Domain login on WinXP

Vegard.Hanssen at mf.no Vegard.Hanssen at mf.no
Tue Jan 22 03:31:03 GMT 2002 

I have been trying to get WinXP to log into a samba-server. Without doing
something to my setup I got an error "No Access" to the server when trying
to join the domain. (btw, I have created the shell-account for the
computer, but not the samba-account for the computer)

The errors from the log:

[2002/01/22 10:49:22, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2002/01/22 10:49:22, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
  startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd.
Error was Permi
ssion denied
[2002/01/22 10:49:22, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1459)
  unable to open passdb database.


Obviously there is a problem writing to /etc/samba/smbpasswd.

My samba setup is something like (wrong names..):

smbusers:
admin = administrator admin

smb.conf:
domain admin group = admin

---

So the admin user should have enough permissions to do the job - but what
happens is that the admin user itself tries to write to
/etc/samba/smbpasswd, which only the root-shell user has permission to do.
So I tried to "chown admin.admin /etc/samba/smbpasswd", and voila, it
worked. I could add the computer from WinXP to the domain using the admin
user. But I then had to enable the computer with "smbpasswd -e
computername$" to log in.

But, samba changes the owner of smbpasswd back to root, so this isn't a
solution.

Then I tried to change smbusers to:

root = administrator admin

which would set the admin user to shell root user. But then I got Wrong
username or password when trying to add the computer from WinXP. Perhaps
samba tries to log on as root with the same passwd which I use for admin user?

And if that's true, the only thing, which I can think of, to work this out
is to actually use a root user from samba. And I don't like that....You
shouldn't need to let the user have full access to your server too.

Any thoughts on this? samba crew? A bug which forces the writing to
/etc/samba/smbpasswd to log on the shell account which you try to generate
the computer account with?


Vegard

More information about the samba mailing list