| View previous topic :: View next topic |
| Author |
Message |
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
 Posted: Fri Jun 11, 2004 4:00 pm Post subject: [solved] Samba 3 PDC |
 |
|
For about a week, I've been trying to get my gentoo machine to be a PDC on my network. I've been to countless HOWTO's and tutorial sites to figure out how to do it. But every time I try to make one of my XP/2K machines to join the domain, it says that my username and password is incorrect. I understand you can only use your root account to allow people to join the domain, and that exactly what I did!! I have no idea what I am doing wrong?!? Here is the link to the last HOWTO I was on... http://www.linuxhelp.ca/forums/index.php?act=ST&f=3&t=3823 and if this helps, I have Samba 3.0.2a running (Which I don't think is the problem...) Maybe someone here can figure out what I did wrong...and btw I followed those exact instructions, Step-By-Step. I think I've done it at least 4 times and still no go \=
_________________
emerge grand_styolz
Last edited by Grand Styolz on Sun Jun 13, 2004 3:58 pm; edited 1 time in total |
|
| Back to top |
|
 |
YopWongSapn
l33t
Joined: 26 Jan 2004
Posts: 627
|
| Posted: Fri Jun 11, 2004 4:15 pm Post subject: |
|
|
Did you add root as a Samba user? That's by far the most common mistake with Samba. I've done it countless times. 
Samba does not (by default) use the system's password file. It has its own user management, and users need to be added before they can log onto the Samba machine.
_________________
Gentoo...it's like wiping your ass with silk. Or sandpaper. |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Fri Jun 11, 2004 9:07 pm Post subject: |
|
|
| Quote: | 14. You must add all users with the command on the Linux server:
Linux:
useradd -m username
passwd username
Windows:
smbpasswd -a username
15. Setup and start the cups and samba services: |
i replaced root with username up their and still no go.... I even tried to do it again, like just now, and it gives me...
| Quote: | tux / # smbpasswd -a root
New SMB password:
Retype new SMB password:
Unable to open/create TDB passwd
pdb_getsampwnam: Unable to open TDB passwd (/etc/samba/private/passdb.tdb) !
tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID
Failed to add entry for user root
Failed to modify passowrd entry for user root
tux / # |
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Fri Jun 11, 2004 10:45 pm Post subject: |
|
|
I've never got a machine to automatically create it's own account on a Samba server (although it is possible) I've always had to first manually create the account on the server and then add the windows machine.
This doesn't, however, appear to be your problem. Could you post the output from testparm. |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sat Jun 12, 2004 1:05 am Post subject: |
|
|
| Quote: | tux / # testparm
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "domain admin group"
Ignoring unknown parameter "domain admin group"
Processing section "[IPC$]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = NETLAB
netbios name = PDC
server string = PDC
interfaces = eth0
bind interfaces only = Yes
passdb backend = tdbsam
pam password change = Yes
passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed*
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
logon home = \\%L\home\%U
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
utmp = Yes
map acl inherit = Yes
printing = cups
veto oplock files = /*.doc/*.xls/*.mdb/
[IPC$]
path = /tmp
hosts allow = 10.0.0.0/29, 10.1.0.0/29, 127.0.0.1
hosts deny = 0.0.0.0/0
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
use client driver = Yes
default devmode = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[shared]
comment = Network Shares
path = /shared
read only = No
tux / #
|
_________________
emerge grand_styolz
Last edited by Grand Styolz on Sun Jun 13, 2004 7:37 pm; edited 1 time in total |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 10:44 am Post subject: |
|
|
first off you need
encrypt passwords = yes
in your [global] section
However your problem seems to be in your password database, what is the output of
pdbedit -L
you should get a list of users together with UIDs and groups, if this is not the case post the output here. |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sat Jun 12, 2004 4:36 pm Post subject: |
|
|
*added* encrypt passwords = yes
tux root # pdbedit -L
ntuser:1002:
tux root #
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 6:34 pm Post subject: |
|
|
It looks like you have no root samba user
what happens if you try to add the root samba user like this
|
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sat Jun 12, 2004 7:27 pm Post subject: |
|
|
tux root # pdbedit -a -u root
new password:
retype new password:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID
Unable to add user! (does it already exist?)
