[Samba] failure to add a machine to domain

Dale Schroeder dale at BriannasSaladDressing.com
Tue Oct 10 19:44:41 GMT 2006


This might be able to help you with your problem:


It solved mine.


David Bear wrote:
> We put together a samba 3.0.x server to replace an nt domain
> controller 3 weeks ago when our nt servers were being hit by and
> unpatched/unpatchable vulnerability in nt. we went through numerous
> howto's and other documents. The net rpc vampire seem to grab
> everything fine. However, now when we attempt to add a machine to the
> domain we get a failure. 
> looking through the log files we see 
> 2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452)
>   NT user token: (NULL)
> [2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319)
>   change_to_root_user: now uid=(0,0) gid=(0,0)
> but no other obvious failure.
> relevant portion of smb.conf
>         add group script = /usr/sbin/groupadd %g
>         delete group script = /usr/sbin/groupdel '%g'
>         add user script = /usr/sbin/useradd -m '%u'
>         add user to group script = /usr/sbin/groupmod -A '%u' '%g'
>         delete user from group script = /usr/sbin/groupmod -R '%u' '%g'
>         delete user script = /usr/sbin/userdel '%s'
>         add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s /bin/false '%u'
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
> We might have had a problem with our groupmaps but we were able to
> resovle those with net groupmap modify commands. Now 'Domain Admins'
> maps to group root. The user I add the machine as is a member of group
> root.
> Any pointers would be greatly appreciated.
> btw, I posted on this problem 3 weeks ago and received no responses.
> However, after googling for it, I did find someone responded but I
> never received it. Please, if you have any advice post both to the
> list and to me so I can follow the thread somewhere.

More information about the samba mailing list