[Samba] Re: Primard Domain Controller feature not working

Mark Ratering thinkaboutit at gmail.com
Tue Mar 29 23:36:53 GMT 2005 

When i use a username and password that does not have root privilages
in the windows that pops up after i try to join the domain on the
windows box i get the "Access is denied" error.


On Tue, 29 Mar 2005 15:29:22 -0800, Tom Skeren <tms3 at fsklaw.net> wrote:
>  Mark Ratering wrote: 
>  I already did that. When i type in a user that does not have root
> permissions it says "Access is denied" I don't know what that means.  What
> do you mean by:  
>  When i type in a user that does not have root Where is this done?  By what
> user?  Please be specific as to what you are doing.
> 
>  
>  On Tue, 29 Mar 2005 14:47:50 -0800, Tom Skeren <tms3 at fsklaw.net> wrote: 
>  Mark Ratering wrote: I tried using root and i get the error "The username
> could not be found" As root type smbpasswd -a root On Tue, 29 Mar 2005
> 16:31:19 -0600, Paul Gienger <pgienger at ae-solutions.com> wrote: problem! I
> am using the 'using samba' book from o'reilly and it says that the parameter
> "domain admin group" is obsoleted in samba 3.0 I A good way to do that would
> be creating a unix group that you want to be mapped to Domain Admins, map it
> and assign it the appropriate SID (you can look into the source for the
> smbldap-tools to get it in plain text). Then you simply add users to it. am
> using 3.0 and i cant add computers to the domain. Either use root (properly
> added as a samba user) or another user with uid=0, or use the privilege
> delegation tools in recent versions. I believe the version that started with
> them was 3.0.9. The documentation at samba.org (the howto and by example)
> should be your guide as they are updated for the current version. On Tue, 29
> Mar 2005 12:35:56 -0800, Mark Ratering <thinkaboutit at gmail.com> wrote: Hey
> guys, I configured Samba do be the domain controller for my network and to
> share folders. the folder sharing works great. The problem is that the
> domain function does not work at all. I cannot join the domain >from any
> workstation. It just says that the controller cannot be contacted. I ran an
> Ethereal sniff on the packets and the computer that i want to be PDC is
> sending ICMP Destination unreachable packets in response to the NBNS Name
> Query. Here is the packet that the workstation is sending to the server.
> 0000 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ........ ......E. 0010
> 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N...... .S...... 0020 01 62
> 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.....: .N.c.... 0030 00 00 00 00
> 00 00 20 46 46 46 44 45 43 45 4a 45 ...... F FFDECEJE 0040 4f 45 48 45 50 43
> 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC 0050 41 43 41 43 41 42 4d 00
> 00 20 00 01 ACACABM. . .. The config file that i am using (not including
> shares that have nothing to do with the domain controller). I do not want
> roaming profiles. #NetBIOS settings netbios name = FILESERVER workgroup =
> USBINGO server string = File Server log file = /var/log/samba/log.%m max log
> size = 50 time server = yes hide dot files = yes log level = 1 #Security
> settings security = user domain logons = yes encrypt passwords = yes #Turn
> on the WINS server wins support = yes #Make sure that Samba is the master
> browser and domain master browser domain master = yes local master = yes
> preferred master = yes os level = 65 add user script = /usr/sbin/useradd -d
> /dev/null -g 100 -s /bin/false -M %u [netlogon] path = /files/netlogon
> writable = no browsable = no Thanks, -Mark -- Paul Gienger Office:
> 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322
> URL: www.ae-solutions.com mailto: pgienger at ae-solutions.com 
>  


-- 
Mark Ratering
A+, CCNP
248-437-1938

More information about the samba mailing list