RE: [Samba] Problem connecting XP to domain: "...specified domain either does not exist..."
I think I found the problem. I powered down the XP-computers, and restarted samba on the server. Seems like one of the XP's told samba that there was another domain master browser on the network. It's probably because the server had another IP when the first XP-box joined the domain. When I powered the boxes up again things worked fine :) Frode |-Original Message- |From: Adina S [mailto:[EMAIL PROTECTED] |Sent: 30. april 2004 18:52 |To: Frode Lillerud; [EMAIL PROTECTED] |Subject: RE: [Samba] Problem connecting XP to domain: "...specified domain |either does not exist..." | |Hello | |I have recently encountered yuor problem in my small |network. I have samba server and onther windows |machines. 98 and 2000 joined the domain without a |problem but XP just refused to, although I made the |registry modification. The problem is there a lot of |differnt opinions about which registry should be |modified and how... Use regedit on XP and try this: | |[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Paramete rs] |"DisablePasswordChange"=dword: |"maximumpasswordage"=dword:001e |"requiresignorseal"=dword: |"requirestrongkey"=dword: |"sealsecurechannel"=dword:0001 |"signsecurechannel"=dword:0001 |"Update"="no" | |[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] |"CompatibleRUPSecurity"=dword:0001 | |and also use the Group Policy Editor (gpedit.msc) and |enable "Computer Configuration\Administrative |Templates\System\User Profiles\Do not check for user |ownership of Roaming Profile Folders". | |Hope it will work. |And hope your root account on the samba server has is |also a samba user. You need it to join the domain. | |--- Frode Lillerud <[EMAIL PROTECTED]> wrote: |> Hi again, I'm trying to troubleshoot this, and here |> is what I've found |> so far. I'm trying to adress the problem from |> several different angles. |> |> A drawing of the net: |> http://www.lillerud.no/Testing.jpg |> My smb.conf is here: http://www.lillerud.no/smb.txt |> My log.nmbd is here: |> http://www.lillerud.no/lognmbd.txt |> |> Domain master browser related?: |> |> I'm starting to wonder if this problem could be |> connected to the domain |> master browser not being set up correctly. |> |> log.nmbd says that there is another domain master |> browser on the |> network. It reports 10.0.0.6 as being domain master |> browser, but that is |> the old IP of the samba server. Seems like it's in |> conflict with it's |> former self... |> |> log.nmbd also reports: |> []Unable to find the Domain Master Browser name |> LILLESTROM<1b> for the |> workgroup LILLESTROM. []Failed to become a domain |> master browser for |> workgroup LILLESTROM on subnet UNICAST_SUBNET. |> Couldn't register name |> LILLESTROM<1b>. []Failed to register/refresh name |> LILLESTROM<1b> on |> subnet UNICAST_SUBNET. |> |> Os level is set to 254 in smb.conf. |> |> I've tried deleting /var/lib/samba/wins.dat, but |> when I restart Samba it |> creates a new wins.dat file which claims 10.0.0.6 is |> domain master |> browser. Where does wins.dat get this info from?? |> There is no 10.0.0.6 |> computer on the network! Is it getting the IP from |> the some database in |> the XP computers? Or perhaps the firewall or WLAN |> accesspoint?? |> |> Both XP machines have been added to the samba PDC in |> accordance to the |> Unofficial Samba HOWTO. |> |> Ethereal traffic: |> |> I have also used ethereal to look at the traffic |> between the XP clients |> and the samba server. Domain name is LILLESTROM, |> Samba has IP |> 192.168.1.3 and XP has IP 192.168.1.92. The |> conversation goes a bit like |> this: |> --- |> XP: Who has NB LILLESTROM<1c> ? |> Samba:That's me! |> XP: SAM LOGON request from client |> Samba:SAM RESPONSE - User unknown<-- (potentional |> problem??) |> XP: SAM LOGON request from client |> Samba:Response to SAM LOGON request |> -- |> The two computers say the same things a few more |> times before XP reports |> "The specified domain either does not exist or could |> not be contacted". |> |> I have, at one time been able to connect one XP |> computer to the domain, |> but when I tried to disconnect it, and then make it |> a member again it |> also fails with the same error. |> |> Secure channel related?: |> |> I've also been thinking that perhaps the schannel |> parameter could be |> involved. I've tried a few variations of the 'server |> schannel' and |> 'server signing' para
RE: [Samba] Problem connecting XP to domain: "...specified domain either does not exist..."
