Re: [Samba] Method for joining machines to PDC without using root
John H Terpstra wrote: On Mon, 23 Dec 2002, ___cliff rayman___ wrote: You have your verification. Got a better suggestion? Send us your patches and we will look at them. i know, suggestions are cheap, good patches are like diamonds :-) if the problem is smbpasswd permissions, perhaps it can be set to mode 660 instead of 600, and with a group something like domainadd. any user with domainadd group, can add a windows box to the domain. users can be created in this special group that could do nothing else but add windows boxes to the domain. no logins - no share permissions etc.. i did look at the code, but it is way over my head without several hundred hours of study. :-) my only other option would be to issue a: smbpasswd root make a temporary password, talk someone into joining a domain on the phone, immediately change the password back so it is secure. No different from NT/2K really. i assumed that this was a samba requirement and not a windows requirement. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Method for joining machines to PDC without using root
currently, in order to join a win XP machine to a samba PDC, you have to use the root account (although you can use an smbpasswd and not the linux password). is there any way to set up another account to do this one particular task (one without uid=0)?. if we have users in remote places, i do not want to have to go over to their work station just to log them on the the domain. alsoi don't want to give them a login and password that could compromise the system the samba is running on (linux). i think the answer is no from some of the information i found by googling, but i wanted to verify the answer here. my only other option would be to issue a: smbpasswd root make a temporary password, talk someone into joining a domain on the phone, immediately change the password back so it is secure. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error Saving Certain Files in Profile from Win XP PRO
John H Terpstra wrote: On Sat, 21 Dec 2002, ___cliff rayman___ wrote: running samba 2.2.7 on linux as a PDC. client box is win XP PRO SP1. When shutting down windows i am getting an error message as follows (paraphrased since it lasts for 30 seconds and disappears no matter what you do *&*&#$#$ ): Problem saving profile Documents and Settings/Start Menu/Programs/ Accessoreis/Entertainment/Windows Media Player.lnk drives me nuts. In the latter case, nothing short of re-installation of the Win NT/2K/XP machines seems to solve the problem. ouch Another thing I found is that if the debug level is set to 0 when the client first negotiates roaming profile handling then no problems ensue, but if the debug level is set to 3 or more during first negotiation of yes - i have been running at log level 10 to flush out all the problems that i have been having. so, when i jointed the domain, i was at log level 10. roaming profile handling for a freshly installed Win2K/XP system, then about 2 out of 3 stations will experience a problem. That problem could be anything from: 1. Pop-up of notepad with the contents of what looks like a .ini file this occurs with one of the login names from that machine, but so far, not the others Secondly, embedding of '.' (dots) in a NetBIOS name is a very bad practice. If your Win2K clients use DNS for name resolution and your DNS domain is thecompany.com, then the above NetBIOS names would map to" mars.genwax.test.thecompany.com the fully qualified domain name of this server is "mars.genwax.test". i know that is kind of strange, but this is a test server, on a test network, so it has its own ip addresses, domain, and netbios names. i changed it to simply mars, and it did not change any of the system behavior. os level = 99 Why 99? An OS level of 33 is more than enough and setting it higher does not add anything. This is trivial so please ignore. My comment is just FYI. got it from page 6 of the "Unofficial Samba How-To". -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error Saving Certain Files in Profile from Win XP PRO
running samba 2.2.7 on linux as a PDC. client box is win XP PRO SP1. When shutting down windows i am getting an error message as follows (paraphrased since it lasts for 30 seconds and disappears no matter what you do *&*&#$#$ ): Problem saving profile Documents and Settings/Start Menu/Programs/ Accessoreis/Entertainment/Windows Media Player.lnk there are lots and lots of other files and settings that get saved without a problem. i have tried it several times, with some different settings, and it sometimes chokes on a different file, but never completes properly. here are some of the relevant settings from smb.conf: domain logons = yes domain master = yes logon drive = Z: logon script=logon.bat logon home = \\mars.genwax.test\netlogon logon path = \\mars.genwax.test\profiles\%U os level = 99 preferred master = yes security = user [profiles] path = /usr/local/samba/profiles profile acls = yes browseable = yes read only = no create mask = 0600 directory mask = 0700 i have tried it with and without profile acls, same result. profiles seem not to work at all without browseable = yes. i have checked and windows has created this directory and it has proper ownership and permissions for the user to write in it. there is also a Windows Media Player.lnk that is correctly written into the Programs directory i have level 10 logs, but they are too big to post here. does anyone know what the problem is, or give me some more hints on how to diagnose it? is anyone out there successfully running 2.2.7 as a PDC with windows XP PRO clients? is everything running smoothly for production, or should i downgrade to using the samba workgroup features only? thanks for the help!! -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
