[Samba] failure to add a machine to domain
Dale Schroeder
dale at BriannasSaladDressing.com
Tue Oct 10 19:44:41 GMT 2006
David,
This might be able to help you with your problem:
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html
It solved mine.
Dale
David Bear wrote:
> We put together a samba 3.0.x server to replace an nt domain
> controller 3 weeks ago when our nt servers were being hit by and
> unpatched/unpatchable vulnerability in nt. we went through numerous
> howto's and other documents. The net rpc vampire seem to grab
> everything fine. However, now when we attempt to add a machine to the
> domain we get a failure.
>
> looking through the log files we see
> 2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452)
> NT user token: (NULL)
> [2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319)
> change_to_root_user: now uid=(0,0) gid=(0,0)
>
> but no other obvious failure.
>
> relevant portion of smb.conf
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel '%g'
> add user script = /usr/sbin/useradd -m '%u'
> add user to group script = /usr/sbin/groupmod -A '%u' '%g'
> delete user from group script = /usr/sbin/groupmod -R '%u' '%g'
> delete user script = /usr/sbin/userdel '%s'
> add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s /bin/false '%u'
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> We might have had a problem with our groupmaps but we were able to
> resovle those with net groupmap modify commands. Now 'Domain Admins'
> maps to group root. The user I add the machine as is a member of group
> root.
>
> Any pointers would be greatly appreciated.
>
> btw, I posted on this problem 3 weeks ago and received no responses.
> However, after googling for it, I did find someone responded but I
> never received it. Please, if you have any advice post both to the
> list and to me so I can follow the thread somewhere.
>
>
>
More information about the samba
mailing list