Samba PDC _and_ Samba member?
Gary Algier
gaa at ulticom.com
Thu Dec 27 12:24:02 GMT 2001
I am trying to get a Samba PDC and a Samba member server to work together.
I can't.
The documentation describes how to make a Samba PDC work. I got that working.
My Win2k desktop can join just fine.
The documentation describes how to make a Samba server be a member of an
NT domain. It does not tell how to make Samba trust Samba. That's my
problem.
I have the PDC setup to automatically create the machine trust accounts
(using "add user script"). It creates them just fine, at least for my
Win2k desktops. It seems to do it for the Samba member, too as I get
a positive result:
% smbpasswd -j mtlaurel -r mtlpdc -U root
Password:
Joined domain MTLAUREL.
However, when I go to the desktop and try to browse the member server,
I get a login/passwd prompt and I supply answers and the login fails.
Looking at the log (level 10) on the member server I see:
---------------------------------------------------------------------------
[2001/12/27 14:29:58, 0] rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2001/12/27 14:29:58, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2001/12/27 14:29:58, 0] smbd/password.c:connect_to_domain_password_server(1372)
connect_to_domain_password_server: unable to setup the PDC credentials to machine MTLPDC. Error was : NT_STATUS_ACCESS_DENIED.
[2001/12/27 14:29:58, 0] smbd/password.c:domain_client_validate(1591)
domain_client_validate: Domain password server not available.
---------------------------------------------------------------------------
The how-to docs imply that a Samba member must have the trust accounts
created ahead of time on the (NT) PDC. They also say that the (Samba)
PDC mechanism for the equivalent is "smbpasswd -a -m member". So, I
tried that. I turned off the "add user script" on the PDC and cleaned up
smbpasswd there and then issued an "smbpasswd -a -m member" there before
joining. This failed on the join:
% smbpasswd -j mtlaurel -r mtlpdc -U root
Password:
Unable to join domain MTLAUREL.
Is there some document for how to use Samba with Samba? Or is this
impossible? Do I really need to run a Winblows PDC?
I am running Samba 2.2.2 on Solaris 2.6.
Here's the sm.conf files:
--- PDC -------------------------------------------------------------------
[global]
workgroup = MTLAUREL
netbios name = MTLPDC
server string = MTLPDC [MtLaurel PDC on Dil]
encrypt passwords = Yes
update encrypted = Yes
passwd program = /bin/passwd -r nis %u
passwd chat = *password* %n\n *password* %n\n *changed*
passwd chat debug = Yes
unix password sync = Yes
log level = 0
domain admin group = @it
add user script = /etc/samba/add-machine %u
logon path = \\%L\%U\.profile-nt\%m
logon drive = h:
logon home = \\%L\%U\.profile-9x\%m
domain logons = Yes
os level = 65
preferred master = True
domain master = True
wins support = yes
utmp = Yes
--- Member ----------------------------------------------------------------
[global]
workgroup = MTLAUREL
netbios name = PRINT
server string = PRINT [Print Server on Chuckie]
security = domain
encrypt passwords = yes
password server = mtlpdc
log level = 0
preferred master = False
local master = No
domain master = False
utmp = Yes
guest account = ftp
printer admin = @it
wins server = mtlpdc
Please help. If I can't get this to work, I will need to admit to my
management that Windoze is superior and I will need to run an M$ Windows
server. I am a long time unix bigot^H^H^H^H^H^H advocate and I want
to stay that way.
--
Gary Algier, WB2FWZ gaa@@ulticom.com +1 856 787 2758
Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033
A self-addressed envelope would be addressed "envelope."
More information about the samba
mailing list