[Samba] Cannot Join Domain unless I use username Root - 3.0.2.a
tdbsam
Mike Young
mikey at e-mage.com.au
Mon Mar 22 00:55:03 GMT 2004
I am unable to get a client to join a domain unless I login and join as
root. The worksation errors with username or password incorrect. However I
notice that if I then immediately go to the network neighborhood I can
actually see the domain and navigate all its resourses (shares / printers
etc).
I am running samba3.0.2a on redhat 8 and have both winXP and win2K
clients. I have a unix & samba user called "administrator" that belongs to
both the usergroup "ntadmins" and "root". The group mappings work
correctly as once I have joined the domain as root and then logged on as
administrator, administrator has Domain Admin privilleges.
I am currently manually adding the machines to the backend database by
issuing the following commands:
useradd -g 100 -d /dev/null -c "description" -s /bin/false mahine_name$
pdbedit -a -m -u machine_name
I then go to the relavant client and use the control panel / system / join
domain functionality to try and register with the domain. I only seem to
be able to register with the domain if I use user ROOT and not
administrator.
I would greatly oblige any ideas on this - Is it a bug or have i got
something wrong with my configuration?
Here is the relavant configuration information :
Unix groups:
GrpName GID
======== ====
ntadmins 702
administrator 703
Unix users:
UsrName GID Primary Group Groups
======== ==== ============ =======================
administrator 603 ntadmins users,root,admnistrator
> net groupmap list
System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-2420991726-2856996462-1657861143-512) -> ntadmins
Domain Guests (S-1-5-21-2420991726-2856996462-1657861143-514) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1 Domain Users
(S-1-5-21-2420991726-2856996462-1657861143-513) -> users Backup Operators
(S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1
> pdbedit -l -v
------- snip -------
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2420991726-2856996462-1657861143-1000
Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-1001
Full Name: root
Home Directory: \\juan\root
HomeDir Drive: H:
Logon Script: logon.bat
Profile Path: \\juan\profiles\root\0.0.0.0
Domain: E-MAGE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51 GMT
Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT
Password last set: Sun, 21 Mar 2004 18:37:01 GMT
Password can change: Sun, 21 Mar 2004 18:37:01 GMT
Password must change: Sat, 14 Dec 1901 07:45:51 GMT
---------------
Unix username: dimension$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-2420991726-2856996462-1657861143-2216
Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-515 Full
Name: dimension XP
Home Directory: \\juan\dimension_
HomeDir Drive: H:
Logon Script: logon.bat
Profile Path: \\juan\profiles\dimension_\0.0.0.0
Domain: E-MAGE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51
GMT Kickoff time: Sat, 14 Dec 1901 07:45:51
GMT Password last set: Fri, 05 Mar 200409:16:24
GMT Password can change: Fri, 05 Mar 2004 09:16:24
GMT Password must change: Sat, 14 Dec 1901 07:45:51
GMT
---------------
Unix username: dimension-w2k$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-2420991726-2856996462-1657861143-2220
Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-515 Full
Name: dimension 2k
Home Directory: \\juan\dimension-w2k_
HomeDir Drive: H:
Logon Script: logon.bat
Profile Path: \\juan\profiles\dimension-w2k_\0.0.0.0
Domain: E-MAGE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51
GMT Kickoff time: Sat, 14 Dec 1901 07:45:51
GMT Password last set: Sun, 21 Mar 2004 18:41:16
GMT Password can change: Sun, 21 Mar 2004 18:41:16
GMT Password must change: Sat, 14 Dec 1901 07:45:51
GMT
---------------
Unix username: administrator
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2420991726-2856996462-1657861143-2206
Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-512 Full
Name: wrkgrp domain administrator
Home Directory: \\juan\administrator
HomeDir Drive: H:
Logon Script: logon.bat
Profile Path: \\juan\profiles\administrator\0.0.0.0
Domain: E-MAGE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Sat, 14 Dec 1901 07:45:51
GMT Kickoff time: Sat, 14 Dec 1901 07:45:51
GMT Password last set: Fri, 05 Mar 2004 09:08:19
GMT Password can change: Fri, 05 Mar 2004 09:08:19
GMT Password must change: Sat, 14 Dec 1901 07:45:51
GMT
------- snip -------
>cat smb.conf
[global]
workgroup = e-mage
netbios name = JUAN
server string = %h server (Samba %v)
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
client lanman auth = No
client plaintext auth = No
wins support = Yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
security = user
time server = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
preserve case = yes
short preserve case = yes
encrypt passwords = true
passdb backend = tdbsam
domain logons = yes
guest account = nobody
unix password sync = yes
logon path = \\%L\profiles\%U\%M
logon script = logon.bat
logon drive = H:
add machine script = /usr/sbin/adduser --home /dev/null --ingroup
machines
--shell /bin/false --no-create-home --disabled-login --gecos "SAMBA
Machine Account" --force-badname "%u"
passwd program = /usr/bin/passwd %u
passwd chat = *Enter*new*UNIX*password:* %n\n
*Retype*new*UNIX*password:*%n\n
*passwd:*password*updated*successfully* passwd chat debug = yes
add user script = /usr/sbin/adduser --shell /dev/null --quiet
--disabled-login -- gecos "Samba user" %u
delete user script = /usr/sbin/deluser --remove-home --remove-all-files
--backup %u
add group script = /usr/local/samba/bin/addgroup.sh "%g" delete group
script = /usr/sbin/delgroup "%g"
add user to group script = /usr/sbin/adduser %u "%g" delete user from
group script = /usr/sbin/deluser %u "%g" set primary group script =
/usr/sbin/usermod -g "%g" %u
load printers = yes
show add printer wizard = yes
printcap name = /etc/printcap
printing = cups
use client driver = no
[netlogon]
comment = Network Logon Service ;Needed for a PDC path =
/home/samba_cfg/netlogon
writable = no
read only = no
browsable = no
share modes = no
write list = @ntadmin
[profiles]
path = /home/samba_cfg/samba-ntprof
browsable = no
writable = yes
create mask = 0700
directory mask = 0700
[homes]
comment = Home Directories
read only = no
browsable = no
guest ok = no
map archive = yes
writable = yes
create mask = 0700
directory mask = 0700
# Use virtual file systems to create a recycle bin vfs objects =
recycle
------- snip -------
More information about the samba
mailing list