[Samba] More Samba PDC problems
So I back up my settings for user1, by stopping smb and nmb on the server (I have to do this, rather than disconnect it, as it is also the DHCP server). I was able to get in with the local cached settings and back them up. I then logged out, started smb and nmb and logged in again. I got warned that there were no settings and local settings were being used. I then logged out, and saw the settings saved on the server in the .../profiles/user1/ directory. I go to log in again and get an error: Windows cannot connect to the domain, either becuase the domain controller is down or otherwise unavailable ... or because your computer account was not found smb and nmb are running. I try restarting them, no difference. I had created the computer account with the script: add machine script = /usr/sbin/useradd -d /dev/null -g 99 -s /bin/false -M %u where %u is the computer name followed by a $ (this is how the other computer was set up). I don't see the computer account as the problem, I did get in the first time. So I look at the permissions for .../profiles/user1 and see they are root:users, I change this down the tree to user1:users and no difference. I mv .../profiles/user1 to user1old and try again, no difference. Why might I be getting this error? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Solved - Re: More Samba PDC problems
On 02/15/2011 09:24 AM, Robert Moskowitz wrote: So I back up my settings for user1, by stopping smb and nmb on the server (I have to do this, rather than disconnect it, as it is also the DHCP server). I was able to get in with the local cached settings and back them up. I then logged out, started smb and nmb and logged in again. I got warned that there were no settings and local settings were being used. I then logged out, and saw the settings saved on the server in the .../profiles/user1/ directory. I go to log in again and get an error: Windows cannot connect to the domain, either becuase the domain controller is down or otherwise unavailable ... or because your computer account was not found smb and nmb are running. I try restarting them, no difference. I had created the computer account with the script: add machine script = /usr/sbin/useradd -d /dev/null -g 99 -s /bin/false -M %u where %u is the computer name followed by a $ (this is how the other computer was set up). I don't see the computer account as the problem, I did get in the first time. It seems this was the problem. Running the script is NOT the same as what happens when the computer is connected to the domain. I bet there is a password in there somewhere... I deleted the computer account and went through the steps, logged in locally as Administrator to move the system to a workgroup then back to the domain. I only have a few systems, but this would be an APPSOLUTE PAIN with a number of systems. Now I have to find out how to back up the /etc/passwd shadow file so if I loose the computer again, I can 'easily' rebuild things. So I look at the permissions for .../profiles/user1 and see they are root:users, I change this down the tree to user1:users and no difference. I mv .../profiles/user1 to user1old and try again, no difference. Why might I be getting this error? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC problems
I have a Samba PDC, running on Centos 4. The samba version is 3.0.23d.30. I have an LDAP backend. Everything seems to be running fine. I recently configured a BDC, to help with load balancing and to act as a backup in the event the PDC went down. Before I installed the PDC, when a new user logged into the domain, their home directory on the PDC was automatically mapped to the drive letter U. Now that the BDC is running, when a new user logs into the domain, their home directory is automatically mapped to U, but it points to their home directory on the BDC and not the PDC. This created a problem at first because there were no home directories on the BDC. I mounted all home directories from the PDC to the BDC and it works fine, but why is the BDC the default home when a user logs in? Also, when a new user logs in, their login script is being pulled from the netlogon share on the BDC and not the PDC, so I had to make a copy of the netlogon directory from the PDC to the BDC. I'm assuming that I have something configured incorrectly. I have included the samba conf files from both PDC and BDC. PDC Samba Conf: [global] unix charset = LOCALE workgroup = mydomain netbios name = PDC server string = Domain Controller running %v interfaces = eth1, lo bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://127.0.0.1 ldap://BDC; ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1/ idmap uid = 1-2 idmap gid = 1-2 map acl inherit = yes add user script = /etc/smbldap-tools/smbldap-useradd -m %u #delete user script = /etc/smbldap-tools/smbldap-userdel %u add machine script = /etc/smbldap-tools/smbldap-useradd -w %u add group script = /etc/smbldap-tools/smbldap-groupadd -p %g #delete group script = /etc/smbldap-tools/smbldap-groupdel %g add user to group script = /etc/smbldap-tools/smbldap-groupmod -m %u %g delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x %u %g set primary group script = /etc/smbldap-tools/smbldap-usermod -g %g %u domain logons = yes log file = /var/log/samba/log.%m log level = 1 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = no BDC Samba Conf. [global] unix charset = LOCALE workgroup = mydomain server string = Backup Domain Controller security = domain username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts wins server = 172.16.24.7 ldap suffix = dc=mydomain,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=com idmap backend = ldap:ldap://PDC idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes password server = 172.16.24.7 template shell = /bin/false domain master = no local master = no os level = 0 preferred master = no winbind use default domain = no veto oplock files = /*.mbd/ large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = -- *Jason Baker */IT Coordinator/ *Glastender Inc.* 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752. www.glastender.com http://www.glastender.com -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++L !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ --END GEEK CODE BLOCK-- -- To
Re: [Samba] Samba PDC problems
El mié, 09-11-2005 a las 16:37 +0100, Dariusz Dwornikowski escribió: Hi, this is my first post here. Ive got working PDC on Samba 3.0.20 without ldap. Users can log into domain. 1. The problem is that they cannot browse each. other's shares. (ex. user A cannot browse user B shares ) They all can see shares on PDC and print on a printer. 2. log.nmbd shows all the time [2005/11/09 15:26:45, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.10: COGNIFIDE(1) current master browser = UNKNOWN BOSS 40099b0b (Samba Gentoo Server 3.0.20b) this is weird, as BOSS should be master browser. 3. log.smbd shows all the time - getpeername failed. Error was Transport endpoint is not connected [2005/11/09 15:41:16, 0] lib/util_sock.c:get_peer_addr(1222) Only two users can browse each other's shares. this is weird, as they have identical systems. I include my smb.conf Please help me May be you're having a problem with how your server is resolving names. Can you be more specific on what type of name resolution are you using and send again the smb.conf file to me? Sorry but something seems to be wrong with your mail and my evolution mail client, I can't locate the smb.file in your previous post in any way Regards __ Renovamos el Correo Yahoo! Nuevos servicios, m�s seguridad http://correo.yahoo.es -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC problems
