:14:33, 2] param/loadparm.c:do_section(2276)
>   Processing section "[lp]"
> [1999/05/25 15:14:33, 2] lib/interface.c:interpret_interfaces(213)
>   Added interface ip=196.11.*.* bcast=196.11.*.* nmask=255.255.255.0
> [1999/05/25 15:14:33, 1] smbd/files.c:file_init(219)
>   file_init: Information only: requested 10000 open files, 1014 are
> available.
> [1999/05/25 15:14:33, 1] libsmb/clientgen.c:cli_connect_serverlist(2800)
>   cli_connect_serverlist: Password server loop - not using password
> server NGELDENHUYS
> [1999/05/25 15:14:33, 0] libsmb/clientgen.c:cli_connect_serverlist(2845)
>   cli_connect_serverlist: Domain password server not available.
> [1999/05/25 15:14:33, 0] lib/sids.c:get_domain_sids(199)
>   get_member_domain_sid: unable to initialise client connection.
> [1999/05/25 15:14:33, 0] smbd/server.c:main(684)
>   ERROR: Samba cannot obtain PDC SID from PDC(s) ngeldenhuys.
> 
> Dont know what to do :\
> 
> Nardus
> 
> > >
> > > Hi,
> > >
> > > I had the PDC stuff working with the security set to
> > > user. Then I wanted to utilize the NT's domain user
> > > manager tool. So, I changed the security to DOMAIN.
> > > Now samba won't start. Would someone be able to shed
> > > some light?
> > >
> >
> > What does the smbd log file say?  What error is given?
> >
> > Cheers,
> > jerry
> > ________________________________________________________________________
> >                             Gerald ( Jerry ) Carter
> > Engineering Network Services                           Auburn University
> > jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw
> >
> >        "...a hundred billion castaways looking for a home."
> >                                   - Sting "Message in a Bottle" ( 1979 )


More information about the samba-ntdom mailing list