[Samba] I am at my wits end

Ray Simard ray.simard at sylvan-glade.com
Wed Dec 18 00:26:00 GMT 2002

On Tuesday 17 December 2002 15:42, Jason Kirschenmann wrote:
> Hi,
> I'm a relatively new Samba user and this is my problem.  I have gone
> through all of the DIAGNOSIS.txt and only get errors in Test 8 and 9.  They
> repeatedly give me the same error i get when i try and access my samba
> server and that is
> "The account is not authorized to log in from this station"  My computer is
> part of a domain if you need to know that.

You have not yet joined the Samba machine to the domain, so the domain 
controller doesn't know the machine yet. Here's what I understand you'll need 
to do; others may have more to say on the subject:

1. Change "security = share" to "security = domain"
2. Add "password server = NNN" where NNN is the NetBIOS name
    of the primary domain controller for your domain.
2. Use smbpasswd (as root) to add the machine to the domain. There are two
    ways this is done:

    a. If the computer's trust account is already set up on the domain
        controller, do:

> smbpasswd -j DN 

where DN is the name of the domain you're joining.

   b. If the trust account is not set up on the PDC, do this:

> smbpasswd -j DN -U <username>

where <username> is a name authorized to add computers to the domain. If you 
don't have such a username, you'll have to get a suitable admin to add the 
trust account on the PDC and then do step a above.

Also, I suspect that you may want to review the security settings on your 
machine. You have writable and public set to "yes" in the global section of 
smb.conf. I'd set them to "no" and then override them to "yes" in the 
sections for the individual services that require them.

If you allow public writing to a directory, consider setting the sticky bit 
for the directory. (See chmod(1))


Ray Simard

More information about the samba mailing list