Hi, this is my first post here. Ive got working PDC on Samba 3.0.20 without ldap. Users can log into domain. 1. The problem is that they cannot browse each. other's shares. (ex. user A cannot browse user B shares ) They all can see shares on PDC and print on a printer. 2. log.nmbd shows all the time [2005/11/09 15:26:45, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(284) dump_workgroups() dump workgroup on subnet UNICAST_SUBNET: netmask= 192.168.0.10: COGNIFIDE(1) current master browser = UNKNOWN BOSS 40099b0b (Samba Gentoo Server 3.0.20b) this is weird, as BOSS should be master browser. 3. log.smbd shows all the time - getpeername failed. Error was Transport endpoint is not connected [2005/11/09 15:41:16, 0] lib/util_sock.c:get_peer_addr(1222) Only two users can browse each other's shares. this is weird, as they have identical systems. I include my smb.conf Please help me -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Problems(winbind, joining domain, net groupmap, etc), FreeBSD 5.3, LDAP
Goal: Have Samba operate as a PDC using LDAP as its passwd backend. Be able to have W2K servers as member servers. Note: I have not posted any .conf files, because I not sure what files would be relavent in seeing. Since somethings are working and somethings are not. Software list: Samba 3.0.12 nss_ldap-1.204_5 openldap-client-2.2.19 openldap-server-2.2.23 p5-perl-ldap-0.32.02 pam_ldap-1.7.6 smbldap-tools-0.8.8 What works: Openldap seems to be working fine, and I can use SSH IMAP with LDAP user credentials. ldapsearch work with starttls. smbldap scripts from idealx seem to work(also with starttls). smbldap-populate worked fine. as well as smbldap-useradd. If I browse network neigborhood with a w2k client I can authenticate to a users home share that is in LDAP. What doesn't work: wbinfo -g shows: BUILTIN^administrators BUILTIN^account operators BUILTIN^print operators BUILTIN^backup operators BUILTIN^replicators I would have expected it to show the domain name instead of BUILTIN, which makes me think the ldap lookup is failing wbinfo -u shows: Error looking up domain users Also when I try to join a W2K Pro worksation to the domain using the root account/password it fails with the username cannot be found error message. But the add machine script partially works. smbldap-useradd -w adds the posix attributes to the ldap directory but the samba attributes are missing. I have workstations being added to the ou=computer section in ldap, and I have my ldap.conf and nss_ldap.con set to point to a level above ou=Users and ou=computers for the passwd side of things so that they should be properly found when descending the ldap tree. trying to add or modify group mappings with net groupmap add or net groupmap modify fails. Since getent isn't implemented in FreeBSD, I am using pw group show -a and pw user show -a This enumerates local files but nothing from LDAP. One thing I have noticed about the idealx smbldap scripts is that they will write a partial record to ldap even if part of the script fails. Also, I thought I read at one point that the nsswitch implementation in FreeBSD is missing some components so user and groups still need to be in local /etc/group /etc/passwd files. Can anyone confirm the status of this? I think I am a little unsure of how to handle both unix and nt groups in an ldap implementation. If anyone has any ideas on where to begin trouble shooting this, I would appreciate it. Thank You, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Tried it again with more debuging: [EMAIL PROTECTED] root]# pdbedit -a -u root -d 10 INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter netbios name = SAMBA handle_netbios_name: set global_myname to: SAMBA doing parameter workgroup = X3D doing parameter passdb backend = tdbsam:/etc/samba/secrets.tdb doing parameter add user script = /usr/sbin/useradd -m %u doing parameter delete user script = /usr/sbin/userdel =r %u doing parameter add group script = /usr/sbin/groupadd %g doing parameter delete group script = /usr/sbin/groupdel %g doing parameter add user to group script = /usr/sbin/usermod -G %g %u doing parameter add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u doing parameter os level = 33 doing parameter preferred master = yes doing parameter domain master = yes doing parameter local master = yes doing parameter security = user doing parameter domain logons = yes doing parameter logon path = \\%N\profiles\%u doing parameter logon drive = H: doing parameter logon script = logon.bat doing parameter wins support = yes doing parameter syslog = 5 pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_PDC Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Trying to load: tdbsam:/etc/samba/secrets.tdb Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match tdbsam:/etc/samba/secrets.tdb (tdbsam) Found pdb backend tdbsam pdb backend tdbsam:/etc/samba/secrets.tdb has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]=SAMBA Trying to load: tdbsam:/etc/samba/secrets.tdb Attempting to find an passdb backend to match tdbsam:/etc/samba/secrets.tdb (tdbsam) Found pdb backend tdbsam pdb backend tdbsam:/etc/samba/secrets.tdb has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! pdb_set_username: setting username root, was element 12 - now SET pdb_set_full_name: setting full name root, was element 13 - now SET pdb_set_unix_homedir: setting home dir /root, was NULL element 22 - now SET pdb_set_domain: setting domain X3D, was pdb_set_user_sid: setting user sid S-1-5-21-2351621536-730267382-1598341932-1000 element 18 - now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-2351621536-730267382-1598341932-1000 from rid 1000 pdb_set_group_sid: setting group sid S-1-5-21-2351621536-730267382-1598341932-1001 element 19 - now SET pdb_set_group_sid_from_rid: setting group sid S-1-5-21-2351621536-730267382-1598341932-1001 from rid 1001 Home server: samba pdb_set_profile_path: setting profile path \\samba\profiles\root, was Home server: samba pdb_set_homedir: setting home dir \\samba\root, was pdb_set_dir_drive: setting dir drive
Re: [Samba] samba PDC problems
Tried that and that didn't work either, here's the output: [EMAIL PROTECTED] root]# smbpasswd -a root New SMB password: Retype new SMB password: Unable to open/create TDB passwd pdb_getsampwnam: Unable to open TDB passwd (/etc/samba/secrets.tdb)! Unable to open/create TDB passwd tdb_update_sam: Unable to open TDB passwd (/etc/samba/secrets.tdb)! Failed to add entry for user root. Failed to modify password entry for user root [EMAIL PROTECTED] root]# cat /etc/samba/s secrets.tdb smb.conf smb.conf.rpmnew smbusers [EMAIL PROTECTED] root]# cat /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest I'm thinking it may be a permissions problem. Samba is running as root(this is RH Enterprise ES 3). Here what the /etc/samba dir looks like: [EMAIL PROTECTED] root]# ls -la /etc/samba/ total 40 drwxr-xr-x2 root root 4096 Aug 4 17:06 . drwxr-xr-x 61 root root 4096 Aug 4 17:45 .. -rw-r--r--1 root root 20 Jul 20 09:43 lmhosts -rw-rw-rw-1 root root 8192 Aug 4 17:06 secrets.tdb -rw-r--r--1 root root 843 Aug 4 17:05 smb.conf -rw-r--r--1 root root10704 Jul 20 09:43 smb.conf.rpmnew -rw-r--r--1 root root 97 Jul 20 09:43 smbusers --- Craig White [EMAIL PROTECTED] wrote: --- looks good - how about some of these... smbpasswd -a root smbpasswd root cat /etc/samba/smbusers smbpasswd -w (root_passwd) Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC problems
