No subject


Mon Dec 1 12:27:21 GMT 2003


account to join the Win2K PCs to the domain.  You have to use the root
account.  Therefore making the account "root" invalid is not a good thing
(or I would assume).  Just create a root account in the smbpasswd file and
make the password different from your unix account (if security is your
concern).  Does this make sense?

Regards,

Alan B. Moote
Systems Administrator
MARK IV Industries
tel: 905.624.7908
fax: 905.625.6197


                                                                                                                                       
                      Thomas Kirk                                                                                                      
                      <thomas at arkena.co        To:       samba at lists.samba.org                                                         
                      m>                       cc:                                                                                     
                      Sent by:                 Subject:  [Samba] Samba 2.23a PDC                                                       
                      samba-admin at lists                                                                                                
                      .samba.org                                                                                                       
                                                                                                                                       
                                                                                                                                       
                      07/10/02 06:24 AM                                                                                                
                                                                                                                                       
                                                                                                                                       




Hey there Listmembers

Im writing this because i havnt been able to solve my problem.
Im trying to set up a samba server as PDC and im using samba 2.2.3a
from debian "woody". ive attached my smb.conf file.

The problem :

When i try to join a win2k box to the domain i get this error :

"The specified network passwords is not correct" Ofcourse ive
doublecheck if the password im using is ok and it is.

Here is the output from log.smb :

   Requested protocol [Windows for Workgroups 3.1a]
  negprot index=5
  smb_flg=136
  smb_bcc=13
  size=184
  smb_mid=64
  smt_wct=13
  sesssetupX:name=[root]
  Home server: nas
  smb_password_ok: Checking SMB password for user root
  smb_password_ok: challenge received
  smb_password_ok: Checking NT MD4 password
  smb_password_ok: NT MD4 password check succeeded
  smb_pam_start: PAM: Init user: root
  smb_pam_start: PAM: setting rhost to: mads
  smb_pam_start: PAM: setting tty
  smb_pam_start: PAM: Init passed for user: root
  smb_pam_account: PAM: Account Management for User: root
  smb_pam_account: PAM: Account OK for User: root
  smb_pam_end: PAM: PAM_END OK.
  user token sid S-1-5-11
  Clearing default real name
  User name: root       Real name: root
  smb_pam_start: PAM: Init user: root
  smb_pam_start: PAM: setting tty
  smb_pam_start: PAM: Init passed for user: root
  smb_pam_end: PAM: PAM_END OK.
  Chained message
  size=184
  smb_mid=64
  smt_wct=4
  smb_bcc=18
  Got device type ?????
  authorise_login: ACCEPTED: guest account and guest ok (nobody)
  get_current_groups: user is in 1 groups: 65534
  get_current_groups: user is in 1 groups: 65534
  get_share_security: using default secdesc for IPC$
  se_access_check: also S-1-5-11
  Initialising default vfs hooks
  Can't become connected user!
  Yielding connection to IPC$
  error string = No such file or directory
  size=83
  smb_flg=136
  smb_mid=64
  smt_wct=3
  smb_bcc=36
  Transaction 3 of length 43
  smb_pam_start: PAM: Init user: root
  smb_pam_start: PAM: setting tty
  smb_pam_start: PAM: Init passed for user: root
  smb_pam_end: PAM: PAM_END OK.
  smb_flg=136
  receive_smb error (Success) exiting
  Closing connections
  Yielding connection to
  Server exit (normal exit)

I dont really know what this means? If anyone could help it would be
really cool. Please mail me for additional information or higher
loglevel output (this is 4 i think?)

smb.conf :

[global]

# Change this for the workgroup/NT-domain name your Samba server will part
of
   netbios name = NAS
   workgroup = TEST
   os level = 64
   preferred master = yes
   domain master = yes
   local master = yes
   interfaces = 192.168.10.73/24
   domain logons = yes
   add user script = /usr/sbin/useradd  -d /dev/null -s /bin/false -g 900
%u
   domain admin group = root

# where to store user profiles?

   logon path = \\$N\$U\.profile

 ; where is a user's home directory and where should it be mounted at?
    logon drive = H:
    logon home = \\%N\%U

# server string is the equivalent of the NT Description field
   server string = %h server (Samba %v)

   invalid users = root

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Debug level
   log level = 5

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog.
Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something
higher.
   syslog = 0

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
;   security = user

# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
   encrypt passwords = yes

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY

# --- Browser Control Options ---

# Please _read_ BROWSING.txt and set the next four parameters according
# to your network setup. The defaults are specified below (commented
# out.) It's important that you read BROWSING.txt so you don't break
# browsing in your network!

# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = yes

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 20

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = auto

# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
;   preferred master = auto

# --- End of Browser Control Options ---

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
;   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host names
# to IP addresses
   name resolve order = lmhosts host wins bcast

# Name mangling options
;   preserve case = yes
;   short preserve case = yes
# This boolean parameter controlls whether Samba attempts to sync. the Unix
# password with the SMB password when the encrypted SMB password in the
# /etc/samba/smbpasswd file is changed.
;   unix password sync = false

# For Unix password sync. to work on a Debian GNU/Linux system, the
following
# parameters must be set (thanks to Augustin Luton <aluton at hybrigenics.fr>
for
# sending the correct chat script for the passwd program in Debian Potato).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
;   pam password change = no

# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

   obey pam restrictions = yes

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   winbind uid = 10000-20000
;   winbind gid = 10000-20000
;   template shell = /bin/bash

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
   writable = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)

[netlogon]
   comment = Network Logon Service
   path = /raid/filserver/netlogon
   guest ok = yes
   writable = no
   share modes = no
   read only = yes
   write list = ntadmin,root,administrator

#[profiles]
#    path = /raid/samba/ntprofile
#    read only = no
#    create mask = 0600
#    directory mask = 0700


--
Venlig hilsen/Kind regards
Thomas Kirk
ARKENA
thomas(at)arkena(dot)com
Http://www.arkena.com


BOFH excuse #331:

those damn racoons!

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba









More information about the samba mailing list