[Samba] Re: Primard Domain Controller feature not working

Paul Gienger pgienger at ae-solutions.com
Wed Mar 30 15:02:07 GMT 2005


>I already did that.  When i type in a user that does not have root
>permissions it says "Access is denied"
>  
>
When you join the domain you need to create a user on the unix system to 
hold the machine trust account, therefore you need a user with superuser 
privileges.  There is a way around this restrtiction that will delegate 
certain responsibilities to a regular user.  As I said before, please 
refer to the samba documentation on how to enable priviledge 
delegation.  You might want to give some of the documentation a good 
read-through and you may pick up some pointers here and there on domain 
usage.

>
>On Tue, 29 Mar 2005 14:47:50 -0800, Tom Skeren <tms3 at fsklaw.net> wrote:
>  
>
>> Mark Ratering wrote: 
>> I tried using root and i get the error "The username could not be found" As
>>root type 
>> 
>> smbpasswd -a root
>>
>> 
>> On Tue, 29 Mar 2005 16:31:19 -0600, Paul Gienger
>><pgienger at ae-solutions.com> wrote: 
>> 
>> problem! I am using the 'using samba' book from o'reilly and it says that
>>the parameter "domain admin group" is obsoleted in samba 3.0 I A good way to
>>do that would be creating a unix group that you want to be mapped to Domain
>>Admins, map it and assign it the appropriate SID (you can look into the
>>source for the smbldap-tools to get it in plain text). Then you simply add
>>users to it. 
>> am using 3.0 and i cant add computers to the domain. Either use root
>>(properly added as a samba user) or another user with uid=0, or use the
>>privilege delegation tools in recent versions. I believe the version that
>>started with them was 3.0.9. The documentation at samba.org (the howto and
>>by example) should be your guide as they are updated for the current
>>version. 
>> On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering <thinkaboutit at gmail.com>
>>wrote: 
>> Hey guys, I configured Samba do be the domain controller for my network and
>>to share folders. the folder sharing works great. The problem is that the
>>domain function does not work at all. I cannot join the domain >from any
>>workstation. It just says that the controller cannot be 
>> contacted. I ran an Ethereal sniff on the packets and the computer that i
>>want to be PDC is sending ICMP Destination unreachable packets in response
>>to the NBNS Name Query. Here is the packet that the workstation is sending
>>to the server. 0000 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ........
>>......E. 0010 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N......
>>.S...... 0020 01 62 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.....:
>>.N.c.... 0030 00 00 00 00 00 00 20 46 46 46 44 45 43 45 4a 45 ...... F
>>FFDECEJE 0040 4f 45 48 45 50 43 41 43 41 43 41 43 41 43 41 43 OEHEPCAC
>>ACACACAC 0050 41 43 41 43 41 42 4d 00 00 20 00 01 ACACABM. . .. The config
>>file that i am using (not including shares that have nothing to do with the
>>domain controller). I do not want roaming profiles. #NetBIOS settings
>>netbios name = FILESERVER workgroup = USBINGO server string = File Server
>>log file = /var/log/samba/log.%m max log size = 50 time server = yes hide
>>dot files = yes log level = 1 #Security settings security = user domain
>>logons = yes encrypt passwords = yes #Turn on the WINS server wins support =
>>yes #Make sure that Samba is the master browser and domain master browser
>>domain master = yes local master = yes preferred master = yes os level = 65
>>add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
>>[netlogon] path = /files/netlogon writable = no browsable = no Thanks, -Mark
>>-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems
>>Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto:
>>pgienger at ae-solutions.com 
>> 
>>    
>>
>
>
>  
>

-- 
Paul Gienger                    Office: 701-281-1884
Applied Engineering Inc.
Systems Architect               Fax:    701-281-1322
URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com





More information about the samba mailing list