Hi again, I'm trying to troubleshoot this, and here is what I've found so far. I'm trying to adress the problem from several different angles. A drawing of the net: http://www.lillerud.no/Testing.jpg My smb.conf is here:http://www.lillerud.no/smb.txt My log.nmbd is here:http://www.lillerud.no/lognmbd.txt Domain master browser related?: I'm starting to wonder if this problem could be connected to the domain master browser not being set up correctly. log.nmbd says that there is another domain master browser on the network. It reports 10.0.0.6 as being domain master browser, but that is the old IP of the samba server. Seems like it's in conflict with it's former self... log.nmbd also reports: []Unable to find the Domain Master Browser name LILLESTROM<1b> for the workgroup LILLESTROM. []Failed to become a domain master browser for workgroup LILLESTROM on subnet UNICAST_SUBNET. Couldn't register name LILLESTROM<1b>. []Failed to register/refresh name LILLESTROM<1b> on subnet UNICAST_SUBNET. Os level is set to 254 in smb.conf. I've tried deleting /var/lib/samba/wins.dat, but when I restart Samba it creates a new wins.dat file which claims 10.0.0.6 is domain master browser. Where does wins.dat get this info from?? There is no 10.0.0.6 computer on the network! Is it getting the IP from the some database in the XP computers? Or perhaps the firewall or WLAN accesspoint?? Both XP machines have been added to the samba PDC in accordance to the Unofficial Samba HOWTO. Ethereal traffic: I have also used ethereal to look at the traffic between the XP clients and the samba server. Domain name is LILLESTROM, Samba has IP 192.168.1.3 and XP has IP 192.168.1.92. The conversation goes a bit like this: --- XP: Who has NB LILLESTROM<1c> ? Samba:That's me! XP: SAM LOGON request from client Samba:SAM RESPONSE - User unknown <-- (potentional problem??) XP: SAM LOGON request from client Samba:Response to SAM LOGON request -- The two computers say the same things a few more times before XP reports "The specified domain either does not exist or could not be contacted". I have, at one time been able to connect one XP computer to the domain, but when I tried to disconnect it, and then make it a member again it also fails with the same error. Secure channel related?: I've also been thinking that perhaps the schannel parameter could be involved. I've tried a few variations of the 'server schannel' and 'server signing' parameters, but am unable to see any positive effects from this. Any hints, tips, thoughts or comments are greatly appreciated! I'm really in a bind here, and need to have this working on Monday. Thanks Frode System Admin |-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Frode Lillerud |Sent: 30. april 2004 12:19 |To: [EMAIL PROTECTED] |Subject: RE: [Samba] Problem connecting XP to domain: "...specified domain |either does not exist..." | |I applogize for bumping this mail, but I have to have this server up and |running by Monday morning. Otherwise there will be some very upset |real-estate brokers. | |Anyone know why I get the error: |"The specified domain either does not exist or could not be contacted." | |Thanks |Frode | ||-Original Message- ||From: [EMAIL PROTECTED] [mailto:samba- ||[EMAIL PROTECTED] On Behalf Of Frode Lillerud ||Sent: 29. april 2004 12:27 ||To: [EMAIL PROTECTED] ||Subject: [Samba] Problem connecting XP to domain: "...specified domain ||either does not exist..." || ||Hi, || ||Samba 3.0.2a, Debian linux, 2.6.5 kernel, PDC server, WinXP clients. || ||I'm getting the following error when I try to add an XP machine to our ||domain. || ||"The specified domain either does not exist or could not be contacted." || ||I've applied the SIGN-OR-SEAL patch. ||The computer is connected through a wireless NIC to the network. I am ||able to ping the server. ||One other XP machine has successfully connected with the domain. || ||I've seen the errormessage somewhere in the mailinglist before, I |think, ||but am unable to find an answer to the problem. || ||Thanks ||Frode ||-- ||To unsubscribe from this list go to the following URL and read the ||instructions: http://lists.samba.org/mailman/listinfo/samba | |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem connecting XP to domain: "...specified domain either does not exist..."
