[Samba] Not able to join domain

Chris Boyd Chris.Boyd at usit.ie
Thu Apr 6 13:13:49 GMT 2006


I've tried that and now I get "Access denied" instead "cannot find user". Also I'm trying to run as a PDC and I thought that you have to have security = domain to do so.  
I've just found that under pdbedit root does not exist. I've tried to create it however and it gives the following. Should I import it from 
smbpasswd? 

 pdbedit -a -u root
Server's Role (logon server) NOT ADVISED with domain-level security
new password:
retype new password:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID
Unable to add user! (does it already exist?)

Thanks 
>>> Bruno Guerreiro <bruno.guerreiro at ine.pt> 04/06/06 1:56 PM >>>
Hi,
I think you should set security to USER instead of DOMAIN.

Best regards,
Bruno Guerreiro 

> -----Original Message-----
> From: samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org 
> [mailto:samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org] 
> On Behalf Of Chris Boyd
> Sent: quinta-feira, 6 de Abril de 2006 12:25
> To: samba at lists.samba.org
> Subject: [Samba] Not able to join domain
> 
> I'm trying to set up Samba 3.0.20-4-SUSE on a opensuse 10 
> machine. I'm working with XP Pro on the client machine. I 
> can't get the XP mahcine (RDS7) to join the domain (UCD). It 
> asks for a user when trying to join and then says it cannot 
> find it. The samba log is:
> 
> auth/auth.c:check_ntlm_password(317)
>   check_ntlm_password:  Authentication for user [root] -> 
> [root] FAILED with error NT_STATUS_NO_SUCH_USER
> 
> The root account is showing up in smbpasswd (that's assuming 
> it needs to be there). 
> 
> Now the XP machine can see the domain (UCD) as well as 
> WORKGROUP (which it currently is master of). 
> 
> 
> Domain=[UCD] OS=[Unix] Server=[Samba 3.0.20-4-SUSE]
> 
>         Server               Comment
>         ---------            -------
>         UCD01                Samba 3.0.20-4-SUSE
> 
>         Workgroup            Master
>         ---------            -------
>         UCD                  UCD01
>         WORKGROUP            RDS7
> 
> This is after having to manually create the machine account 
> (as there seems to be some problem with suse doing it "on-the-fly". 
> I've also noticed that testparm returns  the samba machine as 
> a BDC instead of a PDC. 
> 
> Load smb config files from /etc/samba/smb.conf Processing 
> section "[protel]"
> Processing section "[homes]"
> Processing section "[profiles]"
> Processing section "[users]"
> Processing section "[groups]"
> Processing section "[printers]"
> Processing section "[print$]"
> Processing section "[netlogon]"
> Server's Role (logon server) NOT ADVISED with domain-level 
> security Loaded services file OK.
> Server role: ROLE_DOMAIN_BDC
> Press enter to see a dump of your service definitions
> 
> Also here's the smb.conf: 
> 
> [global]
>         printcap name = cups
>         cups options = raw
>         map to guest = Bad User
> #       include = /etc/samba/dhcp.conf
>         logon path = \\%L\profiles\.msprofile
>         logon home = \\%L\%U\.9xprofile
>         logon drive = P:
>         security = domain
>         restrict anonymous = no
>         domain master = Yes
>         preferred master = Yes
> #       idmap uid = 15000-20000
> #       idmap gid = 15000-20000
>         log level = 2
>         netbios name = UCD01
>         max protocol = NT
>         ldap ssl = No
>         server signing = Auto
>         workgroup = UCD
>         add machine script = /usr/sbin/useradd  -c Machine -d 
> /var/nodirs -s /bin/false '%u'
>         passdb backend = tdbsam
>         domain logons =Yes
>         local master = Yes
>         os level = 65
> 
> [protel]
>         comment = Protel Data Folder
>         path = /protel
>         read only = no
> [homes]
>         comment = Home Directories
>         valid users = %S
>         browseable = No
>         read only = No
>         inherit acls = Yes
> 
> [profiles]
>         comment = Network Profiles Service
>         path = %H
> #       path = /var/lib/samba/profiles
>         read only = No
>         store dos attributes = Yes
>         create mask = 0600
>         directory mask = 0700
> 
> [users]
>         comment = All users
> path = /home
>         read only = No
>         inherit acls = Yes
>         veto files = /aquota.user/groups/shares/
> 
> [groups]
>         comment = All groups
>         path = /home/groups
>         read only = No
>         inherit acls = Yes
> 
> [printers]
>         comment = All Printers
>         path = /var/tmp
>         printable = Yes
>         create mask = 0600
>         browseable = No
> 
> [print$]
>         comment = Printer Drivers
>         path = /var/lib/samba/drivers
>         write list = @ntadmin root
>         force group = ntadmin
>         create mask = 0664
>         directory mask = 0775
> 
> [netlogon]
>         comment = Network Logon Service
>         path = /var/lib/samba/netlogon
>         write list = root
>         admin users = root
>         guest ok = Yes
>         browseable = No
> 
> 
> Anyway...if it's not obvious am a samba newb Oh and TIA 
> 
> -----------------------------------------------------------------
> This email message is intended only for the addressee(s) and 
> contains information that may be confidential and/or 
> copyrighted.  If you are not the intended recipient please 
> notify the sender by reply email and immediately delete this 
> email. Use, disclosure or reproduction of this email by 
> anyone other than the intended recipient(s) is strictly 
> prohibited. USIT has scanned this email for viruses and 
> dangerous content and believes it to be clean. However, virus 
> scanning is ultimately the responsibility of the recipient.
> -----------------------------------------------------------------
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 


-----------------------------------------------------------------
This email message is intended only for the addressee(s) 
and contains information that may be confidential and/or 
copyrighted.  If you are not the intended recipient please 
notify the sender by reply email and immediately delete 
this email. Use, disclosure or reproduction of this email 
by anyone other than the intended recipient(s) is strictly 
prohibited. USIT has scanned this email for viruses and 
dangerous content and believes it to be clean. However, 
virus scanning is ultimately the responsibility of the recipient.
-----------------------------------------------------------------



More information about the samba mailing list