[Samba] joining to a Domain with a tdbsam backend (smb.conf, testparm and log included)

Roberto Mason programmer at rmasonfamily.info
Mon Feb 16 21:57:42 GMT 2004 

I'm about to give up. It's been months now that I've been playing around
with Samba 3.0. I've downloaded their documentation. Tried to follow it as
much as possible, but I'm getting no where with adding machine accounts to a
Domain, real fast.

I've asked this question a couple of times at the Samba Mailing list, but
have gotten no reply(probably my fault, not enough info). So here goes. I'm
a home user, with some Knowledge of NT 4 Domain Controllers. Years ago a set
one up for a company I worked for. So when I got exposed to Linux, I
naturally gravitated to Samba 2.2xx.

Took me a while to figure it out, but I managed to setup a simple domain at
home, with a few shares. Was able to add both Win XP and Linux machines to
my domain.

Now they came out with Samba 3. I did an upgrade several times to version 3.
All machines that were already members of the domain I have no problem with.
But when I try to add new machines (actually 1 new machine) if I try to use
root in adding the domain, I get user/password not found (something or other
like that).

If I try to use my log in name Roberto (Domain Admin) set up according to
the Doc, I get access denied. Considering myself still a newbie, I asking
you guys for help. HELP!!!!

Here's my setup:

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/02/14 13:40:54

# Global parameters
[global]
workgroup = MEPHISTOPHELES
server string = Samba Server %v (Wish me luck)
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %U.bat
domain logons = Yes
os level = 62
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
path = /home/netlogon
guest ok = Yes
share modes = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[work]
path = /home/storage/work
write list = @storage
read only = No

[movie]
path = /home/storage/Movie
write list = @storage
read only = No

[anonymous]
path = /home/storage/anonymous
valid users = @storage
write list = @storage
read only = No

[Log]
path = /var/log

[installation]
path = /home/storage/Installations
valid users = @installation, @storage
read list = @anonymous
write list = @storage
read only = No
create mask = 0774
directory mask = 0774

[DOCUMENTS]
path = /home/storage/Documents
force user = roberto
force group = documentation
read only = No
create mask = 0664
directory mask = 0664
inherit permissions = Yes

[storage]
path = /home/storage
valid users = @storage, @installation
read list = @installation
write list = @storage
force user = root
force group = storage
force create mode = 0775
force directory mode = 0775

[linuxdoc]
path = /usr/share/doc

This is what my net groupmap list gives

[root at posta root]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-517848066-3869322434-1176822426-512) -> domadmin
Domain Guests (S-1-5-21-517848066-3869322434-1176822426-514) -> -1
Domain Users (S-1-5-21-517848066-3869322434-1176822426-513) -> domusers
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

I'm including the log for log.programxp (programxp being the machine that
I'm trying to join to the domain) This is only part of what was generated
(what I assumed was necessary)

[2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[MEPHISTOPHELES]\[admin]@[PROGRAMXP] with the new password interface
[2004/02/16 16:46:57, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MEPHISTOPHELES]\[root]@[PROGRAMXP]
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/16 16:46:57, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/16 16:46:57, 3] auth/auth_sam.c:check_sam_security(473)
  check_sam_security: Couldn't find user 'root' in passdb file.
[2004/02/16 16:46:57, 3] auth/auth_winbind.c:check_winbind_security(79)
  check_winbind_security: Not using winbind, requested domain was for this
SAM.
[2004/02/16 16:46:57, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [admin] -> [root] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/02/16 16:46:57, 3] smbd/process.c:timeout_processing(1104)
  timeout_processing: End of file from client (client has disconnected).
[2004/02/16 16:46:57, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/16 16:46:57, 2] smbd/server.c:exit_server(558)
  Closing connections
[2004/02/16 16:46:57, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2004/02/16 16:46:57, 3] smbd/server.c:exit_server(601)
  Server exit (normal exit)

More information about the samba mailing list