I applogize for bumping this mail, but I have to have this server up and running by Monday morning. Otherwise there will be some very upset real-estate brokers. Anyone know why I get the error: "The specified domain either does not exist or could not be contacted." Thanks Frode |-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Frode Lillerud |Sent: 29. april 2004 12:27 |To: [EMAIL PROTECTED] |Subject: [Samba] Problem connecting XP to domain: "...specified domain |either does not exist..." | |Hi, | |Samba 3.0.2a, Debian linux, 2.6.5 kernel, PDC server, WinXP clients. | |I'm getting the following error when I try to add an XP machine to our |domain. | |"The specified domain either does not exist or could not be contacted." | |I've applied the SIGN-OR-SEAL patch. |The computer is connected through a wireless NIC to the network. I am |able to ping the server. |One other XP machine has successfully connected with the domain. | |I've seen the errormessage somewhere in the mailinglist before, I think, |but am unable to find an answer to the problem. | |Thanks |Frode |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot sync browser list
Hi, Samba 3.0.2a, Debian linux, 2.6.x kernel, PDC server, WinXP clients I'm setting up a PDC server, and it's also acting as a browse master. A few days ago the computer was given the IP adress 10.0.0.6 by our DHCP server. Since then I've changed the network to use 192.168.1.x IP's instead, and the server has now got 192.168.1.3 as it's IP. But, even though I've restarted the server several times I get the following in my log.nmbd. Note that there is NO 10.0.0.6 computer anywhere on the net. [2004/04/29 15:34:05, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup LILLESTROM, subnet UNICAST_SUBNET. [2004/04/29 15:34:05, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.1.3 for domain master browser name LILLESTROM<1b> $ [2004/04/29 15:34:06, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 10.0.0.6 for workgroup LILLESTROM registered on subnet UNICAST_SUBNET. How can I get this to work properly?? Thanks Frode -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem connecting XP to domain: "...specified domain either does not exist..."
Hi, Samba 3.0.2a, Debian linux, 2.6.5 kernel, PDC server, WinXP clients. I'm getting the following error when I try to add an XP machine to our domain. "The specified domain either does not exist or could not be contacted." I've applied the SIGN-OR-SEAL patch. The computer is connected through a wireless NIC to the network. I am able to ping the server. One other XP machine has successfully connected with the domain. I've seen the errormessage somewhere in the mailinglist before, I think, but am unable to find an answer to the problem. Thanks Frode -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] cannot change user password with CTRL-ALT-DEL
I have the exact same problem. I have not had time to debug the problem, but am very interrested in resolving the problem. |-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Angel Chiou |Sent: 19. april 2004 22:14 |To: [EMAIL PROTECTED] |Subject: [Samba] cannot change user password with CTRL-ALT-DEL | |I've been running samba (currently 2.2.3a-13 for Debian) as a PDC with W2k |clients for over two years. The system was up and running quite well for a |long time. A couple of days ago, I installed the following MS-patches: | |MS04-011 |MS04-012 |MS04-013 |MS04-014 |MS02-011 | |Now when users try to change their password from the w2k clients using |CTRL-ALT-DEL, a popup window appears saying: "password change failed, the |domain is not available". But the fact is that the password has been |succesfully changed (i.e. the popup should state: "password succesfully |changed."). When users log out and login again, the login obviusly fails, |since users use their old passwords instead of the new ones... | |I wonder whether I am the only one who is experiencing this problem and |whether somebody knows how to solve this problem. | |I can send the logs (nmbd.log, smbd.log and log.machinename) if somebody |needs them. | |Thanks, | |Angel Chiou | |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "A device attached to the system is not functioning"