John H Terpstra wrote: On Wed, 11 Dec 2002, ___cliff rayman___ wrote: John H Terpstra wrote: On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. ok - i tried GENWAXTEST. didn't help. i also removed the netbios name and tried both at the same time. no luck. Are you using LDAP? If so, then you need to put all user and machine accounts into the LDAP database. nope - not using LDAP. thought about it, but i have little experience with it, and i did not want to move up on too many technology fronts at one time. the servers fully qualified name is MARS.GENWAX.TEST. test is like com or org or net. i use my own root names all the time for testing. Providing you are not using LDAP for Samba, use in smb.conf: workgroup = genwax netbios name = mars ok - is genwax.test not a good idea for some reason. are the dots restricted in win XP?? Also, first stop samba, the remove your secrets.tdb file. Also, remove the browse.dat (and if you have one, wins.dat), then restart samba, wait at least 5 minutes before you try to get your MS Windows client to join the domain. Also, I strongly recommend that you run Samba as your WINS server and set in the MS Windows Client TCP/IP config, the IP address of your samba server for the WINS primary _and_ secondary addresses. To enable WINS serving in samba in smb.conf [globals]: wins support = yes i think this was the key. as soon as i added this and modified the windows XP machine to point to it, the error message disappeared. Also, restart the MS Windows machine, and when you log on as the local administrator, do NOT try to browse the network before you join the domain. Additionally, I presume you already have a root account in your smbpasswd file. You will need to use the 'Administrator' account to join the domain, and give it the password you entered when you added 'root' to smbpasswd. Let's see how that goes. very well. thank you very much for the help. and thanks to everyone else who assisted on this project. i think the key was the wins server, although i followed serveral suggestions at the same time, i had tried them at various points previously. i believe giving the XP PRO box a wins server to look at, stopped it from trying to search for the info it needed. - John T. i'm leaving the rest of this post so that others who have the same trouble will find it and the solution in a single post. thanks again!! here are some excerps from the ms help files: snip - Error: This computer could not locate a domain controller for the Active Directory domain displayed in the error message because the Domain Name System (DNS) servers used by this computer for name resolution failed to look up the service (SRV) resource record. Cause: The DNS SRV resource record is not registered in DNS. snip - then: Active Directory uses Domain Name System (DNS) to locate domain controllers, enabling computers joining the network to obtain a domain controller, and then begin the process of network authentication. Computers joining an Active Directory domain must satisfy the following three DNS requirements: The computer must be configured with the IP address of a preferred DNS server. (OK - and DNS works fine) The _ldap._tcp.dc._msdcs.DNSDomainName service (SRV) resource record must exist in DNS. (NOPE-don't have this) snip then: set type=srv _ldap._tcp.dc._msdcs.example.microsoft.com Server: dc1.example.microsoft.com Address: 10.0.0.14 _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc1.example.microsoft.com _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc2.example.microsoft.com snip port 389 in my /etc/services file is ldap. i am not sure what is causing it to want to do ldap on my computer and not on anyone else's. the server is mars.genwax.test. the win XP pro SP1 client that i am trying to join to the domain is hpvec2.genwax.test. when i try to join it to the domain by either using the wizard or the change button, this is the only interaction with the server that i see via tcpdump: 22:38:00.439236 hpvec2.genwax.test.1064 > mars.genwax.test.domain: 16+ SRV ? _ldap._tcp.dc._msdcs.GENWAX.TEST. (50) 22:38:00.439664 mars.genwax.test.domain > hpvec2.genwax.test.1064: 16 NXDomain*- 0/1/0 (101) (DF) i need to ge
Re: [Samba] samba PDC problems
thanks for the try sean, but that did not work either. Sean Roulet wrote: I found that opening it in a text editor and moving the Win2K computername entry that couldn't join up to below the root user. (include all unix and windows hash.) -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
hi bradley,
first off - thanks for the help.
Bradley W. Langhorst wrote:
I'm saying that your samba server may be correctly configured...
however in order to switch a computer from workgroup to domain mode
you first need to leave the GENWAX.TEST workgroup
join the "ICANTTHINKOFANAME" workgroup
then join the GENWAX.TEST domain...
ok - did that. joined workgroup WORKGROUP.
rebooted (what else).
then attempted to change to domain GENWAX.TEST.
i received the same error message as previously.
it's a windows problem.
that's an understatement.
brad
On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote:
Bradley W. Langhorst wrote:
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
if i use the workgroup setting of GENWAX.TEST, then i can browse
the server, read and write files, and it seems to be working
fine. if i try to change to a domain setting of GENWAX.TEST, then
it fails with the DNS and SRV record message same as above but
with GENWAX.TEST in place of mydomain.
you can't have the workgroup and the domain with the same name...
ok - but samba is setup as a primary domain controller.
there are NO other servers on the network, so there is
not a workgroup and a domain. i assume that all windows
95/98/me and XP home clients are going to see the domain as
a workgroup, and that XP Pro/NT clients will see it as a
domain and logon accordingly. this is a test server. only
it, and two pc's are currently hooked to the network for
testing purposes. one pc has XP home, and calls GENWAX.TEST
a workgroup, and the other has XP pro. when i tell it to
connect to the GENWAX.TEST workgroup, it works fine, when
i tell it to connect as a domain, it fails with the DNS/SRV
message.
