[Samba] Joining a Samba 3 domain repost

John H Terpstra jht at samba.org
Thu Dec 15 21:41:00 GMT 2005 

On Thursday 15 December 2005 14:26, Mike wrote:
> Thanks
>
> Yes I can add the machine name to the userlist by executing the same
> command
> add machine script = /usr/sbin/"useradd -s /bin/false -d /var/lib/nobody
> machinename" < this part only
> manually. Once the machine account has been added I can then add the PC
> to the domain.
>
> May be its a problem running the script by a user who is not root. Hmmm
> I used root & tried Administrator as well?

The useradd command can only be run by root. That is why you need to add 
machines using the root account.

Since Samba-3.0.11 you can use the user rights and privileges facility 
(documented in the HOWTO) to give this authority to non-privileged users.

See: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf

- John T.

>
> Many thanks
>
> Mike
>
> John H Terpstra wrote:
> >On Thursday 15 December 2005 13:24, Mike wrote:
> >>Hi
> >>
> >>I have followed the Samba 3 by Example Chapter 2 small office network to
> >>the letter. I can connect to server shares using the root user and pw
> >>but when I try to join the domain I still get the message " while
> >>attempting to join the domain xxxx the user could not be found"
> >>
> >>>From the log
> >>
> >>  getpeername failed. Error was Transport endpoint is not connected
> >>[2005/12/16 09:22:30, 0] lib/util_sock.c:get_peer_addr(1000)
> >>  getpeername failed. Error was Transport endpoint is not connected
> >>[2005/12/16 09:22:30, 0] lib/util_sock.c:write_socket_data(430)
> >>  write_socket_data: write failure. Error = Connection reset by peer
> >>[2005/12/16 09:22:30, 0] lib/util_sock.c:write_socket(455)
> >>  write_socket: Error writing 4 bytes to socket 25: ERRNO = Connection
> >>reset by peer [2005/12/16 09:22:30, 0] lib/util_sock.c:send_smb(647)
> >>  Error writing 4 bytes to client. -1. (Connection reset by peer)
> >>useradd: invalid user name 'arthp1$'
> >
> >Check that your useradd command permits upper case characters and the use
> > of the '$' symbol in a user name. If not, you will need to write a script
> > to add y
> >
> >>Thanks for any help you may be able to give
> >>
> >>Mike
> >>
> >>Mike wrote:
> >>>Thanks Jimmy
> >>>
> >>>Yes this is a Unix SAMBA server, only xp workstations here. Can log
> >>>int shares using administrator or root but not join the domain?
> >>>
> >>>Arhhhhhh
> >>>
> >>>Many thanks
> >>>
> >>>mike
> >>>
> >>>Jimmy D. Smith wrote:
> >>>>Mike,
> >>>>
> >>>>You must join the Domain with a valid "Windows" user that has
> >>>>Administrative
> >>>>privileges in the Domain, assuming this is a Windows envirionment, not
> >>>> a Unix PDC. In the Windows world, root has no meaning or privilege.
> >>>>
> >>>>Jim
> >>>>-----Original Message-----
> >>>>From: samba-bounces+jdsmith=iprocorp.com at lists.samba.org
> >>>>[mailto:samba-bounces+jdsmith=iprocorp.com at lists.samba.org] On Behalf
> >>>> Of Mike
> >>>>Sent: Wednesday, December 14, 2005 3:30 PM
> >>>>To: samba-list
> >>>>Subject: Re: [Samba] Joining a Samba 3 domain repost
> >>>>
> >>>>Hi I have now been through the documentation by-example guide
> >>>>
> >>>>http://www.samba.org/samba/docs/
> >>>>There are two books:
> >>>>    Samba3-HOWTO.pdf
> >>>>    Samba3-ByExample.pdf
> >>>>
> >>>>
> >>>>But I get the message "....error while joining domain xyz user not
> >>>>found"
> >>>>when trying to join the domain with the root & rootpassword
> >>>>
> >>>>Many thanks
> >>>>
> >>>>Mike
> >>>>
> >>>>Matt Lung wrote:
> >>>>>have you tried this documentation yet??
> >>>>>
> >>>>>http://www.idealx.org/prj/samba/smbldap-howto.en.html
> >>>>>
> >>>>>Mike wrote:
> >>>>>>Thanks Chris I tried that to
> >>>>>>
> >>>>>>User is there But I get the message "....error while joining domain
> >>>>>>xyz user not found"
> >>>>>>---------------
> >>>>>>Unix username:        root
> >>>>>>NT username:         Account Flags:        [U          ]
> >>>>>>User SID:             S-1-5-21-2865329454-1566569267-2544077890-1000
> >>>>>>Primary Group SID:    S-1-5-21-2865329454-1566569267-2544077890-1001
> >>>>>>Full Name:            root
> >>>>>>Home Directory:       \\server\root
> >>>>>>HomeDir Drive:        H:
> >>>>>>Logon Script:         logon.bat
> >>>>>>Profile Path:         \\server\Profiles\root
> >>>>>>Domain:               xyz
> >>>>>>Account desc:        Workstations:        Munged dial:
> >>>>>>Logon time:           0
> >>>>>>Logoff time:          Sat, 14 Dec 1901 09:45:51 GMT
> >>>>>>Kickoff time:         Sat, 14 Dec 1901 09:45:51 GMT
> >>>>>>Password last set:    Wed, 14 Dec 2005 17:16:39 GMT
> >>>>>>Password can change:  Wed, 14 Dec 2005 17:16:39 GMT Password must
> >>>>>>change: Sat, 14 Dec 1901 09:45:51 GMT
> >>>>>>Last bad password   : 0
> >>>>>>Bad password count  : 0
> >>>>>>Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >>>>>>
> >>>>>>Chris Lounsbury wrote:
> >>>>>>>Mike
> >>>>>>>You need to make sure your root account exists in your tbsam
> >>>>>>>backend and then use root and its password when joining your
> >>>>>>>windows workstations. At least that's how I did it Chris
> >>>>>>>
> >>>>>>>>>>Mike <mikevl at paradise.net.nz> 12/14/05 12:50 PM >>>
> >>>>>>>
> >>>>>>>Sorry still unable to find documentation Hello
> >>>>>>>
> >>>>>>>I have set up a Samba 3 PDC on RHEL4 using the tdbsam backed. I
> >>>>>>>can log in as a user who has been added to the tdbsam database
> >>>>>>>from a workstation. When I try to add the workstation to the
> >>>>>>>domain (after breaking user connections to the server) I get "The
> >>>>>>>following error occurred while trying to joining the domain
> >>>>>>>xyz.com. Access denied.
> >>>>>>>
> >>>>>>>I havent seen any instructions in the how-tos on how to create the
> >>>>>>>Administrative account on the server to accept workstations to
> >>>>>>>join the domain?
> >>>>>>>
> >>>>>>>How do I create security groups and join them to users ie Joe is a
> >>>>>>>member of managers, accounts, engineers etc?
> >>>>>>>
> >>>>>>>Many thanks
> >>>>>>>
> >>>>>>>Mike
> >>>>
> >>>>--
> >>>>To unsubscribe from this list go to the following URL and read the
> >>>>instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list