[Samba] Linux as PDC
Hi, I am trying to configure Samba as a primary domain controller so that our local school can have roaming logins. I am using Ubuntu server 6.06.1 on i386. So far I can get everything working as a workgroup but I can't get my windows clients to join the domain. I have read and followed several HOWTO's but I keep hitting the same problems. Are there any documents which explain what a PDC is and how I can tell why my windows clients wont join my domain. Thanks Rob W -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
Rob, Post your smb.conf file, remove identifying information or substitute it for something else, such as IP Address ranges and Server/Workgroup names. You may also wish to cut out any information about the shares as well. Beyond that, with these workstations you are attempting to join to the domain, are they already in a workgroup using the same name as the domain? Also, do they have any mounted drives on the server you are setting up as the Samba PDC? Both of those will cause a failure for Samba to allow the creation of computer accounts and Domain joining. If the computers are not part of DomainX and are part of WorkGroupY, but you have a share from the PDC of DomainX mounted, type the following in the Windows command line... net use * /D (Yes, with a capital D) This will disconnect all connections to the server and will allow you to join the workstation to the domain, just fine. -- Regards, Robert Adkins IT Manager/Buyer Impel Industries, Inc. Rob Watkin wrote: Hi, I am trying to configure Samba as a primary domain controller so that our local school can have roaming logins. I am using Ubuntu server 6.06.1 on i386. So far I can get everything working as a workgroup but I can't get my windows clients to join the domain. I have read and followed several HOWTO's but I keep hitting the same problems. Are there any documents which explain what a PDC is and how I can tell why my windows clients wont join my domain. Thanks Rob W -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
Hi Robert I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then Windows says Computer Name Changes The following error occurred attempting to join the domain BC: The user name could not be found. OK log.smbd === [2006/09/01 14:39:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0 useradd: unable to lock password file [2006/09/01 14:39:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user (2415) _samr_create_user: Running the command `/usr/sbin/useradd - s /bin/false/ -d /var/lib/nobody vm-201$' gave 1 smb.conf [global] workgroup = BC netbios name = TAU server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes os level = 35 domain master = yes preferred master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: logon home = \\%L\%U ### logon script = scripts/logon.bat logon script = scripts\logon.bat logon path = \\%L\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ - d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home Directories valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printer admin = root, rob create mask = 0600 printable = yes guest ok = yes browsable = no [print$] comment = Printer Drivers Share path = /var/lib/samba/drivers write list = rob, root printer admin = rob, root [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = root, rob guest ok = yes browseable = no ### admin users = Administrator ### valid users = %U ### read only = no [profile] comment = Roaming profile share path = /home/samba/profiles read only = no profile acls = yes ### valid users = %U ### create mode = 0600 ### directory mode = 0700 ### writable = yes ### browsable = no [allusers] comment = All Users path = /home/shares/allusers valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes On Fri, 2006-09-01 at 09:25 -0400, Robert Adkins wrote: Rob, Post your smb.conf file, remove identifying information or substitute it for something else, such as IP Address ranges and Server/Workgroup names. You may also wish to cut out any information about the shares as well. Beyond that, with these workstations you are attempting to join to the domain, are they already in a workgroup using the same name as the domain? Also, do they have any mounted drives on the server you are setting up as the Samba PDC? Both of those will cause a failure for Samba to allow the creation of computer accounts and Domain joining. If the computers are not part of DomainX and are part of WorkGroupY, but you have a share from the PDC of DomainX mounted, type the following in the Windows command line... net use * /D (Yes, with a capital D) This will disconnect all connections to the server and will allow you to join the workstation to the domain, just fine. -- Regards, Robert Adkins IT Manager/Buyer Impel Industries, Inc. Rob Watkin wrote: Hi, I am trying to configure Samba as a primary domain controller so that our local school can have roaming logins. I am using Ubuntu server 6.06.1 on i386. So far I can get everything working as a workgroup but I can't get my windows clients to join the domain. I have read and followed several
Re: [Samba] Linux as PDC
Rob, Take your workstation and set it to the workgroup of 'testgroup' (Or whatever else you wish to name it), reboot the machine, then try and get it to join your BC Domain. I am not sure of the reasons, but either Windows or Samba dislikes trying to join a domain if it is already part of a workgroup with the same name as the domain. Also, if you have ANY mounted drives on the workstation that you are joining to the Domain Controller, you need to unmount those first. This is done thruogh the command I provided earlier and will provide again here: Open up the Windows command prompt. net use * /D (with a capital D) To summarize: 1. Remove the workstation from the workgroup that matches the domain of the PDC. Reboot the workstation. 2. Umount any mounted shares or connections to the server using the net use /D command. (If you have mounted shares remount at every login.) 