[Samba] Help with making samba-3.0.0 PDC and adding a XP/Pro client
(and domain user accounts)
Christian Joensson
c.christian.joensson at comhem.se
Mon Feb 9 08:48:10 GMT 2004
I would like to understand how to make my samba-3.0.0 (-15, from Fedora Core
1) a PDC and how to make a XP/Pro box member of that domain and to add a
domain user account, and eventually to ad a few more linux boxen as domain
members into that domain.
This is the output of the PDC box testparm (the PDC box has two eth
interfaces, only eth1 (192.168.1.* and 127.0.0.1 should access the PDC):
[root at fw samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = J-SON
server string = Samba Server %v
interfaces = eth1, 127.0.0.1
obey pam restrictions = Yes
root directory = /
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\\n *Retype*new*password* %n\\n
*passwd:*al
l*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
max xmit = 65535
name resolve order = lmhosts host wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hostname lookups = Yes
logon script = logon.bat
logon path = \\\\%N\\Profiles\\%u
logon drive = H:
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
ldap ssl = start tls
socket address =
username = @domusers
valid users = @domusers
admin users = @domadm
printer admin = chj
hosts allow = 192.168.1., 127.
printing = lprng
[homes]
comment = Home Directories
path = /home/%u
valid users = %S
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
write list = @domadm
[profiles]
path = /etc/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[root at fw samba]#
and this is the output
[root at fw samba]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-2459649847-1729203440-1916183762-512) -> domadm
Domain Computers (S-1-5-21-2459649847-1729203440-1916183762-3025) -> machines
Replicators (S-1-5-32-552) -> -1
Domain Guests (S-1-5-21-2459649847-1729203440-1916183762-514) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Users (S-1-5-21-2459649847-1729203440-1916183762-513) -> domusers
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
[root at fw samba]#
and domadm contains only one member, chj (that's me), and domusers a few
users, machines contains two machines, luddes$ (the XP box) and calles$, a
Fedora Core 1 linux box, supposed to become a domain member.
/etc/samba/smbpasswd contains among others the ones in domadm and domusers as
well as calles$ and luddes$, the two machines.
I managed to add the XP box to the domain, but I can't add a domain user
account, J-SON/chj. I get a trust problem, something like "couldnät establish
a trust relation between this workstation and the primary domain". (Windows XP
Swedish).
>From the log files, I can see these few "interesting" things:
[2004/02/08 19:39:16, 1]
nmbd/nmbd_incomingrequests.c:process_node_status_request(324)
process_node_status_request: status request for name J-SON<1c> from IP
192.168.1.1 on subnet UNICAST_SUBNET - name not found.
[2004/02/09 09:40:57, 0] smbd/service.c:make_connection_snum(620)
Can't become connected user!
Any help is appreciated.
TIA,
/ChJ
More information about the samba
mailing list