I'm trying to set up a samba PDC. I've been following the directions in The Official Samab-3 book. I still don't understand how to add users! I'm using tdbsam and I set up all the add user scripts and what not in the smb.conf. pdbedit won't let me do anything unless I add the user with adduser(what's the point of the scripts?) and even when I add the user by hand I get this error message. [EMAIL PROTECTED] samba]# pdbedit -a -u test new password: retype new password: Unable to open/create TDB passwd tdb_update_sam: Unable to open TDB passwd (/etc/samba/secrets.tdb)! Unable to add user! (does it already exist?) I'm sure I just understand the process and none of the docs seem to explain it clearly. Any help you can give would be appreciated. Anyway here's my smb.conf: [global] netbios name = SAMBA workgroup = WORKGROUP passdb backend = tdbsam:/etc/samba/secrets.tdb # Scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel =r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u os level = 33 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%u logon drive = H: logon script = logon.bat [netlogon] path = /var/lib/samba/netlogon read only = yes write list = ntadmin [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 __ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2004-08-04 at 17:43, David 3oz Sonenberg wrote: I'm trying to set up a samba PDC. I've been following the directions in The Official Samab-3 book. I still don't understand how to add users! I'm using tdbsam and I set up all the add user scripts and what not in the smb.conf. pdbedit won't let me do anything unless I add the user with adduser(what's the point of the scripts?) and even when I add the user by hand I get this error message. [EMAIL PROTECTED] samba]# pdbedit -a -u test new password: retype new password: Unable to open/create TDB passwd tdb_update_sam: Unable to open TDB passwd (/etc/samba/secrets.tdb)! Unable to add user! (does it already exist?) I'm sure I just understand the process and none of the docs seem to explain it clearly. Any help you can give would be appreciated. Anyway here's my smb.conf: [global] netbios name = SAMBA workgroup = WORKGROUP passdb backend = tdbsam:/etc/samba/secrets.tdb # Scripts add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel =r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u os level = 33 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%u logon drive = H: logon script = logon.bat --- looks good - how about some of these... smbpasswd -a root smbpasswd root cat /etc/samba/smbusers smbpasswd -w (root_passwd) Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
I'll try that tomorrow. Will pdbedit not work, or do I just have to use smbpasswd to get things setup? --- Craig White [EMAIL PROTECTED] wrote: looks good - how about some of these... smbpasswd -a root smbpasswd root cat /etc/samba/smbusers smbpasswd -w (root_passwd) Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Problems
Hi list, I am running Samba 2.2.7 on a 2.4 Linux, I have 3 clients, each win2kSP3. There a a few users, but with just 2 of them I can log in. If I try to connect(from win, smbclient runs perfectly) to the server using one of the other, I get the message the domain is not available, and my log.int01 (where int01 is my workstation) says int01 - no account in domain. hmm. I know all these problems, machine accounts, registy-hacks, but, as you see - the server knows the workstation with some user accounts, while others are blocked. If I enter a wrong user name I get cannot log on to domain. Any suggestions? Thanks a lot, jan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2k Print Server and Samba PDC problems
I recently migrated from an NT4 domain to a Samba domain. Logins work fine and authentication to the Windows 2000 Print Server works when you connect via UNC name, but I can't install a printer from the win2k print server to use on my profile. I'm getting the error: You do not have sufficient access to your machine to connect to the selected printer Newly created accounts or existing account with deleted and recreated profiles don't have a problem installing the printers. Somewhere in the existing/migrated profiles (with the exception of Domain Admins) sits the problem. I can't pinpoint it yet though. Changing UNIX permissions on the profiles seems to have no effect. Any suggestions? Thanks, Marc -- -=-=-=-=-=-=-=-=-=-=-=- Marc Seery WVU LCSEE Systems Admin Operations Manager [EMAIL PROTECTED] 304.293.0405 x 2505 -=-=-=-=-=-=-=-=-=-=-=- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] BIG samba PDC problems
I have Samba 2.2.7a PDC and BDC, using NIS+, on Solaris 8. After some time clients are no longer allowed to connect (Connection denied from...) and if I try smbpasswd -S (both on BDC and PDC) I get: attempt_netbios_session_request: SYRIUS rejected the session for name *SMBSERVER with error Not listening for calling name fetch_domain_sid: machine SYRIUS rejected the NetBIOS session request. Failed to get domain SID for DOMAIN (SYRIUS is the PDC) The time till this happens varies from a couple of day to maybe some minutes. I shut down the BDC and PDC and the restart the PDC. Sometimes it starts ok, but sometimes it doesn't and I get the same message when I run smbpasswd -S The system run before without any problems with samba 2.2.2a on PDC and 2.2.5 on BDC. This started only after I upgraded the PDC from 2.2.2a to 2.2.7. I upgraded the BDC first and there was no problem. Thanx in advance for any suggestions/solutions Mihai Barbos -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: however in order to switch a computer from workgroup to domain mode you first need to leave the GENWAX.TEST workgroup join the ICANTTHINKOFANAME workgroup then join the GENWAX.TEST domain... I agree! I noticed this when migrating my W2K Server domain to Samba domain. On clients I had to 1) switch clients from DOMAIN to workgroup TEMPO, reboot 2) power off W2K Server 3) power on Samba PDC 4) Erase *all* profiles in C:\Document and Settings\ (excep Administrator and Default ) 5) switch clients from TEMPO to DOMAIN, reboot I think it is a Windows problem too. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Thu, 2002-12-12 at 01:35, ___cliff rayman___ wrote: snip - Error: This computer could not locate a domain controller for the Active Directory domain displayed in the error message because the Domain Name System (DNS) servers used by this computer for name resolution failed to look up the service (SRV) resource record. Cause: The DNS SRV resource record is not registered in DNS. port 389 in my /etc/services file is ldap. i am not sure what is causing it to want to do ldap on my computer and not on anyone else's. AD uses ldap for its account db... Was this ever a part of an active directory domain? For some reason it seems like the XP thinks that the domain is an active directory domain... I think that srv record that it refers to is something special that ms does to dns. Is there an active directory domain somewhere else on the network? i need to get this solved, so let me know if there is anything else i can provide that will help. just keep working on it - we'll get it straightened out eventually. brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
John H Terpstra wrote: On Wed, 11 Dec 2002, ___cliff rayman___ wrote: John H Terpstra wrote: On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. ok - i tried GENWAXTEST. didn't help. i also removed the netbios name and tried both at the same time. no luck. Are you using LDAP? If so, then you need to put all user and machine accounts into the LDAP database. nope - not using LDAP. thought about it, but i have little experience with it, and i did not want to move up on too many technology fronts at one time. the servers fully qualified name is MARS.GENWAX.TEST. test is like com or org or net. i use my own root names all the time for testing. Providing you are not using LDAP for Samba, use in smb.conf: workgroup = genwax netbios name = mars ok - is genwax.test not a good idea for some reason. are the dots restricted in win XP?? Also, first stop samba, the remove your secrets.tdb file. Also, remove the browse.dat (and if you have one, wins.dat), then restart samba, wait at least 5 minutes before you try to get your MS Windows client to join the domain. Also, I strongly recommend that you run Samba as your WINS server and set in the MS Windows Client TCP/IP config, the IP address of your samba server for the WINS primary _and_ secondary addresses. To enable WINS serving in samba in smb.conf [globals]: wins support = yes i think this was the key. as soon as i added this and modified the windows XP machine to point to it, the error message disappeared. Also, restart the MS Windows machine, and when you log on as the local administrator, do NOT try to browse the network before you join the domain. Additionally, I presume you already have a root account in your smbpasswd file. You will need to use the 'Administrator' account to join the domain, and give it the password you entered when you added 'root' to smbpasswd. Let's see how that goes. very well. thank you very much for the help. and thanks to everyone else who assisted on this project. i think the key was the wins server, although i followed serveral suggestions at the same time, i had tried them at various points previously. i believe giving the XP PRO box a wins server to look at, stopped it from trying to search for the info it needed. - John T. i'm leaving the rest of this post so that others who have the same trouble will find it and the solution in a single post. thanks again!! here are some excerps from the ms help files: snip - Error: This computer could not locate a domain controller for the Active Directory domain displayed in the error message because the Domain Name System (DNS) servers used by this computer for name resolution failed to look up the service (SRV) resource record. Cause: The DNS SRV resource record is not registered in DNS. snip - then: Active Directory uses Domain Name System (DNS) to locate domain controllers, enabling computers joining the network to obtain a domain controller, and then begin the process of network authentication. Computers joining an Active Directory domain must satisfy the following three DNS requirements: The computer must be configured with the IP address of a preferred DNS server. (OK - and DNS works fine) The _ldap._tcp.dc._msdcs.DNSDomainName service (SRV) resource record must exist in DNS. (NOPE-don't have this) snip then: set type=srv _ldap._tcp.dc._msdcs.example.microsoft.com Server: dc1.example.microsoft.com Address: 10.0.0.14 _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc1.example.microsoft.com _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc2.example.microsoft.com snip port 389 in my /etc/services file is ldap. i am not sure what is causing it to want to do ldap on my computer and not on anyone else's. the server is mars.genwax.test. the win XP pro SP1 client that i am trying to join to the domain is hpvec2.genwax.test. when i try to join it to the domain by either using the wizard or the change button, this is the only interaction with the server that i see via tcpdump: 22:38:00.439236 hpvec2.genwax.test.1064 mars.genwax.test.domain: 16+ SRV ? _ldap._tcp.dc._msdcs.GENWAX.TEST. (50) 22:38:00.439664 mars.genwax.test.domain hpvec2.genwax.test.1064: 16 NXDomain*- 0/1/0 (101) (DF) i need to get this solved, so let me know if there is anything else i can
Re: [Samba] samba PDC problems
hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message a \ domain controller for the domain mydomain can not be located when i choose details it says The error was: DNS request not supported by name server. (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH 7.3 \ linux machine with IP 192.168.1.5. Connections are working because both machines \ succuessfully ping each other. I ran testparm with no errors and have verified the samba server is running properly \ with smbclient //mymachine/user -U user -W mydomain I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the Domain \ member: Digitally encrypt or sign secure channel data (always) option in the local \ security. I have triple checked the tutorial guide with my config file, and have manually \ created the required accounts What could be the problem? I have seen other people on this list with the same \ problem, but the threads seem to die out without a solution. Please help! -Tim -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 17:51, ___cliff rayman___ wrote: hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message a \ domain controller for the domain mydomain can not be located when i choose details it says The error was: DNS request not supported by name server. (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH 7.3 \ linux machine with IP 192.168.1.5. Connections are working because both machines \ succuessfully ping each other. I ran testparm with no errors and have verified the samba server is running properly \ with smbclient //mymachine/user -U user -W mydomain I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the Domain \ member: Digitally encrypt or sign secure channel data (always) option in the local \ security. I have triple checked the tutorial guide with my config file, and have manually \ created the required accounts What could be the problem? I have seen other people on this list with the same \ problem, but the threads seem to die out without a solution. Please help! I've not seen this problem before... can you browse to the server using it's hostname (not ip address)? brad Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 17:51, ___cliff rayman___ wrote: hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message a \ domain controller for the domain mydomain can not be located when i choose details it says The error was: DNS request not supported by name server. (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain out without a solution. Please help! I've not seen this problem before... can you browse to the server using it's hostname (not ip address)? on the XP box: Control Panel - System - Computer Name - Change... if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. ah you can't have the workgroup and the domain with the same name... best wishes! brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. you can't have the workgroup and the domain with the same name... ok - but samba is setup as a primary domain controller. there are NO other servers on the network, so there is not a workgroup and a domain. i assume that all windows 95/98/me and XP home clients are going to see the domain as a workgroup, and that XP Pro/NT clients will see it as a domain and logon accordingly. this is a test server. only it, and two pc's are currently hooked to the network for testing purposes. one pc has XP home, and calls GENWAX.TEST a workgroup, and the other has XP pro. when i tell it to connect to the GENWAX.TEST workgroup, it works fine, when i tell it to connect as a domain, it fails with the DNS/SRV message. here is a relative snipped from my smb.conf file: snip [global] # samba build string # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient make # server name and group stuff workgroup = genwax.test netbios name = filesnew server string = files server TESTING ONLY interfaces = 10.222.222.0/24 127.0.0.1/32 bind interfaces only = yes # passwords and domain logions encrypt passwords = yes unix password sync = true pam password change = true passwd chat = *password* %n\n*passwd* %n\n*successful* domain logons = yes domain master = yes logon drive = Z: logon home = \\%L\%u logon path = \\%L\profile\%u logon script=logon.bat os level = 99 preferred master = yes security = user path = /home/%s/samba # logging directives log file = /usr/local/samba/var/logs/%m log level = 3 # file and directory masks create mask = 0660 directory mask = 0770 #restrictions dont descend = /proc,/dev,/etc hosts allow = 10.222.222. 127.0 hide unreadable = yes max smbd processes = 100 min print space = 1 # do not allow files with CLSID extensions to be open veto files = /*.{*}/ # case sensitivity stuff mangle case = no case sensitive = no default case = lower preserve case = yes short preserve case = yes snip here is a snip from the relevant named file on the same server: snip venus IN A 10.222.222.2 marsIN A 10.222.222.3 filesnewIN A 10.222.222.3 hpvec1 IN A 10.222.222.167 hpvec2 IN A 10.222.222.168 snip hpvec1 and hpvec2 are XP home and XP pro clients respectively venus is not running samba currently any help would be appreciated. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