Hello, Samba 3.0.2a, Debian linux, 2.6.x kernel, PDC server, WinXP clients. When I try to log in on a XP client I get this message: "A device attached to the system is not functioning" I have tried google'ing for the error, but to no avail. I have earlier created a user (anna), which can successfully log in from my laptop. When I try to log in with anna on my workstation, I get the error above. If I type the wrong password, I get the normal password-error message, so it seems like it's able to recognize the user and password. If I log in with my local adminstrator, and open the share \\server , I get a box for username and password. Typing anna, and her password here gives me access to the samba shares, so also here it looks like the user is functioning properly. The log-file says something about schannel. I've tried having default schannel settings, and also the ones I have in the smb.conf below, but no change. The log-file also talks about "conflicting domain portions", but I'm not sure what that means. The samba_workstation.log file (debug level 1) says: [2004/04/14 15:42:32, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371) failed to decode PDU [2004/04/14 15:42:32, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. [2004/04/14 15:42:33, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(705) _net_sam_logon: user ISENGARD\anna has user sid S-1-5-21-2641962930-4089608471-2571597100-3032 but group sid S-1-5-21-481718812-4177942570-2152560252-513. The conflicting domain portions are not supported for NETLOGON calls [2004/04/14 15:42:45, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(705) _net_sam_logon: user ISENGARD\anna has user sid S-1-5-21-2641962930-4089608471-2571597100-3032 but group sid S-1-5-21-481718812-4177942570-2152560252-513. The conflicting domain portions are not supported for NETLOGON calls My smb.conf looks like this: [global] # Server settings netbios name = server workgroup = ISENGARD server string = Testing PDC security = user encrypt passwords = yes # PDC settings domain logons = yes logon script = newlog.bat server schannel = yes server signing = no # Browser and WINS settings domain master = yes local master = yes preferred master = yes os level = 255 wins support = yes # Other services time server = yes # Debugging and Logging log level = 1 log file = /tmp/samba_%m.log max log size = 1000 #1MB debug timestamp = yes syslog = 1 [netlogon] path = /var/lib/samba/netlogon browseable = yes writable = no [homes] comment = Home for %u writeable = yes browseable = no An extract from the /etc/samba/smbpasswd, where Frodo is the NETBIOS name of the workstation. Frodo$:1013:B5A740276D3ECCA304D5DCD03D39A27A:A719EC89B9D1ADDBA2899135EF3 AB859:[W ]:LCT-4064A7C0: anna:1016:17355B639265D301AAD3B435B51404EE:80261BBFF0568C419F3B657EA8BBA 5C1:[U ]:LCT-4062F759: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting stats for logged in domain users?
Samba 3.0.2a, Debian linux, 2.6.x kernel, PDC server, WinXP clients. Hi, I'm setting up a samba server for one of our branch offices. During the monitoring of the server I'd like to be able to view how many domain users, and which ones, are logged in on the domain at particular times. The users use WinXP. Is there any way of getting number of logged on domainusers, their IP's or usernames? My alternative way is to write a perl script to analyze the samba logfiles. Thanks Frode -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Small problem with XP client
|-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Alex Sharaz |Sent: 29. mars 2004 13:13 |To: [EMAIL PROTECTED] |Subject: [Samba] Small problem with XP client | |Hi all, |got a small problem with a windows XP client when logging onto a 2.7 samba |server. | |While the user can log on o.k., every time they do, notepad fires up and |opens desktop.ini for editing. I've also seen this problem. I changed from roaming to local profiles (because our office is not going to use roaming profiles), and I think fixed the problem with desktop.ini. Frode | |Can anyone suggest why and how to fix this. |Alex | | |Sent using Mulberry 3.01a |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP gives Access denied for domain logon - solved, but with new problem
