samba-tng: Cannot create trust account as admin.
Greg Dickie
greg at discreet.com
Mon Jan 17 19:01:40 GMT 2000
Ok..... but if I am listed in "admin users" then that is supposed to equate to
root on the samba server no? Hmmm that's kind of a pain but if it works then
I'm good.
so far so good....
Thanks alot,
Greg
On 17-Jan-00 Luke Kenneth Casson Leighton wrote:
> ok, this fails [deliberately] because uid 10a5 is not root.
>
> you cannot just have any ordinary unix user modifying private/smbpasswd.
>
> the admin account you type in to the join-domain dialog *must* be mapped
> to root on the target box.
>
> to guarantee this, what i tend to do is add an account root to
> private/smbpasswd, and not mess about with Administrator or domain user
> map files.
>
> On Mon, 17 Jan 2000, Greg Dickie wrote:
>
>>
>>
>> Hmmm.
>>
>> This doesn't look right
>>
>> from log.samr
>>
>>
>> nitialising map
>> getpwnam(EDINBURGH-NT$)
>> EDINBURGH-NT$ not found
>> getpwnam(edinburgh-nt$)
>> Found: edinburgh-nt$:*:4261:510:Samba machine trust
>> account:/dev/null:/dev/null
>> search by uid: 10a5
>> startfileent: opening file /usr/local/samba/private/smbpasswd
>> startfileent: unable to open file /usr/local/samba/private/smbpasswd
>> unable to open sam password database.
>> pwdb_sam_map_names: NULL
>> getpwnam(EDINBURGH-NT$)
>> EDINBURGH-NT$ not found
>>
>>
>> I had similar stuff when domain_map was in the private directory but I'm
>> assuming smbpasswd still needs to be protected. Let me know if I'mon the
>> right
>> track ;-)
>>
>> Greg
>>
>>
>>
>> On 17-Jan-00 Luke Kenneth Casson Leighton wrote:
>> > hmmm..... that shouldn't be the case.
>> >
>> > you're using "admin/pass" in the dialog box?
>> >
>> > try removing the workstation trust account from private/smbpasswd.
>> >
>> > check if it gets added, what the "flags" are set to. it if says "[DW
>> > ]", let me know, i think i may still have a bug, there.
>> >
>> > On Tue, 18 Jan 2000, Greg Dickie wrote:
>> >
>> >>
>> >> Hi,
>> >>
>> >> Apologies if this is a known bug but I finally managed to get TNG
>> >> working
>> >> for
>> >> me by zapping all the "private" files and recreating them. I seem to have
>> >> domain admin. privileges and profiles are fine BUT if I want to join a
>> >> workstation to the domain without using smbpasswd first (ie: just the NT
>> >> dialog), it does not seem to work (it did in the old 2.1 code). It tells
>> >> me
>> >> my
>> >> account does not have privilege. Any pointers to where I could start
>> >> looking
>> >> to
>> >> debug this?
>> >>
>> >> Greg
>> >>
>> >> ---------------------------------------------------------------------
>> >> Greg Dickie
>> >> Just A Guy*
>> >> *from discreet (the logic is gone)
>> >> Montreal
>> >> (514) 954-7171
>> >> greg at discreet.com
>> >>
>> >
>> > <a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
>> > <a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
>> > <a href="http://samba.org" > Samba Web site </a>
>> > <a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
>> > <a href="http://mcp.com" > Macmillan Technical Publishing </a>
>> >
>> > ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>>
>> ---------------------------------------------------------------------
>> Greg Dickie
>> Just A Guy*
>> *from discreet (the logic is gone)
>> Montreal
>> (514) 954-7171
>> greg at discreet.com
>>
>
> <a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
> <a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
> <a href="http://samba.org" > Samba Web site </a>
> <a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
> <a href="http://mcp.com" > Macmillan Technical Publishing </a>
>
> ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
---------------------------------------------------------------------
Greg Dickie
Just A Guy*
*from discreet (the logic is gone)
Montreal
(514) 954-7171
greg at discreet.com
More information about the samba-ntdom
mailing list