[Samba] PDC: Strange username translations...
Paul Gienger
pgienger at ae-solutions.com
Wed Jul 13 19:39:25 GMT 2005
> when i want to join the domain i get asked for the a username and enter
> "root" and the correct password. but in log level 2 samba tells me that i
> log in as "Administrator" ([Administrator] -> [root] -> [root]; i have a
> usermap of "Administrator" to "root". if i disable the usermap i get an
> "access denied"!)
> the thing i don't understand here why does samba get "Administrator" when
> i
> clearly type in "root"?
>
> i guess the problem could be that "Administrator" and "root" count as two
> different users, but... where does this "Administrator" come from?? :(
>
> Now i can't join the domain anymore. :((
I'm assuming you're logging in as local Administrator on your machine, go
ahead and tell me to bugger off now if you aren't.
Does your Administrator account password match such that you can simply
browse your fileserver with no password entry required? If so your machine
could be creating a login session just because it's XP, by trying to search
out the fileserver and probe it for shares. Check
C:\Documents and Settings\<username>\NetHood
and see if there are entries. If there are, delete them, reboot and try
again. If that doesn't fix it, try changing your XP Admin password so that
it doesn't send that to the server and gain access, and also a credential
conflict.
I used to have a very similar problem, and then I decided to make my
workstation admin passwords invalid on the server. Hasn't been a problem
since.
>
> I would even try a different way to set up the server from scratch by
> using
> the already existing tdb-files, but i also don't know how to do this
> without typing in the stuff from scratch with pdbedit, and so on...
>
> Any ideas?
>
>
> ----------
> My smb.conf:
>
> [global]
> workgroup = INTRANET
> netbios name = INTRANETSERVER
> server string = CyberWorldZ IntranetServer
> security = user
> passdb backend = tdbsam
> interfaces = eth0 lo
> #username map = /etc/samba/smbusers
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
> logon script = logon.cmd
> logon path = \\INTRANETSERVER\Profiles\%U
> logon drive = H:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> time server = Yes
> wins support = Yes
> log level = 1
> hide dot files = Yes
> hide special files = Yes
> hide unreadable = Yes
> hide files = /desktop.ini/thumbs.db/
> load printers = yes
> printing = cups
> printcap = cups
> vfs objects = recycle
> recycle:repository = .recycle
> recycle:keeptree = Yes
> recycle:versions = Yes
> guest account = nobody
> map to guest = Bad User
> oplocks = Yes
> level2 oplocks = Yes
> #disable netbios = Yes
> csc policy = manual
>
> [homes]
> comment = Home-Verzeichnisse
> valid users = %S
> read only = No
> browseable = No
>
> [public]
> comment = Gemeinsame Dateien
> path = /home/public
> guest ok = Yes
> browsable = Yes
> read only = No
> create mode = 0766
>
> [netlogon]
> comment = Netzwerk-Anmeldedienst
> path = /var/lib/samba/netlogon
> admin users = root
> guest ok = Yes
> read only = Yes
> browseable = No
>
> [Profiles]
> comment = Roaming Profile Share (wandernde Benutzerprofile)
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
> #root preexec = /usr/local/bin/chkProfile.sh %U
> create mask = 0600
> directory mask = 0700
> browsable = No
> csc policy = disable
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = yes
> public = yes
> guest ok = yes
> writable = no
> printable = yes
> printer admin = root, @ntadmins
>
> [print$]
> comment = Druckertreiber
> path = /var/lib/samba/printers
> browseable = yes
> guest ok = no
> read only = yes
> write list = root, @ntadmins
>
>
> ----------
> My "pdbedit -Lv" output
>
> ---------------
> Unix username: nobody
> NT username:
> Account Flags: [DU ]
> User SID: S-1-5-21-1072998297-3188006019-86605864-501
> Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-514
> Full Name: nobody
> Home Directory: \\intranetserver\nobody
> HomeDir Drive: H:
> Logon Script: logon.cmd
> Profile Path: \\INTRANETSERVER\Profiles\nobody
> Domain: INTRANET
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Password last set: 0
> Password can change: 0
> Password must change: Fr, 13 Dez 1901 21:45:51 GMT
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ---------------
> Unix username: navid
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-1072998297-3188006019-86605864-3000
> Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-513
> Full Name: Navid Zamani
> Home Directory: \\intranetserver\navid
> HomeDir Drive: H:
> Logon Script: logon.cmd
> Profile Path: \\INTRANETSERVER\Profiles\navid
> Domain: INTRANET
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Password last set: So, 27 Jun 2004 05:40:22 GMT
> Password can change: So, 27 Jun 2004 05:40:22 GMT
> Password must change: Fr, 13 Dez 1901 21:45:51 GMT
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ---------------
> Unix username: root
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-1072998297-3188006019-86605864-1000
> Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-512
> Full Name: Administrator
> Home Directory: \\intranetserver\root
> HomeDir Drive: H:
> Logon Script: logon.cmd
> Profile Path: \\INTRANETSERVER\Profiles\root
> Domain: INTRANET
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Password last set: Do, 19 Mai 2005 10:54:27 GMT
> Password can change: Do, 19 Mai 2005 10:54:27 GMT
> Password must change: Fr, 13 Dez 1901 21:45:51 GMT
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ---------------
> Unix username: cyberstation3$
> NT username:
> Account Flags: [W ]
> User SID: S-1-5-21-1072998297-3188006019-86605864-3002
> Primary Group SID: S-1-5-21-1072998297-3188006019-86605864-513
> Full Name: CYBERSTATION3$
> Home Directory: \\intranetserver\cyberstation3_
> HomeDir Drive: H:
> Logon Script: logon.cmd
> Profile Path: \\INTRANETSERVER\Profiles\cyberstation3_
> Domain: INTRANET
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Kickoff time: Fr, 13 Dez 1901 21:45:51 GMT
> Password last set: Fr, 17 Jun 2005 16:39:04 GMT
> Password can change: Fr, 17 Jun 2005 16:39:04 GMT
> Password must change: Fr, 13 Dez 1901 21:45:51 GMT
> Last bad password : 0
> Bad password count : 0
> Logon hours : 000000000000000000000000000000000000000000
>
>
> ----------
> My "net groupmap list" output:
>
> System Operators (S-1-5-32-549) -> ntadmins
> Domain Admins (S-1-5-21-1072998297-3188006019-86605864-512) -> ntadmins
> Replicators (S-1-5-32-552) -> ntadmins
> Guests (S-1-5-32-546) -> nobody
> Domain Users (S-1-5-21-1072998297-3188006019-86605864-513) -> users
> Power Users (S-1-5-32-547) -> users
> Domain Guests (S-1-5-21-1072998297-3188006019-86605864-514) -> nobody
> Print Operators (S-1-5-32-550) -> ntadmins
> Administrators (S-1-5-32-544) -> ntadmins
> Account Operators (S-1-5-32-548) -> ntadmins
> Backup Operators (S-1-5-32-551) -> ntadmins
> Users (S-1-5-32-545) -> users
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list