hi bradley, first off - thanks for the help. Bradley W. Langhorst wrote: I'm saying that your samba server may be correctly configured... however in order to switch a computer from workgroup to domain mode you first need to leave the GENWAX.TEST workgroup join the ICANTTHINKOFANAME workgroup then join the GENWAX.TEST domain... ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. it's a windows problem. that's an understatement. brad On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote: Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. you can't have the workgroup and the domain with the same name... ok - but samba is setup as a primary domain controller. there are NO other servers on the network, so there is not a workgroup and a domain. i assume that all windows 95/98/me and XP home clients are going to see the domain as a workgroup, and that XP Pro/NT clients will see it as a domain and logon accordingly. this is a test server. only it, and two pc's are currently hooked to the network for testing purposes. one pc has XP home, and calls GENWAX.TEST a workgroup, and the other has XP pro. when i tell it to connect to the GENWAX.TEST workgroup, it works fine, when i tell it to connect as a domain, it fails with the DNS/SRV message. here is a relative snipped from my smb.conf file: snip [global] # samba build string # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient make # server name and group stuff workgroup = genwax.test netbios name = filesnew server string = files server TESTING ONLY interfaces = 10.222.222.0/24 127.0.0.1/32 bind interfaces only = yes # passwords and domain logions encrypt passwords = yes unix password sync = true pam password change = true passwd chat = *password* %n\n*passwd* %n\n*successful* domain logons = yes domain master = yes logon drive = Z: logon home = \\%L\%u logon path = \\%L\profile\%u logon script=logon.bat os level = 99 preferred master = yes security = user path = /home/%s/samba # logging directives log file = /usr/local/samba/var/logs/%m log level = 3 # file and directory masks create mask = 0660 directory mask = 0770 #restrictions dont descend = /proc,/dev,/etc hosts allow = 10.222.222. 127.0 hide unreadable = yes max smbd processes = 100 min print space = 1 # do not allow files with CLSID extensions to be open veto files = /*.{*}/ # case sensitivity stuff mangle case = no case sensitive = no default case = lower preserve case = yes short preserve case = yes snip here is a snip from the relevant named file on the same server: snip venus IN A 10.222.222.2 marsIN A 10.222.222.3 filesnewIN A 10.222.222.3 hpvec1 IN A 10.222.222.167 hpvec2 IN A 10.222.222.168 snip hpvec1 and hpvec2 are XP home and XP pro clients respectively venus is not running samba currently any help would be appreciated. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Hi Cliff, I don't know if this will work, but short of the DNS error, you seem to be having a problem that I encoutered some time ago, (I used to get a user does not exist error) and I fixed it as follows. The smbpasswd file contains the usernames and computers. I found that opening it in a text editor and moving the Win2K computername entry that couldn't join up to below the root user. (include all unix and windows hash.) Then I saved the file, and tried again. And it worked. I don't know why this is, but it seems that if computers are far down in the list, they aren't found by samba. (or windows times out, I don't know which). Sean PS: I had posted a question about this to the list zonks ago, but got no answers. On 12/12/02 12:03 PM, ___cliff rayman___ [EMAIL PROTECTED] wrote: hi bradley, first off - thanks for the help. Bradley W. Langhorst wrote: I'm saying that your samba server may be correctly configured... however in order to switch a computer from workgroup to domain mode you first need to leave the GENWAX.TEST workgroup join the ICANTTHINKOFANAME workgroup then join the GENWAX.TEST domain... ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. it's a windows problem. that's an understatement. brad On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote: Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. you can't have the workgroup and the domain with the same name... ok - but samba is setup as a primary domain controller. there are NO other servers on the network, so there is not a workgroup and a domain. i assume that all windows 95/98/me and XP home clients are going to see the domain as a workgroup, and that XP Pro/NT clients will see it as a domain and logon accordingly. this is a test server. only it, and two pc's are currently hooked to the network for testing purposes. one pc has XP home, and calls GENWAX.TEST a workgroup, and the other has XP pro. when i tell it to connect to the GENWAX.TEST workgroup, it works fine, when i tell it to connect as a domain, it fails with the DNS/SRV message. here is a relative snipped from my smb.conf file: snip [global] # samba build string # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient make # server name and group stuff workgroup = genwax.test netbios name = filesnew server string = files server TESTING ONLY interfaces = 10.222.222.0/24 127.0.0.1/32 bind interfaces only = yes # passwords and domain logions encrypt passwords = yes unix password sync = true pam password change = true passwd chat = *password* %n\n*passwd* %n\n*successful* domain logons = yes domain master = yes logon drive = Z: logon home = \\%L\%u logon path = \\%L\profile\%u logon script=logon.bat os level = 99 preferred master = yes security = user path = /home/%s/samba # logging directives log file = /usr/local/samba/var/logs/%m log level = 3 # file and directory masks create mask = 0660 directory mask = 0770 #restrictions dont descend = /proc,/dev,/etc hosts allow = 10.222.222. 127.0 hide unreadable = yes max smbd processes = 100 min print space = 1 # do not allow files with CLSID extensions to be open veto files = /*.{*}/ # case sensitivity stuff mangle case = no case sensitive = no default case = lower preserve case = yes short preserve case = yes snip here is a snip from the relevant named file on the same server: snip venus IN A 10.222.222.2 marsIN A 10.222.222.3 filesnewIN A 10.222.222.3 hpvec1 IN A 10.222.222.167 hpvec2 IN A 10.222.222.168 snip hpvec1 and hpvec2 are XP home and XP pro clients respectively venus is not running samba currently any help would be appreciated. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ Sean Roulet Technology Manager Artradis Fund Management Pte Ltd #11-01 Royal Brothers Building Raffles Place, 22 Malacca Street Singapore 048980 Tel: +65 6538 1998 Fax: +65 6538 8331 - This message is strictly confidential and intended solely for the use of the intended recipient(s). The recipient of this communication should not copy, disclose or distribute this communication without permission from Artradis
Re: [Samba] samba PDC problems
