samba-tng: Cannot create trust account as admin.
Luke Kenneth Casson Leighton
lkcl at samba.org
Mon Jan 17 18:45:29 GMT 2000
ok, this fails [deliberately] because uid 10a5 is not root.
you cannot just have any ordinary unix user modifying private/smbpasswd.
the admin account you type in to the join-domain dialog *must* be mapped
to root on the target box.
to guarantee this, what i tend to do is add an account root to
private/smbpasswd, and not mess about with Administrator or domain user
map files.
On Mon, 17 Jan 2000, Greg Dickie wrote:
>
>
> Hmmm.
>
> This doesn't look right
>
> from log.samr
>
>
> nitialising map
> getpwnam(EDINBURGH-NT$)
> EDINBURGH-NT$ not found
> getpwnam(edinburgh-nt$)
> Found: edinburgh-nt$:*:4261:510:Samba machine trust account:/dev/null:/dev/null
> search by uid: 10a5
> startfileent: opening file /usr/local/samba/private/smbpasswd
> startfileent: unable to open file /usr/local/samba/private/smbpasswd
> unable to open sam password database.
> pwdb_sam_map_names: NULL
> getpwnam(EDINBURGH-NT$)
> EDINBURGH-NT$ not found
>
>
> I had similar stuff when domain_map was in the private directory but I'm
> assuming smbpasswd still needs to be protected. Let me know if I'mon the right
> track ;-)
>
> Greg
>
>
>
> On 17-Jan-00 Luke Kenneth Casson Leighton wrote:
> > hmmm..... that shouldn't be the case.
> >
> > you're using "admin/pass" in the dialog box?
> >
> > try removing the workstation trust account from private/smbpasswd.
> >
> > check if it gets added, what the "flags" are set to. it if says "[DW
> > ]", let me know, i think i may still have a bug, there.
> >
> > On Tue, 18 Jan 2000, Greg Dickie wrote:
> >
> >>
> >> Hi,
> >>
> >> Apologies if this is a known bug but I finally managed to get TNG working
> >> for
> >> me by zapping all the "private" files and recreating them. I seem to have
> >> domain admin. privileges and profiles are fine BUT if I want to join a
> >> workstation to the domain without using smbpasswd first (ie: just the NT
> >> dialog), it does not seem to work (it did in the old 2.1 code). It tells me
> >> my
> >> account does not have privilege. Any pointers to where I could start looking
> >> to
> >> debug this?
> >>
> >> Greg
> >>
> >> ---------------------------------------------------------------------
> >> Greg Dickie
> >> Just A Guy*
> >> *from discreet (the logic is gone)
> >> Montreal
> >> (514) 954-7171
> >> greg at discreet.com
> >>
> >
> > <a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
> > <a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
> > <a href="http://samba.org" > Samba Web site </a>
> > <a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
> > <a href="http://mcp.com" > Macmillan Technical Publishing </a>
> >
> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>
> ---------------------------------------------------------------------
> Greg Dickie
> Just A Guy*
> *from discreet (the logic is gone)
> Montreal
> (514) 954-7171
> greg at discreet.com
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list