I found the solution to the Access Denied errormessage. When I change my computer from workgroup to domain I have to use user root when giving username and password. I used frode, a non priviliged user, and thats why it failed. I still have another problem though. When I try to log on with user anna on my laptop it works fine, but if I try user anna on my stationary, or user frode on either computer I get the message "A device attached to the system is not functioning." It seems like it's talking to the PDC, cause if I give the wrong password it gives the usual errormessage for bad password. The samba logfile reports, among others: Failed to do schannel processing Authentication for user frode succeeded The conflicting domain portions are not supported for NETLOGON calls Failed to decode PDU Has anyone seen that windows errormessage before, or know that the logfile lines mean? Frode System Administrator |-Original Message- |From: Radio Gong 2000 GmbH & Co. KG [Technik] |[mailto:[EMAIL PROTECTED] |Sent: 26. mars 2004 20:15 |To: Frode Lillerud |Subject: Re: [Samba] XP gives Access denied for domain logon | |Try to set | |server schannel = Yes |server signing = No | |in globals section | |Am Freitag, 26. März 2004 19:33 schrieben Sie: |> I tried adding the SIGN-OR-SEAL patch (WinXP_SignOrSeal.reg - thanks |> Sascha), but I still get the same "Access Denied" when I try to change |> from Workgroup to Domain, and log on from my desktop machine. |> |> I've also tried to log on with the new user (frode) from my laptop, but |> get the message: "A device attached to the system is not functioning." |> As I wrote earlier I have a working another domain user (anna) on the |> laptop, but am unsuccessful in adding more. |> |> Any more suggestions? Could it be something with using a samba-command |> to add the machine? |> |> Frode |> System Administrator |> |> |-Original Message- |> |From: [EMAIL PROTECTED] [mailto:samba- |> |[EMAIL PROTECTED] On Behalf Of Radio Gong 2000 |> |GmbH & Co. KG [Technik] |> |Sent: 26. mars 2004 10:29 |> |To: [EMAIL PROTECTED] |> |Subject: Re: [Samba] XP gives Access denied for domain logon |> | |> |Did you apply the SIGN-OR-SEAL-Patch for the registry? |> | |> |Am Freitag, 26. März 2004 10:21 schrieb Frode Lillerud: |> |> Samba 3.0.2a-Debian |> |> |> |> I have a somewhat working PDC server, but have some difficulties |> |> adding |> |> |> more users. I managed to create a user, anna, a couple of days ago, |> |> it |> |> |> she works fine from my wireless laptop. |> |> |> |> To sort out some problems I have with the logon.bat script [see |> |> sambalist "Netlogon script executes randomly"], I am also including |> |> my |> |> |> desktop computer to the domain. |> |> |> |> I've run the following commands on the server: |> |> useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s |> |> /bin/false frode |> |> and |> |> smbpasswd -a frode |> |> and |> |> net groupmap modify ntgroup="Domain Users" unixgroup=users |> |> |> |> When I switch the XP computer from workgroup to domain I get a popup |> |> box |> |> |> for username/password for the domain. Here I write username frode, |> |> and |> |> |> the password I set with smbpasswd. |> |> |> |> XP responds with a "Access denied" message. |> |> |> |> The samba logfile says: |> |> [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305) |> |> check_ntlm_password: authentication for user [frode] -> [frode] -> |> |> [frode] succeeded |> |> [2004/03/26 10:16:03, 2] |> |> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) |> |> Returning domain sid for domain ISENGARD -> |> |> S-1-5-21-2641962930-4089608471-2571597100 |> |> [2004/03/26 10:16:03, 2] |> |> rpc_server/srv_samr_nt.c:access_check_samr_object(93) |> |> _samr_open_domain: ACCESS DENIED (requested: 0x0211) |> |> [2004/03/26 10:16:03, 2] |> |> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) |> |> Returning domain sid for domain ISENGARD -> |> |> S-1-5-21-2641962930-4089608471-2571597100 |> |> [2004/03/26 10:16:03, 2] |> |> rpc_server/srv_samr_nt.c:access_check_samr_function(115) |> |> _samr_create_user: ACCESS DENIED (granted: 0x0201; required: |> |> 0x0010) |> |> [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558) |> |> Closing connections |> |> |> |> My smb.conf: |> |> # Setting up Samba 3.0 as a Primary Domain Controller |> |> |> |> [global] |> |> # Server settings |> |> netbi
RE: [Samba] XP gives Access denied for domain logon
I tried adding the SIGN-OR-SEAL patch (WinXP_SignOrSeal.reg - thanks Sascha), but I still get the same "Access Denied" when I try to change from Workgroup to Domain, and log on from my desktop machine. I've also tried to log on with the new user (frode) from my laptop, but get the message: "A device attached to the system is not functioning." As I wrote earlier I have a working another domain user (anna) on the laptop, but am unsuccessful in adding more. Any more suggestions? Could it be something with using a samba-command to add the machine? Frode System Administrator |-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Radio Gong 2000 |GmbH & Co. KG [Technik] |Sent: 26. mars 2004 10:29 |To: [EMAIL PROTECTED] |Subject: Re: [Samba] XP gives Access denied