Fwd: RE: [Samba] Not able to join domain
Eric Hines
eehines at comcast.net
Thu Apr 6 13:40:02 GMT 2006
Sorry about the direct post....
>Date: Thu, 06 Apr 2006 08:38:39 -0500
>To: "Chris Boyd" <Chris.Boyd at usit.ie>
>From: Eric Hines <eehines at comcast.net>
>Subject: RE: [Samba] Not able to join domain
>
>At 04/06/06 08:13, you wrote:
>>I've tried that and now I get "Access denied" instead "cannot find
>>user". Also I'm trying to run as a PDC and I thought that you have
>>to have security = domain to do so.
>>I've just found that under pdbedit root does not exist. I've tried
>>to create it however and it gives the following. Should I import it from
>>smbpasswd?
>>
>> pdbedit -a -u root
>>Server's Role (logon server) NOT ADVISED with domain-level security
>>new password:
>>retype new password:
>>tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a
>>primary group RID
>>Unable to add user! (does it already exist?)
The start of this error message implies that you have not yet changed
your security level to <user>. Did you restart your Samba server
after making that change? You must after every change to the
smb.conf file, because Samba reads that file only on startup.
>>Thanks
>> >>> Bruno Guerreiro <bruno.guerreiro at ine.pt> 04/06/06 1:56 PM >>>
>>Hi,
>>I think you should set security to USER instead of DOMAIN.
>>
>>Best regards,
>>Bruno Guerreiro
>>
>> > -----Original Message-----
>> > From: samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org
>> > [mailto:samba-bounces+bruno.guerreiro=ine.pt at lists.samba.org]
>> > On Behalf Of Chris Boyd
>> > Sent: quinta-feira, 6 de Abril de 2006 12:25
>> > To: samba at lists.samba.org
>> > Subject: [Samba] Not able to join domain
>> >
>> > I'm trying to set up Samba 3.0.20-4-SUSE on a opensuse 10
>> > machine. I'm working with XP Pro on the client machine. I
>> > can't get the XP mahcine (RDS7) to join the domain (UCD). It
>> > asks for a user when trying to join and then says it cannot
>> > find it. The samba log is:
>> >
>> > auth/auth.c:check_ntlm_password(317)
>> > check_ntlm_password: Authentication for user [root] ->
>> > [root] FAILED with error NT_STATUS_NO_SUCH_USER
>> >
>> > The root account is showing up in smbpasswd (that's assuming
>> > it needs to be there).
>> >
>> > Now the XP machine can see the domain (UCD) as well as
>> > WORKGROUP (which it currently is master of).
>> >
>> >
>> > Domain=[UCD] OS=[Unix] Server=[Samba 3.0.20-4-SUSE]
>> >
>> > Server Comment
>> > --------- -------
>> > UCD01 Samba 3.0.20-4-SUSE
>> >
>> > Workgroup Master
>> > --------- -------
>> > UCD UCD01
>> > WORKGROUP RDS7
>> >
>> > This is after having to manually create the machine account
>> > (as there seems to be some problem with suse doing it "on-the-fly".
>> > I've also noticed that testparm returns the samba machine as
>> > a BDC instead of a PDC.
>> >
>> > Load smb config files from /etc/samba/smb.conf Processing
>> > section "[protel]"
>> > Processing section "[homes]"
>> > Processing section "[profiles]"
>> > Processing section "[users]"
>> > Processing section "[groups]"
>> > Processing section "[printers]"
>> > Processing section "[print$]"
>> > Processing section "[netlogon]"
>> > Server's Role (logon server) NOT ADVISED with domain-level
>> > security Loaded services file OK.
>> > Server role: ROLE_DOMAIN_BDC
>> > Press enter to see a dump of your service definitions
>> >
>> > Also here's the smb.conf:
>> >
>> > [global]
>> > printcap name = cups
>> > cups options = raw
>> > map to guest = Bad User
>> > # include = /etc/samba/dhcp.conf
>> > logon path = \\%L\profiles\.msprofile
>> > logon home = \\%L\%U\.9xprofile
>> > logon drive = P:
>> > security = domain
>> > restrict anonymous = no
>> > domain master = Yes
>> > preferred master = Yes
>> > # idmap uid = 15000-20000
>> > # idmap gid = 15000-20000
>> > log level = 2
>> > netbios name = UCD01
>> > max protocol = NT
>> > ldap ssl = No
>> > server signing = Auto
>> > workgroup = UCD
>> > add machine script = /usr/sbin/useradd -c Machine -d
>> > /var/nodirs -s /bin/false '%u'
>> > passdb backend = tdbsam
>> > domain logons =Yes
>> > local master = Yes
>> > os level = 65
>> >
>> > [protel]
>> > comment = Protel Data Folder
>> > path = /protel
>> > read only = no
>> > [homes]
>> > comment = Home Directories
>> > valid users = %S
>> > browseable = No
>> > read only = No
>> > inherit acls = Yes
>> >
>> > [profiles]
>> > comment = Network Profiles Service
>> > path = %H
>> > # path = /var/lib/samba/profiles
>> > read only = No
>> > store dos attributes = Yes
>> > create mask = 0600
>> > directory mask = 0700
>> >
>> > [users]
>> > comment = All users
>> > path = /home
>> > read only = No
>> > inherit acls = Yes
>> > veto files = /aquota.user/groups/shares/
>> >
>> > [groups]
>> > comment = All groups
>> > path = /home/groups
>> > read only = No
>> > inherit acls = Yes
>> >
>> > [printers]
>> > comment = All Printers
>> > path = /var/tmp
>> > printable = Yes
>> > create mask = 0600
>> > browseable = No
>> >
>> > [print$]
>> > comment = Printer Drivers
>> > path = /var/lib/samba/drivers
>> > write list = @ntadmin root
>> > force group = ntadmin
>> > create mask = 0664
>> > directory mask = 0775
>> >
>> > [netlogon]
>> > comment = Network Logon Service
>> > path = /var/lib/samba/netlogon
>> > write list = root
>> > admin users = root
>> > guest ok = Yes
>> > browseable = No
>> >
>> >
>> > Anyway...if it's not obvious am a samba newb Oh and TIA
>> >
>> > -----------------------------------------------------------------
>> > This email message is intended only for the addressee(s) and
>> > contains information that may be confidential and/or
>> > copyrighted. If you are not the intended recipient please
>> > notify the sender by reply email and immediately delete this
>> > email. Use, disclosure or reproduction of this email by
>> > anyone other than the intended recipient(s) is strictly
>> > prohibited. USIT has scanned this email for viruses and
>> > dangerous content and believes it to be clean. However, virus
>> > scanning is ultimately the responsibility of the recipient.
>> > -----------------------------------------------------------------
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/listinfo/samba
>> >
>>
>>
>>-----------------------------------------------------------------
>>This email message is intended only for the addressee(s)
>>and contains information that may be confidential and/or
>>copyrighted. If you are not the intended recipient please
>>notify the sender by reply email and immediately delete
>>this email. Use, disclosure or reproduction of this email
>>by anyone other than the intended recipient(s) is strictly
>>prohibited. USIT has scanned this email for viruses and
>>dangerous content and believes it to be clean. However,
>>virus scanning is ultimately the responsibility of the recipient.
>>-----------------------------------------------------------------
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/listinfo/samba
>
>The mode in which the inevitable comes to pass is through effort.
> --Justice Oliver Wendell Holmes, Jr
The mode in which the inevitable comes to pass is through effort.
--Justice Oliver Wendell Holmes, Jr
More information about the samba
mailing list