3. Join the Domain of the PDC. That should take care of your issue. -- Regards, Robert Adkins IT Manager/Buyer Impel Industries, Inc. Rob Watkin wrote: Hi Robert I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then Windows says Computer Name Changes The following error occurred attempting to join the domain BC: The user name could not be found. OK log.smbd === [2006/09/01 14:39:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0 useradd: unable to lock password file [2006/09/01 14:39:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user (2415) _samr_create_user: Running the command `/usr/sbin/useradd - s /bin/false/ -d /var/lib/nobody vm-201$' gave 1 smb.conf [global] workgroup = BC netbios name = TAU server string = %h server (Samba, Ubuntu) passdb backend = tdbsam security = user username map = /etc/samba/smbusers name resolve order = wins bcast hosts domain logons = yes os level = 35 domain master = yes preferred master = yes wins support = yes # Set CUPS for printing printcap name = CUPS printing = CUPS # Default logon logon drive = H: logon home = \\%L\%U ### logon script = scripts/logon.bat logon script = scripts\logon.bat logon path = \\%L\profile\%U # Useradd scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false/ - d /var/lib/nobody %u idmap uid = 15000-2 idmap gid = 15000-2 # sync smb passwords woth linux passwords passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX \spassword:* %n\n . passwd chat debug = yes unix password sync = yes # set the loglevel log level = 3 [homes] comment = Home Directories valid users = %S read only = no browsable = no [printers] comment = All Printers path = /var/spool/samba printer admin = root, rob create mask = 0600 printable = yes guest ok = yes browsable = no [print$] comment = Printer Drivers Share path = /var/lib/samba/drivers write list = rob, root printer admin = rob, root [netlogon] comment = Network Logon Service path = /home/samba/netlogon admin users = root, rob guest ok = yes browseable = no ### admin users = Administrator ### valid users = %U ### read only = no [profile] comment = Roaming profile share path = /home/samba/profiles read only = no profile acls = yes ### valid users = %U ### create mode = 0600 ### directory mode = 0700 ### writable = yes ### browsable = no [allusers] comment = All Users path = /home/shares/allusers valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes On Fri, 2006-09-01 at 09:25 -0400, Robert Adkins wrote: Rob, Post your smb.conf file, remove identifying information or substitute it for something else, such as IP Address ranges and Server/Workgroup names. You may also wish to cut out any information about the shares as well. Beyond that, with these workstations
Re: [Samba] Linux as PDC
On Fri, 1 Sep 2006, Rob Watkin wrote: I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then I have to admit that I myself don't understand the exact requirements on what type of account is required here, but it must be some sort of administrator account, not a regular user account, that you use to join to the domain. So you need to use root, or possibly some other privileged account, but I know root works. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
Logan Shaw wrote: On Fri, 1 Sep 2006, Rob Watkin wrote: I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then I have to admit that I myself don't understand the exact requirements on what type of account is required here, but it must be some sort of administrator account, not a regular user account, that you use to join to the domain. So you need to use root, or possibly some other privileged account, but I know root works. - Logan root is needed, I believe, in order for Samba to create the Machine Account automatically. I believe that you need to create a Samba account for root, if you are using the Linux passwd/groups and the smbpasswd files for authentication purposes. Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
Rob Watkin wrote: Hi Robert I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then Windows says Computer Name Changes The following error occurred attempting to join the domain BC: The user name could not be found. OK log.smbd === [2006/09/01 14:39:42, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 100) - sec_ctx_stack_ndx = 0 useradd: unable to lock password file [2006/09/01 14:39:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user (2415) _samr_create_user: Running the command `/usr/sbin/useradd - s /bin/false/ -d /var/lib/nobody vm-201$' gave 1 It seems that the machine could not be created when trying to join the domain. Did you try to create the machine account manually? I mean, typing directly in the shell the corresponding commands. Good luck. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux as PDC
On Fri, 2006-09-01 at 11:52 -0400, Robert Adkins wrote: Logan Shaw wrote: On Fri, 1 Sep 2006, Rob Watkin wrote: I will post the latest version smb.conf file below. I have followed the instructions in http://us4.samba.org/samba/docs/man/Samba-HOWTO- Collection/FastStart.html section Domain Controller for the most part. I have one server (TAU) and one Windows XP client (vm-201). I can get vm-201 to join my BC workgroup but not the domain. I am rebooting the XP machine and restarting samba on TAU between experiments. I have just noticed the following error in the log file which I think is at the bottom of all this! When I try to get the XP box to join the BC domain it asks for a username and password, I give tom ** and then I have to admit that I myself don't understand the exact requirements on what type of account is required here, but it must be some sort of administrator account, not a regular user account, that you use to join to the domain. So you need to use root, or possibly some other privileged account, but I know root works. - Logan root is needed, I believe, in order for Samba to create the Machine Account automatically. I believe that you need to create a Samba account for root, if you are using the Linux passwd/groups and the smbpasswd files for authentication purposes. Thanks that did it. I gave root as the username when joining the domain. Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
