[Samba] failure to add a machine to domain
David Bear
David.Bear at asu.edu
Tue Oct 10 00:33:39 GMT 2006
We put together a samba 3.0.x server to replace an nt domain
controller 3 weeks ago when our nt servers were being hit by and
unpatched/unpatchable vulnerability in nt. we went through numerous
howto's and other documents. The net rpc vampire seem to grab
everything fine. However, now when we attempt to add a machine to the
domain we get a failure.
looking through the log files we see
2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
but no other obvious failure.
relevant portion of smb.conf
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel '%g'
add user script = /usr/sbin/useradd -m '%u'
add user to group script = /usr/sbin/groupmod -A '%u' '%g'
delete user from group script = /usr/sbin/groupmod -R '%u' '%g'
delete user script = /usr/sbin/userdel '%s'
add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s /bin/false '%u'
idmap uid = 10000-20000
idmap gid = 10000-20000
We might have had a problem with our groupmaps but we were able to
resovle those with net groupmap modify commands. Now 'Domain Admins'
maps to group root. The user I add the machine as is a member of group
root.
Any pointers would be greatly appreciated.
btw, I posted on this problem 3 weeks ago and received no responses.
However, after googling for it, I did find someone responded but I
never received it. Please, if you have any advice post both to the
list and to me so I can follow the thread somewhere.
--
David Bear
phone: 602-496-0424
fax: 602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
"Beware the IP portfolio, everyone will be suspect of trespassing"
More information about the samba
mailing list