On Thu, 12 Dec 2002, Sean Roulet wrote: Hi Cliff, I don't know if this will work, but short of the DNS error, you seem to be having a problem that I encoutered some time ago, (I used to get a user does not exist error) and I fixed it as follows. The smbpasswd file contains the usernames and computers. I found that opening it in a text editor and moving the Win2K computername entry that couldn't join up to below the root user. (include all unix and windows hash.) Then I saved the file, and tried again. And it worked. I don't know why this is, but it seems that if computers are far down in the list, they aren't found by samba. (or windows times out, I don't know which). I tried this with about 200 entries in the smbpasswd file and found it made no difference. I suspect something else was spooking you. It would be nice to know what! - John T. Sean PS: I had posted a question about this to the list zonks ago, but got no answers. On 12/12/02 12:03 PM, ___cliff rayman___ [EMAIL PROTECTED] wrote: hi bradley, first off - thanks for the help. Bradley W. Langhorst wrote: I'm saying that your samba server may be correctly configured... however in order to switch a computer from workgroup to domain mode you first need to leave the GENWAX.TEST workgroup join the ICANTTHINKOFANAME workgroup then join the GENWAX.TEST domain... ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. it's a windows problem. that's an understatement. brad On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote: Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. you can't have the workgroup and the domain with the same name... ok - but samba is setup as a primary domain controller. there are NO other servers on the network, so there is not a workgroup and a domain. i assume that all windows 95/98/me and XP home clients are going to see the domain as a workgroup, and that XP Pro/NT clients will see it as a domain and logon accordingly. this is a test server. only it, and two pc's are currently hooked to the network for testing purposes. one pc has XP home, and calls GENWAX.TEST a workgroup, and the other has XP pro. when i tell it to connect to the GENWAX.TEST workgroup, it works fine, when i tell it to connect as a domain, it fails with the DNS/SRV message. here is a relative snipped from my smb.conf file: snip [global] # samba build string # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient make # server name and group stuff workgroup = genwax.test netbios name = filesnew server string = files server TESTING ONLY interfaces = 10.222.222.0/24 127.0.0.1/32 bind interfaces only = yes # passwords and domain logions encrypt passwords = yes unix password sync = true pam password change = true passwd chat = *password* %n\n*passwd* %n\n*successful* domain logons = yes domain master = yes logon drive = Z: logon home = \\%L\%u logon path = \\%L\profile\%u logon script=logon.bat os level = 99 preferred master = yes security = user path = /home/%s/samba # logging directives log file = /usr/local/samba/var/logs/%m log level = 3 # file and directory masks create mask = 0660 directory mask = 0770 #restrictions dont descend = /proc,/dev,/etc hosts allow = 10.222.222. 127.0 hide unreadable = yes max smbd processes = 100 min print space = 1 # do not allow files with CLSID extensions to be open veto files = /*.{*}/ # case sensitivity stuff mangle case = no case sensitive = no default case = lower preserve case = yes short preserve case = yes snip here is a snip from the relevant named file on the same server: snip venus IN A 10.222.222.2 marsIN A 10.222.222.3 filesnewIN A 10.222.222.3 hpvec1 IN A 10.222.222.167 hpvec2 IN A 10.222.222.168 snip hpvec1 and hpvec2 are XP home and XP pro clients respectively venus is not running samba currently any help would be appreciated. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ Sean Roulet Technology Manager Artradis Fund Management Pte Ltd #11-01 Royal Brothers Building Raffles Place, 22 Malacca Street Singapore
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. bummer - i thought that would be it. i assume you get the welcome to WORKGROUP and welcome to GENWAX.TEST message boxes after you change the machine props? # server name and group stuff workgroup = genwax.test netbios name = filesnew i've never tried this - did you try logging in without the netbios name param? Are your sure your clients are looking at the dns server you mentioned? you might try putting the ip address into the hosts file on the pro machine.. brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. - John T. On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. bummer - i thought that would be it. i assume you get the welcome to WORKGROUP and welcome to GENWAX.TEST message boxes after you change the machine props? # server name and group stuff workgroup = genwax.test netbios name = filesnew i've never tried this - did you try logging in without the netbios name param? Are your sure your clients are looking at the dns server you mentioned? you might try putting the ip address into the hosts file on the pro machine.. brad -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
thanks for the try sean, but that did not work either. Sean Roulet wrote: I found that opening it in a text editor and moving the Win2K computername entry that couldn't join up to below the root user. (include all unix and windows hash.) -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 11 Dec 2002, ___cliff rayman___ wrote: John H Terpstra wrote: On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. ok - i tried GENWAXTEST. didn't help. i also removed the netbios name and tried both at the same time. no luck. Are you using LDAP? If so, then you need to put all user and machine accounts into the LDAP database. the servers fully qualified name is MARS.GENWAX.TEST. test is like com or org or net. i use my own root names all the time for testing. Providing you are not using LDAP for Samba, use in smb.conf: workgroup = genwax netbios name = mars Also, first stop samba, the remove your secrets.tdb file. Also, remove the browse.dat (and if you have one, wins.dat), then restart samba, wait at least 5 minutes before you try to get your MS Windows client to join the domain. Also, I strongly recommend that you run Samba as your WINS server and set in the MS Windows Client TCP/IP config, the IP address of your samba server for the WINS primary _and_ secondary addresses. To enable WINS serving in samba in smb.conf [globals]: wins support = yes Also, restart the MS Windows machine, and when you log on as the local administrator, do NOT try to browse the network before you join the domain. Additionally, I presume you already have a root account in your smbpasswd file. You will need to use the 'Administrator' account to join the domain, and give it the password you entered when you added 'root' to smbpasswd. Let's see how that goes. - John T. here are some excerps from the ms help files: snip - Error: This computer could not locate a domain controller for the Active Directory domain displayed in the error message because the Domain Name System (DNS) servers used by this computer for name resolution failed to look up the service (SRV) resource record. Cause: The DNS SRV resource record is not registered in DNS. snip - then: Active Directory uses Domain Name System (DNS) to locate domain controllers, enabling computers joining the network to obtain a domain controller, and then begin the process of network authentication. Computers joining an Active Directory domain must satisfy the following three DNS requirements: The computer must be configured with the IP address of a preferred DNS server. (OK - and DNS works fine) The _ldap._tcp.dc._msdcs.DNSDomainName service (SRV) resource record must exist in DNS. (NOPE-don't have this) snip then: set type=srv _ldap._tcp.dc._msdcs.example.microsoft.com Server: dc1.example.microsoft.com Address: 10.0.0.14 _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc1.example.microsoft.com _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc2.example.microsoft.com snip port 389 in my /etc/services file is ldap. i am not sure what is causing it to want to do ldap on my computer and not on anyone else's. the server is mars.genwax.test. the win XP pro SP1 client that i am trying to join to the domain is hpvec2.genwax.test. when i try to join it to the domain by either using the wizard or the change button, this is the only interaction with the server that i see via tcpdump: 22:38:00.439236 hpvec2.genwax.test.1064 mars.genwax.test.domain: 16+ SRV ? _ldap._tcp.dc._msdcs.GENWAX.TEST. (50) 22:38:00.439664 mars.genwax.test.domain hpvec2.genwax.test.1064: 16 NXDomain*- 0/1/0 (101) (DF) i need to get this solved, so let me know if there is anything else i can provide that will help. cliff - John T. On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: ok - did that. joined workgroup WORKGROUP. rebooted (what else). then attempted to change to domain GENWAX.TEST. i received the same error message as previously. bummer - i thought that would be it. i assume you get the welcome to WORKGROUP and welcome to GENWAX.TEST message boxes after you change the machine props? # server name and group stuff workgroup = genwax.test netbios name = filesnew i've never tried this - did you try logging in without the netbios name param? Are your sure your clients are looking at the dns server you mentioned? you might try putting the ip address into the hosts file on the pro machine.. brad -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
