Domain login on WinXP
Vegard.Hanssen at mf.no
Vegard.Hanssen at mf.no
Tue Jan 22 03:31:03 GMT 2002
I have been trying to get WinXP to log into a samba-server. Without doing
something to my setup I got an error "No Access" to the server when trying
to join the domain. (btw, I have created the shell-account for the
computer, but not the samba-account for the computer)
The errors from the log:
[2002/01/22 10:49:22, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672)
api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2002/01/22 10:49:22, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171)
startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd.
Error was Permi
ssion denied
[2002/01/22 10:49:22, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1459)
unable to open passdb database.
Obviously there is a problem writing to /etc/samba/smbpasswd.
My samba setup is something like (wrong names..):
smbusers:
admin = administrator admin
smb.conf:
domain admin group = admin
---
So the admin user should have enough permissions to do the job - but what
happens is that the admin user itself tries to write to
/etc/samba/smbpasswd, which only the root-shell user has permission to do.
So I tried to "chown admin.admin /etc/samba/smbpasswd", and voila, it
worked. I could add the computer from WinXP to the domain using the admin
user. But I then had to enable the computer with "smbpasswd -e
computername$" to log in.
But, samba changes the owner of smbpasswd back to root, so this isn't a
solution.
Then I tried to change smbusers to:
root = administrator admin
which would set the admin user to shell root user. But then I got Wrong
username or password when trying to add the computer from WinXP. Perhaps
samba tries to log on as root with the same passwd which I use for admin user?
And if that's true, the only thing, which I can think of, to work this out
is to actually use a root user from samba. And I don't like that....You
shouldn't need to let the user have full access to your server too.
Any thoughts on this? samba crew? A bug which forces the writing to
/etc/samba/smbpasswd to log on the shell account which you try to generate
the computer account with?
Vegard
More information about the samba
mailing list