here is a relative snipped from my smb.conf file:
snip
[global]
# samba build string
# ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient && make
# server name and group stuff
workgroup = genwax.test
netbios name = filesnew
server string = files server TESTING ONLY
interfaces = 10.222.222.0/24 127.0.0.1/32
bind interfaces only = yes
# passwords and domain logions
encrypt passwords = yes
unix password sync = true
pam password change = true
passwd chat = *password* %n\n*passwd* %n\n*successful*
domain logons = yes
domain master = yes
logon drive = Z:
logon home = \\%L\%u
logon path = \\%L\profile\%u
logon script=logon.bat
os level = 99
preferred master = yes
security = user
path = /home/%s/samba
# logging directives
log file = /usr/local/samba/var/logs/%m
log level = 3
# file and directory masks
create mask = 0660
directory mask = 0770
#restrictions
dont descend = /proc,/dev,/etc
hosts allow = 10.222.222. 127.0
hide unreadable = yes
max smbd processes = 100
min print space = 1
# do not allow files with CLSID extensions to be open
veto files = /*.{*}/
# case sensitivity stuff
mangle case = no
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
snip
here is a snip from the relevant named file on the same server:
snip
venus IN A 10.222.222.2
marsIN A 10.222.222.3
filesnewIN A 10.222.222.3
hpvec1 IN A 10.222.222.167
hpvec2 IN A 10.222.222.168
snip
hpvec1 and hpvec2 are XP home and XP pro clients respectively
venus is not running samba currently
any help would be appreciated.
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote:
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
if i use the workgroup setting of GENWAX.TEST, then i can browse
the server, read and write files, and it seems to be working
fine. if i try to change to a domain setting of GENWAX.TEST, then
it fails with the DNS and SRV record message same as above but
with GENWAX.TEST in place of mydomain.
you can't have the workgroup and the domain with the same name...
ok - but samba is setup as a primary domain controller.
there are NO other servers on the network, so there is
not a workgroup and a domain. i assume that all windows
95/98/me and XP home clients are going to see the domain as
a workgroup, and that XP Pro/NT clients will see it as a
domain and logon accordingly. this is a test server. only
it, and two pc's are currently hooked to the network for
testing purposes. one pc has XP home, and calls GENWAX.TEST
a workgroup, and the other has XP pro. when i tell it to
connect to the GENWAX.TEST workgroup, it works fine, when
i tell it to connect as a domain, it fails with the DNS/SRV
message.
here is a relative snipped from my smb.conf file:
snip
[global]
# samba build string
# ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient && make
# server name and group stuff
workgroup = genwax.test
netbios name = filesnew
server string = files server TESTING ONLY
interfaces = 10.222.222.0/24 127.0.0.1/32
bind interfaces only = yes
# passwords and domain logions
encrypt passwords = yes
unix password sync = true
pam password change = true
passwd chat = *password* %n\n*passwd* %n\n*successful*
domain logons = yes
domain master = yes
logon drive = Z:
logon home = \\%L\%u
logon path = \\%L\profile\%u
logon script=logon.bat
os level = 99
preferred master = yes
security = user
path = /home/%s/samba
# logging directives
log file = /usr/local/samba/var/logs/%m
log level = 3
# file and directory masks
create mask = 0660
directory mask = 0770
#restrictions
dont descend = /proc,/dev,/etc
hosts allow = 10.222.222. 127.0
hide unreadable = yes
max smbd processes = 100
min print space = 1
# do not allow files with CLSID extensions to be open
veto files = /*.{*}/
# case sensitivity stuff
mangle case = no
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
snip
here is a snip from the relevant named file on the same server:
snip
venus IN A 10.222.222.2
marsIN A 10.222.222.3
filesnewIN A 10.222.222.3
hpvec1 IN A 10.222.222.167
hpvec2 IN A 10.222.222.168
snip
hpvec1 and hpvec2 are XP home and XP pro clients respectively
venus is not running samba currently
any help would be appreciated.
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 17:51, ___cliff rayman___ wrote: hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message "a \ domain controller for the domain mydomain can not be located" when i choose details it says The error was: "DNS request not supported by name server." (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain out without a solution. Please help! I've not seen this problem before... can you browse to the server using it's hostname (not ip address)? on the XP box: Control Panel -> System -> Computer Name -> Change... if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message "a \ domain controller for the domain mydomain can not be located" when i choose details it says The error was: "DNS request not supported by name server." (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH 7.3 \ linux machine with IP 192.168.1.5. Connections are working because both machines \ succuessfully ping each other. I ran testparm with no errors and have verified the samba server is running properly \ with "smbclient //mymachine/user -U user -W mydomain" I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the "Domain \ member: Digitally encrypt or sign secure channel data (always)" option in the local \ security. I have triple checked the tutorial guide with my config file, and have manually \ created the required accounts What could be the problem? I have seen other people on this list with the same \ problem, but the threads seem to die out without a solution. Please help! -Tim -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
