[Samba] Switching to another Samba server
John H Terpstra
jht at samba.org
Thu Nov 14 05:43:01 GMT 2002
David,
If this samba server IS your domain controller then you definitely do NOT
want "security = server". This option requires you to add "password server
= *" so that samba can find the external password server (domain
controller).
Instead you want "security = user". That should get rid of the error
messages.
- John T.
On Wed, 13 Nov 2002, David Donahue wrote:
> Well, it would appear that the newly created smbpasswd file, in
> conjunction with Andrew's advice to export /tmp before running smbd, did
> the trick... Mostly. The domain itself seems to be physically working.
> Of course, I'll be conducting more tests as I go along. However, my
> logs still show that same error about a password server. I'll re-paste
> it here:
>
> > [2002/11/13 07:09:17, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
>
> It doesn't _seem_ to be causing any problems, but any error in a log
> file is cause for concern in my book. Especially when it has the word
> "password" in it. Do you have any idea what it could mean, or perhaps
> could point me in another direction to find it?
>
> Again, I can't thank you enough for your offer to help on this one.
> And, if you wish, I can stop spamming you with all my problems and log
> files :)
>
>
>
> David P. Donahue
> david.donahue at firstsolution.com
> First Call Computer Solutions
>
>
>
> -----Original Message-----
> From: David Donahue
> Sent: Wednesday, November 13, 2002 9:11 AM
> To: 'John H Terpstra'
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Switching to another Samba server
>
>
> >>What is your platform?
>
> Mandrake Linux 9.0 (old server is Mandrake Linux 8.1).
>
> >>Did you build the samba binaries?
>
> 2.2.2, yes. 2.2.6 was built as part of the OS install. I did a full
> install (every package on the list), if that's useful to you.
>
> >>If so, what argumentes did you give to configure when you built it?
>
> For 2.2.2, none. Just "./configure;make;make install"
>
> >>Which files did you copy from the old server to the new one?
>
> smb.conf, smbpasswd, smbusers
>
> >>On the new machine are the UIDs the same as on the old one?
>
> Identical. But, as I said, I'll be re-making the smbpasswd file tonight
> anyway. So if there are any discrepencies in users that I've
> overlooked, that will fix them.
>
>
>
> - John T.
>
> On Wed, 13 Nov 2002, David Donahue wrote:
>
> > I really appreciate your help in this matter. It would seem that I'm
> > still running into some problems with 2.2.6, but this time I have lots
>
> > and lots of log info that might help. First, we'll start with my
> > smb.conf file:
> >
> > ######################################################################
> > ##
> > ###
> > [global]
> > workgroup = SAMBA
> > security = server
> > netbios name = EPYON
> > server string = Samba 2.2.6
> > interfaces = 192.168.0.10/24
> > encrypt passwords = Yes
> > passwd program = /usr/bin/passwd %u
> > smb passwd file = /etc/samba/smbpasswd
> > passwd chat = "*New password:*" %n\r "*New password (again):*"
>
> > %n\r "*Password changed*"
> > unix password sync = Yes
> > syslog = 2
> > log file = /var/log/samba/log.%m
> > time server = Yes
> > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> > /bin/false -M %u
> > logon script = %U.bat
> > logon path = \\epyon\profile\%U
> > domain logons = Yes
> > os level = 34
> > preferred master = Yes
> > domain master = Yes
> > lock directory = /var/lock/samba/locks
> > admin users = root
> > hosts allow = 192.168.0.
