[Samba] samba domain controller
Ivan Ordonez
iordonez at nature.berkeley.edu
Tue May 23 22:32:20 GMT 2006
Run the "testparm" (without the quotes) command and see if your samba is
really a PDC.
Hope this helps.
-Ivan
At 03:03 PM 5/23/2006, Rodney Richison wrote:
>I tried to post this in the debian group, but my mail never appeared there..
>
>Am attempting to do a test install of samba as a primary domain
>controller. I can see the shares and navigate them.
>However, when I attempt to join the domain, WinXP says "username could
>not be found".
>I have a root user with a password. I can see it's shares as well if I
>use the root name and password.
>So the problem appears to be ONLY when I try to join. I'll post some
>logs for /var/logs/samba/log.0.0.0.0 as they may be a hint.
>
>
>[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
> getpeername failed. Error was Transport endpoint is not connected
>[2006/05/23 09:56:15, 0] lib/access.c:check_access(328)
>[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
> getpeername failed. Error was Transport endpoint is not connected
> Denied connection from (0.0.0.0)
>[2006/05/23 09:56:15, 1] smbd/process.c:process_smb(1084)
>[2006/05/23 09:56:15, 0] lib/util_sock.c:get_peer_addr(1150)
> getpeername failed. Error was Transport endpoint is not connected
> Connection denied from 0.0.0.0
>[2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket_data(430)
> write_socket_data: write failure. Error = Connection reset by peer
>[2006/05/23 09:56:15, 0] lib/util_sock.c:write_socket(455)
> write_socket: Error writing 5 bytes to socket 27: ERRNO = Connection
>reset by peer
>[2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647)
> Error writing 5 bytes to client. -1. (Connection reset by peer)
>r writing 5 bytes to client. -1. (Connection reset by peer)
>[2006/05/23 09:56:15, 0] lib/util_sock.c:send_smb(647)
> Error writing 5 bytes to client. -1. (Connection reset by peer)
>r writing 5 bytes to client. -1. (Connection reset by peer)
>
>Below is my smb.conf file.
>
>[global]
># the domain name
>workgroup = pdc
>smb passwd file = /etc/samba/smbpasswd
>
># the server's name
>netbios name = file-server
>
># comment describing what the machine is
>server string = the file server
>
># workstations will set their time by this server
>time server = yes
>
># security and logging settings
>security = user ; this must be 'user' on a PDC
># allow connections only from the local machine and the 10.0.0.* address
>range:
># (you'll want to change this if your network uses a different
>addressing range)
>hosts allow = 127.0.0.1 192.168.1.
># don't allow connections from any other IP address ranges than defined
>by 'hosts allow':
>hosts deny 0.0.0.0/0
># only allow connections from ethernet cards and the loopback address:
>interfaces = eth* lo
>bind interfaces only = yes
>
># for Windows 2000 encrypted passwords
>encrypt passwords = yes
>
># provide logon scripts, home directories etc aswell as authentication
>domain logons = yes
>
>log file = /var/log/samba/log.%m
># log level = 2
>
># put a capping on the size (in kB) of the log file
>max log size = 50
>
># PDC and master browser settings
>os level = 64 ; ensure this machine consulted 1st regarding current
>browse list
>preferred master = yes
>local master = yes
>domain master = yes ; This is the Primary Domain Controller
>
># automatedly add a Linux and Samba machine account
>add user script = /usr/sbin/useradd -d /dev/null -g machines -s
>/bin/false -M %u
>
>
># user profiles and home directory
># the local path to which the home ([HOMES]) directory will be connected
>logon drive = H:
>
># where 'profiles' = [profiles] further on
>logon path = \\%L\profiles\%U
>
>logon script = netlogon.bat ; logon script, location defined in [NETLOGON]
>
># define user mappings between this system and Windows systems.
># without this you get asked for a password even if none is required
># username map = /etc/samba/users.map
># but if you've created SMB users on here you don't need it
>
># fine-tuning Samba for increased speed on Linux systems
># SO_KEEPALIVE - sends a probe every 4 hours to check that a connection
>is still active. if the connection does not respond, it is closed
># TCP_NODELAY -
># IPTOS_LOWDELAY -
># SO_SNDBUF=14596 - 14596 is roughly the best in most ciscumstances, it
>may be able to be tuned better for your system
># SO_RCVBUF=14596 - same reason as above
>socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_KEEPALIVE,
>SO_SNDBUF=14596, SO_RCVBUF=14596
>
># keep the case when saving; when looking for a file
># matching is done without regard to case, as expected by Windows
>preserve case = yes
>short preserve case = yes
>case sensitive = no
>
># check every 30 seconds to see if client has disconnected
># I've used 30 so that the Samba server can be restarted and
># maybe the connections won't be lost
>keep alive = 30
>
>#sync Unix passwords from Windows workstations using PAM
>unix password sync = yes
>pam password change = yes
>
># printing
>printing = BSD
>print command = /usr/bin/lpr -r %s
>min print space = 2000
>
># --- shares ---
>
>[printers]
># (picks up all printers specified in /etc/printcap)
>
># tell Samba its a printer share, not a disk share
>printable = yes
>
># printer = lp
>read only = yes
>guest ok = yes
>
>[profiles]
>comment = users' profile directories
>path = /home/samba/profiles
>read only = no
>browseable = no
>create mask = 0600 ; rwx-xxx-xxx only the user can read/write files
>directory mask = 0700 ; rwx-xxx-xxx directories must be executable if
>they are to be navigated
>
># [root]
># for administration purposes
># path = /
># browseable = yes
># browseable was no
># writeable = yes
># valid users = @admins
>
>[homes]
># 'logon drive' won't work without this section
># if you want to set the home directory somewhere other than the Unix home:
># path =
>volume = HOME
>comment = home directories
>read only = no
># don't display a 'homes' share as well as the '%U' share
>browseable = no
>public = no
>create mode = 0750
>
>[programs]
># map P: to this. use it to install programs to
># and to point programs to that don't like using UNC
>comment = installed programs
>path = /usr/windows
>read only = yes
>write list = @admins
>browseable = yes
>
>[shared]
>comment = shared space for everyone
>path = /home/bank/shared
>read only = no
>browseable = yes
>
># match Unix permissions set on files
>force create mode = 0660
>
># match Unix permissions set on the directory
>force directory mode = 3770
>
>[cdrom]
>comment = Server's CD-ROM
>path = /cdrom
>read only = yes
># speed up file access as this is a read-only file system
>locking = no
>
>[NETLOGON]
># required for Windows authentication
>
>comment = The domain logon service
>path = /home/netlogon
>read only = yes
># 'read only' can be changed to 'no' whilst you edit this file
># but revert back to 'yes' for normal secure operation
>browseable = no
>write list = @admins
>
>
>
>
>
>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list