[Samba] Joining XP SP2 to a Samba PDC
Lee Ball
lee at effective-it.co.uk
Wed Aug 10 17:32:43 GMT 2005
Correction, the command you want is:
smbpasswd -a -m {machine name, no $}
DSanchez wrote:
> Hello and Thanks in advance.
>
> I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E
> I have 2 users on this server right now: Root, Dsanchez.
>
> I have also issued this command to set up these 2 users on the Samba
> Server as well.
> smbpasswd -a root
> smbpasswd -a dsanchez
> and i set up the password to match the linux account.
>
> Here is my SMB.conf file:
>
> # Global parameters
> [global]
> workgroup = ETNET
> server string = Samba PDC Server
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n
> *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> unix password sync = Yes
> log file = /var/log/samba/%m.log
> max log size = 50
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> printcap name = /etc/printcap
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
> /bin/false -M %u
> add machine script = /usr/sbin/useradd -c Machine -d /dev/null
> -s /bin/false machine_name$
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> hosts allow = 10.78., 127.
> cups options = raw
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = Yes
> share modes = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = No
>
>
> I have also made the following changes to the XP box.
>
> Registry changes:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal
>
> Which i set to '0' from '1'
>
> I have made sure the following in Local Security Policy is set:
> I edited or checked the following entries:
> "Domain member: Digitally encrypt or sign secure channel(Disabled)"
> "Domain member: Disable machine account password changes(Disabled)."
> "Domain member: Require strong (Windows 2000 or later) session key(Disabled)"
>
>
> Then i go to the Systems Properties/computer name change/
>
> I change from workgroup: workgroup to Domain:ETINET
>
> Then i click the 'ok' button, and a login window pops up.
>
> I then use the following usernames to 'Join'
>
> root
> admin
> administrator
> dsanchez
> etinet\root
> etinet\admin
> etinet\administrator
> etinet\dsanchez
>
> I get the following error when i try to join as:
> administrator
> admin
> etinet\admin
> etinet\administrator
>
> The following error occurred attempting to join the domain "ETINET":
> Logon Failure: Unknown Username or bad password.
>
> When i try using the following this is what i get:
> root
> etinet\root
>
> The following error occurred attempting to join the domain "ETINET":
> The username could not be found.
>
> Then, if i try and use my account, whcih i added to the root group.
> Dsanchez
> etinet\Dsanchez
>
> The following error occurred attempting to join the domain "ETINET":
> Access is Denied.
>
>
> Note, this is an XP SP2 Machine and i only have 1 user on this machine
> (Dsanchez)
>
>
> Also,
>
> I did find that this script
> add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
>
> has a group of 102
>
> and the machine log file that was in /var/log/samba/<machinename>.log
> had this error in it.
>
> useradd: unknown group 102
>
> however i do have this script in the smb.conf file.
>
> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
>
>
> So do i need both of these lines?
> do i need to make a group with the Gid of 102?
>
> Thanks.
More information about the samba
mailing list