A few weeks ago I installed Samba on CentOS 5.3. Its purpose was to serve as a primary domain controller along with a file server. After spending several weeks playing with the config and settings to get it working I finally got it spot-on. I was able to connect from vista business and login to each user which had roaming profiles. This week I reformatted the vista business computers to remove all the badware so we could start from scratch. I setup these vista machines exactly the same we before with the same IPs, DNS, Workgroup Name, etc... When I attempted to connect to the domain controller I come acorss some problems.
I tried connecting using the same domain admin details previously used which worked only to get an error message, The credentials supplied conflict with an existing set of credentials. To start over, I then removed all the centos users, removed all the net groups, and all the samba users. I then created a new group called domainadmins (SID 512), domainusers (SID 513), and domainguests (SID 514). I added a domainadmin user (SID 500) and assigned it to group domainadmins. I created several users and added them to domainusers. I also added the nt group map "Domain Admins", "Domain Users", and "Domain Guests" and assigned those to the coresponding unix groups. I also added all these users into samba using smbpasswd -a username. After checking the smbd.log file I could see an error "tree connect failed: NT_STATUS_ACCESS_DENIED". I looked this up online and found it was an error caused by the line "valid users = @group". I removed this line from the config, restarted samba and tried again. I must point out that I AM able to connect to the samba file server from vista and access the private user files (once logged in to that user) and the shared directory. This suggests that the usernames and passwords are setup correctly and work for the correct groups. I rebooted the vista machine and tried connecting to the samba pdc where it asks for login details to join the domain, not the login details for windows. I entered the domainadmin and the password, vista waits for a moment then displays an error, something to do with the machine account. I followed the samba docs and manually added the machine trust account into samba. Firstly adding "PC1$" as a centos user, then as a samba users with the -m attribute. I then tried again to connect then vista shows another error saying it cannot connect because of an existing account already exists. If I remove the account trust is doesn't connect, but it I manually add the trust then it conflicts saying it already exists. What do I do? One final question. When windows asks for a login to join the domain (NOT TO LOGIN USERS) what login is this? Is this the domainadmin account for every pc, or does each pc have a different login? Are these admin group logins, user group logins, or something different? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
