[Samba] Unable to solve the problem in setting up PDC for network

Wed Jun 2 10:47:54 MDT 2010

>
> --- Original message ---
> Subject: [Samba] Unable to solve the problem in setting up PDC for 
> network
> From: Some One <databytes at gmail.com>
> To: <samba at lists.samba.org>
> Date: Wednesday, 02/06/2010  6:29 AM
>
> Hi Guys,
> Can you please tell me why is this failing to connect
>
> I'am running samba on Freebsd 8.
> I've pasted the testparm of samba.
>
> It first gave me unable to connect as a RPC
> and now it again gives me error that unknown user or password.
>
> -------------------------------------------------------------------
> CAN YOU TELL ME HOW TO SETUP MACHINE ACCOUNTS AND NORMAL SAMBA 
> ACCOUNTS to
> connect XP PRO Machines./ IF THERE IS ANY PROBLEM WITH smb.conf?
> -----------------------------------------------------------------
Shouting is rude.
>
>
>
>
>
> server# testparm /usr/local/etc/smb.conf
> Load smb config files from /usr/local/etc/smb.conf
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[Profiles]"
> Processing section "[printers]"
> Processing section "[tmp]"
> Processing section "[public]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = INET
> netbios name = INET
> server string = Server
> log file = /var/log/samba/log.%m
> max log size = 50
> add user script = /usr/sbin/useradd %u

For starters, on FreeBSD the command is /usr/sbin/adduser.  Useradd is 
soooo System V.
>
>
> delete user script = /usr/sbin/userdel %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> delete user from group script = /usr/sbin/deluser %u %g
> add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
> /dev/null -s /bin/false %u

It's /usr/bin/false on FreeBSD.  You should know most default smb.conf 
settings assume some flavor on Linux.
>
>
> logon path = \\%L\Profiles\%U
> domain logons = Yes
> os level = 65
> domain master = Yes
> dns proxy = No
> wins support = Yes
> winbind trusted domains only = Yes
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /usr/local/samba/lib/netlogon
> guest ok = Yes
> share modes = No
>
> [Profiles]
> path = /usr/local/samba/profiles
> guest ok = Yes
> browseable = No

Did you install from ports?  These directories are not created by 
installing from ports.  Did you create them and set the perms?
>
>
>
> [
SNIP

Did you create an administrator account and map it to root?  Or at 
least do smbpasswd -a root?

Are you adding a machine to the domain?  If you're not using ldap with 
FreeBSD this is somewhat tricky, especially if you have incorrect 
paths in smb.conf, which you do.  Check this:

"There are three ways to create Machine Trust Accounts:
  Manual creation from the UNIX/Linux command line. Here, both the 
Samba and  corresponding UNIX account are created by hand.
   Using the MS Windows NT4 Server Manager, either from an NT4 domain 
member  server or using the Nexus toolkit available from the Microsoft 
Web site.  This tool can be run from any MS Windows machine as long as 
the user is  logged on as the administrator account.
   “On-the-fly” creation. The Samba Machine Trust Account is 
automatically  created by Samba at the time the client is joined to 
the domain.  (For security, this is the recommended method.) The 
corresponding UNIX  account may be created automatically or manually.
Neither MS Windows NT4/200x/XP Professional, nor Samba, provide any 
method for enforcing the method of machine trust account creation. 
This is a matter of the administrator's choice...(manual creation of 
machine accounts on FreeBSD uses chpass thusly:)

On *BSD systems, this can be done using the chpass utility:

root# chpass -a \
'machine_name$:*:101:100::0:0:Windows 
machine_name:/dev/null:/sbin/nologin'"

<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#machine-trust-accounts>

Cheers,