[Samba] failure to add a machine to domain

David Bear David.Bear at asu.edu
Tue Oct 10 00:33:39 GMT 2006

We put together a samba 3.0.x server to replace an nt domain
controller 3 weeks ago when our nt servers were being hit by and
unpatched/unpatchable vulnerability in nt. we went through numerous
howto's and other documents. The net rpc vampire seem to grab
everything fine. However, now when we attempt to add a machine to the
domain we get a failure. 

looking through the log files we see 
2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452)
  NT user token: (NULL)
[2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319)
  change_to_root_user: now uid=(0,0) gid=(0,0)

but no other obvious failure.

relevant portion of smb.conf
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel '%g'
        add user script = /usr/sbin/useradd -m '%u'
        add user to group script = /usr/sbin/groupmod -A '%u' '%g'
        delete user from group script = /usr/sbin/groupmod -R '%u' '%g'
        delete user script = /usr/sbin/userdel '%s'
        add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s /bin/false '%u'
        idmap uid = 10000-20000
        idmap gid = 10000-20000

We might have had a problem with our groupmaps but we were able to
resovle those with net groupmap modify commands. Now 'Domain Admins'
maps to group root. The user I add the machine as is a member of group

Any pointers would be greatly appreciated.

btw, I posted on this problem 3 weeks ago and received no responses.
However, after googling for it, I did find someone responded but I
never received it. Please, if you have any advice post both to the
list and to me so I can follow the thread somewhere.

David Bear
phone: 	602-496-0424
fax: 	602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
 "Beware the IP portfolio, everyone will be suspect of trespassing"

More information about the samba mailing list