> > hide dot files = No
> >
> > [netlogon]
> > comment = "Domain Logon Services"
> > path = /etc/samba/smblogon
> > browseable = No
> >
> > [homes]
> > comment = "Home Directory for : %u "
> > path = /home/%u
> > writeable = Yes
> > create mask = 0644
> > directory mask = 0755
> > browseable = No
> >
> > [profile]
> > comment = "User profiles"
> > path = /etc/samba/smbprofile
> > writeable = Yes
> > create mask = 0600
> > directory mask = 0700
> > browseable = No
> >
> > [cdimage]
> > comment = "Mounted CD ISO"
> > path = /mnt/cdimage
> >
> > [cdimage2]
> > comment = "Mounted CD ISO"
> > path = /mnt/cdimage2
> >
> > [programs]
> > comment = "Installed Programs"
> > path = /etc/samba/smbprograms
> > writeable = Yes
> > create mask = 0644
> >
> > [share]
> > comment = "Public Share"
> > path = /etc/samba/smbshare
> > writeable = Yes
> > create mask = 0666
> > directory mask = 0777
> >
> > [web]
> > comment = "Website"
> > path = /home/www/public
> > guest ok = yes
> > read only = yes
> >
> > [all]
> > comment = "Root Directory"
> > path = /
> > writeable = Yes
> > create mask = 0644
> > directory mask = 0755
> > ######################################################################
> > ##
> > ###
> >
> > This, along with smbpasswd and other samba files, was copied directly
> > from the currently running Samba server on my network. The only
> > changes made were to the name of the workgroup, the interface IP and
> > some of the paths that are slightly different on the new server.
> > Note: Is it possible that copying smbpasswd from another computer and
> > not directly creating it on the new computer is causing this? This
> > just occurred to me and I can't test it until I get home from work
> > later today.
> >
> > Now, for the log files. I flushed them and started a new server last
> > night, then tried to join the domain this morning, with the same
> > results. Here's the log file for nmbd:
> >
> > ######################################################################
> > ##
> > ###
> > [2002/11/12 19:59:01, 0] nmbd/nmbd.c:main(794)
> > Netbios nameserver version 2.2.6pre2 started.
> > Copyright Andrew Tridgell and the Samba Team 1994-2002 [2002/11/12
> > 19:59:01, 0] nmbd/nmbd.c:main(826)
> > standard input is not a socket, assuming -D option [2002/11/12
> > 19:59:01, 0] nmbd/nmbd_logonnames.c:add_logon_names(155)
> > add_domain_logon_names:
> > Attempting to become logon server for workgroup SAMBA on subnet
> > 192.168.0.10 [2002/11/12 19:59:01, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
> > become_domain_master_browser_bcast:
> > Attempting to become domain master browser on workgroup SAMBA on
> > subnet 192.168.0.10
> > [2002/11/12 19:59:01, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
> > become_domain_master_browser_bcast: querying subnet 192.168.0.10 for
> > domain master browser on workgroup SAMBA
> > [2002/11/12 19:59:05, 0]
> > nmbd/nmbd_logonnames.c:become_logon_server_success(114)
> > become_logon_server_success: Samba is now a logon server for
> workgroup
> > SAMBA on subnet 192.168.0.10
> > [2002/11/12 19:59:05, 0]
> > nmbd/nmbd_responserecordsdb.c:find_response_record(235)
> > find_response_record: response packet id 15312 received with no
> > matching record.
> > [2002/11/12 19:59:05, 0]
> > nmbd/nmbd_responserecordsdb.c:find_response_record(235)
> > find_response_record: response packet id 15313 received with no
> > matching record.
> > [2002/11/12 19:59:09, 0]
> > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(114)
> > *****
> >
> > Samba server EPYON is now a domain master browser for workgroup
> > SAMBA on subnet 192.168.0.10
> >
> > *****
> > [2002/11/12 19:59:24, 0]
> > nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
> > *****
> >
> > Samba name server EPYON is now a local master browser for workgroup
> > SAMBA on subnet 192.168.0.10
> >
> > *****
> > ######################################################################
> > ##
> > ###
> >
> > and now the log file for smbd:
> >
> > ######################################################################
> > ##
> > ###
> > [2002/11/12 19:59:03, 0] smbd/server.c:main(707)
> > smbd version 2.2.6pre2 started.
> > Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/11/12
> > 19:59:03, 0] smbd/server.c:main(751)
> > standard input is not a socket, assuming -D option
> > ######################################################################
> > ##
> > ###
> >
> > and, of course, the log file for the Windows box trying to join the
> > domain:
> >
> > ######################################################################
> > ##
> > ###
> > [2002/11/13 07:05:29, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:05:29, 0] smbd/service.c:make_connection(384)
> > root logged in as admin user (root privileges)
> > [2002/11/13 07:05:31, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:05:31, 0] smbd/service.c:make_connection(384)
> > root logged in as admin user (root privileges)
> > [2002/11/13 07:05:32, 0]
> > rpc_server/srv_samr.c:api_samr_set_userinfo(670)
> > api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
> > [2002/11/13 07:06:02, 0] smbd/service.c:set_current_service(60)
> > chdir (/root/tmp) failed
> > [2002/11/13 07:06:27, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:06:27, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:06:27, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:06:27, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:06:34, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:06:34, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:17, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:17, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:21, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:21, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:09:24, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:09:24, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > [2002/11/13 07:10:34, 0] smbd/password.c:server_cryptkey(1054)
> > password server not available
> > [2002/11/13 07:10:34, 0] smbd/service.c:make_connection(603)
> > hal (192.168.0.4) Can't change directory to /root/tmp (Permission
> > denied)
> > ######################################################################
> > ##
> > ###
> >
> > As you can see, the client machine generated alot of the same error in
> > a short period of time. The earlier entries (7:05-ish) were
> > undoubtedly when I joined the domain, which looked successful from the
>
> > client's side (hence the "root" mentions in the log... I used the root
>
> > account to physically join the domain). The later entries (7:09-ish)
> > would then have been me trying to logon to the domain after a reboot.
>
> > Neither a normal user, nor root could login to the domain. It always
> > said the domain in unavailable.
> >
> > Again, I really appreciate your offer to help on this. Unless told
> > otherwise, I'll be re-creating the smbpasswd file later this evening
> > and testing that. Are there any changes from 2.2.2 to 2.2.6 that
> > would require me to change something in my smb.conf file?
> >
> >
> >
> > David P. Donahue
> > david.donahue at firstsolution.com
> > First Call Computer Solutions
> > A Montana Technology Resource Company
> >
> >
> >
> > -----Original Message-----
> > From: John H Terpstra [mailto:jht at samba.org]
> > Sent: Monday, November 11, 2002 8:03 PM
> > To: David Donahue
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Switching to another Samba server
> >
> >
> > David,
> >
> > Suggest you update to samba-2.2.6 or later (there will be an update
> > later this week). The /root/tmp issue was a known problem with 2.2.2
> > and has been fixed. Best advice is to update to 2.2.6. If you then
> > still have a problem, email me <jht at samba.org> and I will try to
> > assist.
> >
> > - John T.
> >
> > On Mon, 11 Nov 2002, David Donahue wrote:
> >
> > > I've been running Samba 2.2.2 for a while as a domain controller on
> > > my
> >
> > > mostly Windows network. It's been working great up to this point.
> > > Anyway, I just put together a new Linux server and installed 2.2.2
> > > on it as well.
> > >
> > > I copied the conf file and pretty much mirrored everything on the
> > > existing server, changed the paths and the "workgroup" field in the
> > > conf file to match the new server, and ran the software. I'm able
> > > to join the domain, but when I attempt to login to it after
> > > rebooting, it
> >
> > > says the domain is not available. And when I login to the Windows
> > > machine as the local Administrator and try to connect to the domain
> > > it
> >
> > > says "the server is not configured for transactions."
> > >
> > > The log file samba generated for that client's connection repeats
> > > attempts to access /root/tmp (I don't know why) and keeps saying
> > > that a password server is unavailable. Any ideas?
> > >
> > > Could the problem be some kind of conflict with the current server
> > > on the other machine? Until the new one is fully working I still
> > > have the old one running on the other computer. Admittedly, I don't
>
> > > know what every setting in the conf file does. So is it likely
> > > that, for certain fields, identical settings on both machines would
> > > cause some kind of conflict during a logon?
> > >
> > >
> > >
> > > David P. Donahue
> > > david.donahue at firstsolution.com
> > > First Call Computer Solutions
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> >
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list