[Samba] PDC: Problems making the win2k client join domain
I am having problems making the client win2k machine join the domain . My Samba PDC is configured as follows : 1added trust account to the smbpasswd file (account to the win2k machine name). 2set the global admin parameter to student (student acnt exists on smb server) Client is configured as follows : 1user 'student' has been created . Problem : When I change the option of workgroup to domain , the Win2k client is able to recognize the domain but it is giving problems authenticating the usename/passwwd . Which username/passwd am i supposed to give here . The manual that the samba administrative usrname/passwd should be given here , is this the global admin parameter = student usrname/passwd earlier set in the samba PDC or is it something else ? I`m using Samba 2.2.3a .The error message shown is 'unknown username or bad password'. Thank You , Akshay -- __ http://www.linuxmail.org/ Now with POP3/IMAP access for only US$19.95/yr Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC: Problems making the win2k client join domain
I am having problems making the client win2k machine join the domain . My Samba PDC is configured as follows : 1added trust account to the smbpasswd file (account to the win2k machine name). 2set the global admin parameter to student (student acnt exists on smb server) Client is configured as follows : 1user 'student' has been created . Problem : When I change the option of workgroup to domain , the Win2k client is able to recognize the domain but it is giving problems authenticating the usename/passwwd . Which username/passwd am i supposed to give here . The manual that the samba administrative usrname/passwd should be given here , is this the global admin parameter = student usrname/passwd earlier set in the samba PDC or is it something else ? I`m using Samba 2.2.3a .The error message shown is 'unknown username or bad password'. Thank You , Akshay -- __ http://www.linuxmail.org/ Now with POP3/IMAP access for only US$19.95/yr Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC: Problems making the win2k client join domain
Try adding root to smbpasswd and then when adding the domain use root and root's passwd. -Original Message- From: akshay rawat [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 3:07 AM To: [EMAIL PROTECTED] Subject: [Samba] PDC: Problems making the win2k client join domain I am having problems making the client win2k machine join the domain . My Samba PDC is configured as follows : 1added trust account to the smbpasswd file (account to the win2k machine name). 2set the global admin parameter to student (student acnt exists on smb server) Client is configured as follows : 1user 'student' has been created . Problem : When I change the option of workgroup to domain , the Win2k client is able to recognize the domain but it is giving problems authenticating the usename/passwwd . Which username/passwd am i supposed to give here . The manual that the samba administrative usrname/passwd should be given here , is this the global admin parameter = student usrname/passwd earlier set in the samba PDC or is it something else ? I`m using Samba 2.2.3a .The error message shown is 'unknown username or bad password'. Thank You , Akshay -- __ http://www.linuxmail.org/ Now with POP3/IMAP access for only US$19.95/yr Powered by Outblaze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba PDC problems
Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat linux, and have just installedRH 7.3 running the default configuration. I updated samba to 2.2.7 using the online updating feature and followed a step by step tutorial to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message "a domain controller for the domain mydomain can not be located" when i choose details it says The error was: "DNS request not supported by name server."(error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH 7.3 linux machine with IP 192.168.1.5. Connections are working because both machines succuessfully ping each other. I ran testparm with no errors andhave verified the samba server is running properly with "smbclient //mymachine/user -U user -W mydomain" I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the "Domain member: Digitally encrypt or sign secure channel data (always)" option in the local security. I have triple checked the tutorial guide with my config file, and have manually created the required accounts What could be the problem? I have seen other people on this list with the same problem, but the threads seem to die out without a solution. Please help! -Tim
Re: [Samba] PDC Problems...
On Sun, Nov 24, 2002 at 01:09:02AM +, Brett Cook wrote: I've checked all the settings in the smb.conf against the man pages, all seem correct. What else could I be missing? Why can't it see the server? At the samba maschine command line: Is the client pc pingable? Is there a running firewall config which permits/denies services? Can you access via smbclient your samba machine? smbclient //tatty/root -U root -W THEMOLE Make sure that root is a valid smnbpasswd account. If one of the answers is no, you have a local problem (networking/sambaconfig). What unix/linux do you use? What samba version do you use? Do you compile Samba by your self or have you installed a package from your distri? If you have installed ap package, which one (fullname). -- Frank Matthieß[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems...
I've checked all the settings in the smb.conf against the man pages, all seem correct. What else could I be missing? Why can't it see the server? The following is my config file. /etc/samba/smb.conf [global] workgroup = THEMOLE netbios name = TATTY netbios aliases = PDC server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 printcap name = lpstat domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes preload = pdf-generator printing = cups security = user local master = yes [homes] comment = Home Directories read only = No browseable = No [print$] path = /var/lib/samba/printers write list = @adm root [pdf-generator] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u %L%u %m %I [netlogon] path = /home/netlogon write list = root -- ::TheMole::. did i mistake your words? did i betray your well worn trust? http://themole.yi.org ~ http://www.buhsnarf.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems...
On Sat, 2002-11-23 at 20:09, Brett Cook wrote: I don't see an obvious problem with your conf file... the nmbd log you posted looks okay too. please post the log.smbd of a machine trying to join the domain. what kind of failure do you see? does it fail to log on, what is the client, etc? brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems...
On Thu, Nov 21, 2002 at 03:49:16PM +, [EMAIL PROTECTED] wrote: I've added all those and still no joy :( Any other hints? Do you use the docu from the Samba howto collection? Did you check your running config (get this with testparm) and verified it against docu and man smb.conf. -- Frank Matthieß[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems...
