andyxs at live.com
Wed Jul 1 00:21:26 GMT 2009
A few weeks ago I installed Samba on CentOS 5.3. Its purpose was to
serve as a primary domain controller along with a file server. After
spending several weeks playing with the config and settings to get it
working I finally got it spot-on. I was able to connect from vista
business and login to each user which had roaming profiles. This week
I reformatted the vista business computers to remove all the badware
so we could start from scratch. I setup these vista machines exactly
the same we before with the same IPs, DNS, Workgroup Name, etc... When
I attempted to connect to the domain controller I come acorss some
I tried connecting using the same domain admin details previously used
which worked only to get an error message, The credentials supplied
conflict with an existing set of credentials. To start over, I then
removed all the centos users, removed all the net groups, and all the
samba users. I then created a new group called domainadmins (SID 512),
domainusers (SID 513), and domainguests (SID 514). I added a
domainadmin user (SID 500) and assigned it to group domainadmins. I
created several users and added them to domainusers. I also added the
nt group map "Domain Admins", "Domain Users", and "Domain Guests" and
assigned those to the coresponding unix groups. I also added all these
users into samba using smbpasswd -a username.
After checking the smbd.log file I could see an error "tree connect
failed: NT_STATUS_ACCESS_DENIED". I looked this up online and found it
was an error caused by the line "valid users = @group". I removed this
line from the config, restarted samba and tried again.
I must point out that I AM able to connect to the samba file server
from vista and access the private user files (once logged in to that
user) and the shared directory. This suggests that the usernames and
passwords are setup correctly and work for the correct groups.
I rebooted the vista machine and tried connecting to the samba pdc
where it asks for login details to join the domain, not the login
details for windows. I entered the domainadmin and the password, vista
waits for a moment then displays an error, something to do with the
I followed the samba docs and manually added the machine trust account
into samba. Firstly adding "PC1$" as a centos user, then as a samba
users with the -m attribute. I then tried again to connect then vista
shows another error saying it cannot connect because of an existing
account already exists. If I remove the account trust is doesn't
connect, but it I manually add the trust then it conflicts saying it
What do I do?
One final question. When windows asks for a login to join the domain
(NOT TO LOGIN USERS) what login is this? Is this the domainadmin
account for every pc, or does each pc have a different login? Are
these admin group logins, user group logins, or something different?
Share your photos with Windows Live Photos – Free.
More information about the samba-technical