tux root #
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jun 12, 2004 10:59 pm Post subject: |
|
|
what do you get for
|
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sun Jun 13, 2004 12:01 am Post subject: |
|
|
tux root # net groupmap list
Domain Admins (S-1-5-21-1060390961-1268263197-2987771102-512) -> root
System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-1605391454-3489333530-2847811489-512) -> adm
Domain Guests (S-1-5-21-1060390961-1268263197-2987771102-514) -> nobody
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Guests (S-1-5-21-1605391454-3489333530-2847811489-514) -> nobody
Domain Admins (S-1-5-21-2053994848-1283631494-2845739797-512) -> -1
Domain Admins (S-1-5-21-2727105517-2836918896-1788635133-512) -> -1
Domain Guests (S-1-5-21-2053994848-1283631494-2845739797-514) -> -1
Domain Guests (S-1-5-21-2727105517-2836918896-1788635133-514) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Users (S-1-5-21-1605391454-3489333530-2847811489-513) -> users
Domain Users (S-1-5-21-1060390961-1268263197-2987771102-513) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-2727105517-2836918896-1788635133-513) -> -1
Domain Admins (S-1-5-21-4015466948-996750401-4152269970-512) -> -1
Domain Users (S-1-5-21-2053994848-1283631494-2845739797-513) -> -1
Domain Guests (S-1-5-21-4015466948-996750401-4152269970-514) -> -1
Domain Users (S-1-5-21-4015466948-996750401-4152269970-513) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Jun 13, 2004 12:10 am Post subject: |
|
|
that's your problem,
Where have all those group mappings come from? It looks like they belong to at least three or four domains.
you may want to try deleting your group mappings then see if you can add root as a samba user. |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sun Jun 13, 2004 12:18 am Post subject: |
|
|
..lol how do i do that?!?
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sun Jun 13, 2004 7:54 am Post subject: |
|
|
| Code: | net groupmap delete ntgroup="Domain Admins"
net groupmap delete ntgroup="Domain Users"
net groupmap delete ntgroup="Domain Guests"
mv /var/cache/samba/group_mapping.tdb /var/cache/samba/group_mapping.old
net groupmap list |
That should clear it out, then you can add the root user to the samba password database with either smbpasswd or pdbedit |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Sun Jun 13, 2004 3:58 pm Post subject: |
|
|
dude, your a life saver. I don't know how I would of servived without you man...lol thnx for all the help. It's working fine now ^^
_________________
emerge grand_styolz |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Mon Jun 14, 2004 7:45 am Post subject: |
|
|
That's cool,
I have a question for you now.
1. Can you change passwords and other stuff with the user manager for domains tool? If so what account are you logged into the PC with when you do that and what groups are they a member of? |
|
| Back to top |
|
|
Grand Styolz
n00b
Joined: 06 May 2004
Posts: 43
Location: Oly, WA
|
| Posted: Thu Jun 17, 2004 12:27 am Post subject: |
|
|
| nobspangle wrote: | That's cool,
I have a question for you now.
1. Can you change passwords and other stuff with the user manager for domains tool? If so what account are you logged into the PC with when you do that and what groups are they a member of? |
Yea...that was a problem for me, I log into my domain using the administrator account on my win2k machine. I use the domain tool, and everytime time i try to add someone onto the domain or add a group, it gives me errors. Even when I try to change passwords itl give me errors. The wierd thing is, sometimes when i try to add usernames, it will give me the error, but when i check the linux machine, i see the username registered.....I'm not quite sure how to solve this but everything else is working fine.
_________________
emerge grand_styolz |
|
| Back to top |
|
|
|
Networking & Security