for domain logon | |Did you apply the SIGN-OR-SEAL-Patch for the registry? | |Am Freitag, 26. März 2004 10:21 schrieb Frode Lillerud: |> Samba 3.0.2a-Debian |> |> I have a somewhat working PDC server, but have some difficulties adding |> more users. I managed to create a user, anna, a couple of days ago, it |> she works fine from my wireless laptop. |> |> To sort out some problems I have with the logon.bat script [see |> sambalist "Netlogon script executes randomly"], I am also including my |> desktop computer to the domain. |> |> I've run the following commands on the server: |> useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s |> /bin/false frode |> and |> smbpasswd -a frode |> and |> net groupmap modify ntgroup="Domain Users" unixgroup=users |> |> When I switch the XP computer from workgroup to domain I get a popup box |> for username/password for the domain. Here I write username frode, and |> the password I set with smbpasswd. |> |> XP responds with a "Access denied" message. |> |> The samba logfile says: |> [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305) |> check_ntlm_password: authentication for user [frode] -> [frode] -> |> [frode] succeeded |> [2004/03/26 10:16:03, 2] |> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) |> Returning domain sid for domain ISENGARD -> |> S-1-5-21-2641962930-4089608471-2571597100 |> [2004/03/26 10:16:03, 2] |> rpc_server/srv_samr_nt.c:access_check_samr_object(93) |> _samr_open_domain: ACCESS DENIED (requested: 0x0211) |> [2004/03/26 10:16:03, 2] |> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) |> Returning domain sid for domain ISENGARD -> |> S-1-5-21-2641962930-4089608471-2571597100 |> [2004/03/26 10:16:03, 2] |> rpc_server/srv_samr_nt.c:access_check_samr_function(115) |> _samr_create_user: ACCESS DENIED (granted: 0x0201; required: |> 0x0010) |> [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558) |> Closing connections |> |> My smb.conf: |> # Setting up Samba 3.0 as a Primary Domain Controller |> |> [global] |> # Server settings |> netbios name = sauroman |> workgroup = ISENGARD |> server string = Testing PDC |> security = user |> # guest account = smbguest |> encrypt passwords = yes |> |> # PDC settings |> domain logons = yes |> logon script = newlog.bat |> |> # Browser and WINS settings |> domain master = yes |> local master = yes |> preferred master = yes |> os level = 255 |> wins support = yes |> |> # Other services |> time server = yes |> |> # Debugging and Logging |> log level = 2 |> log file = /tmp/samba_%m.log |> max log size = 1000 #1MB |> debug timestamp = yes |> syslog = 1 |> |> [netlogon] |> path = /var/lib/samba/netlogon |> browseable = yes |> writable = yes # set this to no again! |> |> [homes] |> comment = Home for %u |> writeable = yes |> browseable = no |> ; map archive = yes ;? | |-- |Mit freundlichen Grüssen | |Sascha Bieler |___ |Radio Gong 2000 GmbH & Co. KG |Sascha Bieler |Technischer Leiter |Franz-Joseph-Strasse 14 |80801 München | |Tel.: +49 89 38 166 181 |Fax.: +49 89 38 166 180 |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP gives Access denied for domain logon
Samba 3.0.2a-Debian I have a somewhat working PDC server, but have some difficulties adding more users. I managed to create a user, anna, a couple of days ago, it she works fine from my wireless laptop. To sort out some problems I have with the logon.bat script [see sambalist "Netlogon script executes randomly"], I am also including my desktop computer to the domain. I've run the following commands on the server: useradd -m -k /home/samba/skeleton/ -d /home/samba/frode -g users -s /bin/false frode and smbpasswd -a frode and net groupmap modify ntgroup="Domain Users" unixgroup=users When I switch the XP computer from workgroup to domain I get a popup box for username/password for the domain. Here I write username frode, and the password I set with smbpasswd. XP responds with a "Access denied" message. The samba logfile says: [2004/03/26 10:16:02, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [frode] -> [frode] -> [frode] succeeded [2004/03/26 10:16:03, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain ISENGARD -> S-1-5-21-2641962930-4089608471-2571597100 [2004/03/26 10:16:03, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2004/03/26 10:16:03, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2461) Returning domain sid for domain ISENGARD -> S-1-5-21-2641962930-4089608471-2571597100 [2004/03/26 10:16:03, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2004/03/26 10:16:03, 2] smbd/server.c:exit_server(558) Closing