[Samba] Re: ACCESS DENIED when trying to log into domain

Markus Benkovski markus.benkovski at webermfg.ca
Wed Jul 7 12:30:01 GMT 2004


For a successful samba3.x domain controller you need to make sure of a few
things.
your nt to unix group map
ip and hostname in host file
proper scripts in smb.conf
proper user map in smbusers (if necessary for your purpose)

here is an example of my smb.conf and of course sub "MY-DOMAIN" for yours
----------------------------------------------------------------------------
---------------------
# Global parameters
[global]
	workgroup = MY-DOMAIN
	realm = MY-DOMAIN
	server string = Linux
	security = DOMAIN
	map to guest = Bad Password
	passwd program = /etc/samba/smbpasswd
	unix password sync = Yes
	passwd chat = *old password* %o\n *new password* %n\n *new password*
%n\n *changed*
	passwd chat debug = false
	max log size = 50
	time server = Yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	add user script = /usr/sbin/useradd %u
	delete user script = /usr/sbin/userdle %u
	add group script = /usr/sbin/groupadd %g
	delete group script = /usr/sbin/groupdel %g
	delete user from group script = /usr/sbin/deluser %u %g
	add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
	logon script = %G.bat
	logon path = 
	domain logons = Yes
	os level = 65
	lm announce = Yes
	preferred master = Yes
	domain master = Yes
	ldap ssl = no
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	admin users = your_admin_accounts
	printer admin = your_admin_accounts

[NETLOGON]
	comment = NETLOGON SHARE
	path = /home/samba/NETLOGON 
----------------------------------------------------------------------------
---------------------------
Markus Benkovszki

ALSO make sure your usr group mapping is bang on I've had some major issues
arrise with bad mappings.
Hope this helps.




-----Original Message-----
From: Michael Lueck [mailto:mlueck at lueckdatasystems.com]
Sent: Tuesday, July 06, 2004 9:58 PM
To: samba at lists.samba.org
Subject: [Samba] Re: ACCESS DENIED when trying to log into domain


Ken Miller wrote:

>  However, when I try 
> and connect to the domain, I get an 'Access Denied' message after 
> entering my userid and password.

What client OS? If NT/2K/XPPro have you joined it to the domain
successfully?

You need a user ID on the Samba box set up as a Domain Admin to use to join
these OS's to your domain.

I assume you are using a smbpasswd back end, you did add the user ID to that
database?

Some of the text within my ramblings to this list on net groupmap apply to
the topic of creating a domain admin account. You might read through the
small office example URL on the Samba web site I 
posted in that thread as well. Sounds like what you are up to is what that
describes.

-- 
Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list