On Tue, 2009-06-30 at 16:30 -0700, [email protected] wrote: > A few weeks ago I installed Samba on CentOS 5.3. Its purpose was to > serve as a primary domain controller along with a file server. After > spending several weeks playing with the config and settings to get it > working I finally got it spot-on. I was able to connect from vista > business and login to each user which had roaming profiles. This week > I reformatted the vista business computers to remove all the badware > so we could start from scratch. I setup these vista machines exactly > the same we before with the same IPs, DNS, Workgroup Name, etc... When > I attempted to connect to the domain controller I come acorss some > problems. > > I tried connecting using the same domain admin details previously used > which worked only to get an error message, The credentials supplied > conflict with an existing set of credentials. To start over, I then > removed all the centos users, removed all the net groups, and all the > samba users. I then created a new group called domainadmins (SID 512), > domainusers (SID 513), and domainguests (SID 514). I added a > domainadmin user (SID 500) and assigned it to group domainadmins. I > created several users and added them to domainusers. I also added the > nt group map "Domain Admins", "Domain Users", and "Domain Guests" and > assigned those to the coresponding unix groups. I also added all these > users into samba using smbpasswd -a username. > > After checking the smbd.log file I could see an error "tree connect > failed: NT_STATUS_ACCESS_DENIED". I looked this up online and found it > was an error caused by the line "valid users = @group". I removed this > line from the config, restarted samba and tried again. > > I must point out that I AM able to connect to the samba file server > from vista and access the private user files (once logged in to that > user) and the shared directory. This suggests that the usernames and > passwords are setup correctly and work for the correct groups. > > I rebooted the vista machine and tried connecting to the samba pdc > where it asks for login details to join the domain, not the login > details for windows. I entered the domainadmin and the password, vista > waits for a moment then displays an error, something to do with the > machine account. > > I followed the samba docs and manually added the machine trust account > into samba. Firstly adding "PC1$" as a centos user, then as a samba > users with the -m attribute. I then tried again to connect then vista > shows another error saying it cannot connect because of an existing > account already exists. If I remove the account trust is doesn't > connect, but it I manually add the trust then it conflicts saying it > already exists. > > What do I do? > > > > One final question. When windows asks for a login to join the domain > (NOT TO LOGIN USERS) what login is this? Is this the domainadmin > account for every pc, or does each pc have a different login? Are > these admin group logins, user group logins, or something different? > > You will have to reset the machine account in Samba. Because you reformatted the windows systems the Samba server sees them as different computers now. Delete the old machine account and rebuild a new one.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