connections My smb.conf: # Setting up Samba 3.0 as a Primary Domain Controller [global] # Server settings netbios name = sauroman workgroup = ISENGARD server string = Testing PDC security = user # guest account = smbguest encrypt passwords = yes # PDC settings domain logons = yes logon script = newlog.bat # Browser and WINS settings domain master = yes local master = yes preferred master = yes os level = 255 wins support = yes # Other services time server = yes # Debugging and Logging log level = 2 log file = /tmp/samba_%m.log max log size = 1000 #1MB debug timestamp = yes syslog = 1 [netlogon] path = /var/lib/samba/netlogon browseable = yes writable = yes # set this to no again! [homes] comment = Home for %u writeable = yes browseable = no ; map archive = yes ;? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netlogon script executes randomly
|-Original Message- |From: [EMAIL PROTECTED] [mailto:samba- |[EMAIL PROTECTED] On Behalf Of Gémes Géza |Sent: 26. mars 2004 00:24 |To: Frode Lillerud |Cc: [EMAIL PROTECTED] |Subject: Re: [Samba] Netlogon script executes randomly | |-BEGIN PGP SIGNED MESSAGE- |Hash: SHA1 | |Gerald (Jerry) Carter írta: || Frode Lillerud wrote: || | Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. || | || | I use a Windows XP Pro laptop to log on wirelessly, and things seems to || | be working fine except with the logon.bat script. || | || | I have added "logon script = logon.bat" and the netlogon share in my || | smb.conf. || | || | The logon.bat has executed a few times (perhaps 10% of || | the times), but there is obviously a problem. The logon.bat || | is created with DOS style CR/LF. || || general this kind of behavior would happen if you were || using cached credentials to logon. You might want to || disable caching of logon credentials temporaily so help || track down the problem. flakey wireless maybe ? || || |I would also recomend to check if you can successfully run the logon |script from command prompt. I've had once problems with a Win2k box |which after installing a program which filled in in the path things like |C:\PROGRA~1\.., failed to find the net command. | I've tried logging in and run: net use k: \\sauroman\netlogon and it seems to be working just fine. The drive is mapped, and I can run the logon.bat manually without any problems. Occationally I also see that C:\Windows\System32\cmd.exe is running, but just shuts down again. This is not the logon-script! I've added a pause statement to it to keep it from closing. I'm also trying to test this from my desktop computer, to see if the wireless connection has any bad sideeffects, but I have thus far been unable to create a new sambauser. See separate mail to sambalist called "XP gives Access denied for domain logon". |Cheers | |Geza |-BEGIN PGP SIGNATURE- |Version: GnuPG v1.2.3 (GNU/Linux) |Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org | |iD8DBQFAY2od/PxuIn+i1pIRAloXAJ9Jf51+hCQVdLRdln1/onUWjLOBNACdEd0e |DET5fNRGwqKvjjKDjMBDG1I= |=UNjU |-END PGP SIGNATURE- | |-- |To unsubscribe from this list go to the following URL and read the |instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon script executes randomly
Hi, I have set up Samba 3.0.2a on my Debian server as a PDC. I use a Windows XP Pro laptop to log on wirelessly, and things seems to be working fine except with the logon.bat script. I have added "logon script = logon.bat" and the netlogon share in my smb.conf. The logon.bat has executed a few times (perhaps 10% of the times), but there is obviously a problem. The logon.bat is created with DOS style CR/LF. Anyone know what could be wrong? My smb.conf file: # Setting up Samba 3.0 as a Primary Domain Controller [global] # Server settings netbios name = sauroman workgroup = ISENGARD server string = Testing PDC security = user # guest account = smbguest encrypt passwords = yes # PDC settings domain logons = yes logon script = newlog.bat # Browser and WINS settings domain master = yes local master = yes preferred master = yes os level = 255 wins support = yes # Other services time server = yes # Debugging and Logging log level = 1 log file = /tmp/samba_%m.log max log size = 1000 #1MB debug timestamp = yes syslog = 1 [netlogon] path = /var/lib/samba/netlogon browseable = yes writable = yes # set this to no again! #[profiles] # path = /var/lib/samba/profiles # read only = no # create mask = 0600 # directory mask = 0700 [homes] comment = Home for %u writeable = yes browseable = no ; map archive = yes ;? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