On Fri, Nov 22, 2002 at 02:34:18PM +, [EMAIL PROTECTED] wrote: Just saw this in my System log. Nov 22 14:20:09 nmbd query_name: Failed to send packet trying to query name THEMOLE1d (with the 1d on the end) 1d is for local master browser. Samba-HOWTO-Collection.pdf section 2.3 page 9 (14/88) In my first answer i give you the hint to add local master broswer = yes. Do you forgot this in your smb.conf? Please make a crosscheck from your actual samba config(no - not the smb.conf, try testparm to get _all_ parm's) and the Samba-HOWTO-Collection.pdf. Do a testparm samba.config. You must press _one_ key to dump this to the file ;-) It will save a loot of your time if you check all unknown parm's in testparm output with man smb.conf in another console/terminal window. I've learned much about samba with this crosscheck. Every parameter you don't understand will left with default values. What's that about? Could it have something to do with anything? I think so. Please make sure that your samba server is the only pdc for THEMOLE and the only one wins server for your network. Are there runnning nt server systems? Do the serve wins or the domain? There can only by one wins server in your network. samba is abelt to use a nt wins server with the globale smb.conf parm wins server. It is preferred to use the nt winsserver if you have one. Thanks. This questions should be send to the sambalist, because this is helpfull for all other new people, which want to setup a samba server as pdc. For you there is a better chance to get approbiate answers. Think about timzone diff's ;-). -- Frank Matthieß[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Problems...
Hi all, I've looked through the archives and I can't seem to find a solution, so here's my problem. I have three Win2k clients and one Samba server which I set up as a PDC (or at least I thought so.) The domain is THEMOLE yet when I try to join the domain from the clients it says; The following error occured validaing the name THEMOLE The specified domain either does not exist or could not be contacted. I've included my smb.conf below and was just wondering if I've done something stupidly wrong? Thanks in advance. --- My smb.conf is : # Global parameters [global] workgroup = THEMOLE netbios name = TATTY netbios aliases = PDC server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 printcap name = lpstat domain logons = Yes os level = 64 preferred master = True domain master = True dns proxy = No wins support = Yes preload = pdf-generator printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @adm root [pdf-generator] comment = PDF Generator (only valid users) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u %L%u %m %I [netlogon] path = /home/netlogon write list = root -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems...
On Thu, Nov 21, 2002 at 02:30:05PM +, [EMAIL PROTECTED] wrote: Hi all, I've looked through the archives and I can't seem to find a solution, so here's my problem. I have three Win2k clients and one Samba server which I set up as a PDC (or at least I thought so.) The domain is THEMOLE yet when I try to join the domain from the clients it says; The following error occured validaing the name THEMOLE The specified domain either does not exist or could not be contacted. I've included my smb.conf below and was just wondering if I've done something stupidly wrong? Add security = user. In samba 2.2 this is default. Thanks in advance. --- My smb.conf is : # Global parameters [global] workgroup = THEMOLE netbios name = TATTY netbios aliases = PDC server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 50 printcap name = lpstat domain logons = Yes Ack. os level = 64 Ack. preferred master = True True? I prefer Yes, possibly it run's with True. Check with the testparm command, all settings as you expect. domain master = True Yes. Add local master = Yes. Take a look in Samba-HOWTO-Collection.pdf Page 49/88 dns proxy = No wins support = Yes Ack. Make sure that your clients will use this wins server. Frank. -- Frank Matthieß[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
I got the problem clear: when i try to join the domain (as root) smb reports in the machine log that guest is trying to do something and it fails authentication... I partially fixed it mapping the guest user on root but this's not what security manuals suggest ;-) Hope someone can clarify me now... bye by(t)e[s]TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Santucci wrote: I got the problem clear: when i try to join the domain (as root) smb reports in the machine log that guest is trying to do something and it fails authentication... You never mentioned that you couldn't join the domain. You should get a Welcome to the Domain Domain message if it worked. I now assume you didn't get one. Please remember, the more information you give about your problem, the easier it is for other people to help you. I partially fixed it mapping the guest user on root but this's not what security manuals suggest ;-) Hope someone can clarify me now... bye by(t)e[s]TuX! Can you connect normally to the server as root? $ smbclient -L server_name -U root (you can try this on the server itself). If not, you need to add an smbpasswd for root. As root, do: # smbpasswd -a Then try it again. If it works, you should now be able to join the domain. This is all covered in the documetation that ships with samba, and the webpage I sent a link to you about: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html Regards, Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE925tFrJK6UGDSBKcRAiWMAJ446EqOEN4pMQA5MgsJ5PF6ZGom+QCghDCu IYZuihUfFVckmxIymvjSdiQ= =PVY5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
Michele Santucci wrote: I got the problem clear: when i try to join the domain (as root) smb reports in the machine log that guest is trying to do something and it fails authentication... You never mentioned that you couldn't join the domain. You should get a Welcome to the Domain Domain message if it worked. I now assume you didn't get one. Not at all I got the Welcome to the domain CCGM but in the logs I got this: [2002/11/20 19:57:44, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) [2002/11/20 19:57:44, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2050) Returning domain sid for domain CCGM - S-1-5-21-739079523-194949929-328313008 3 [2002/11/20 19:57:46, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/20 19:57:47, 2] smbd/service.c:make_connection(331) Invalid username/password for ipc$ [guest] [2002/11/20 19:58:45, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/20 19:58:45, 2] smbd/service.c:make_connection(331) Invalid username/password for ipc$ [guest] [2002/11/20 19:59:46, 2] smbd/server.c:exit_server(461) Closing connections All these lines comes during the domain joining of the workstation.. Please remember, the more information you give about your problem, the easier it is for other people to help you. Of course... that's the way I 'd attached the smb.conf file :-) (this time I wrote it by hand with pico) $ smbclient -L server_name -U root yep and I got this: Domain=[CCGM] OS=[Unix] Server=[Samba 2.2.6] Sharename Type Comment - --- public Disk Public Folder ccgm Disk CCGM Folder satyagra Disk Satya Gra Folder IPC$ IPC IPC Service (Samba Server 2.2.6) ADMIN$ Disk IPC Service (Samba Server 2.2.6) root Disk Home Directories Server Comment ---- ARCHIVIO CCGMSERVER Samba Server 2.2.6 GFX RECEPTION SERVER-CCGM Samba Server 2.2.6 VIDEO WorkgroupMaster ---- CCGM CCGMSERVER WORKGROUPGFX smb.conf Description: Binary data
Re: [Samba] PDC Problems 2
BTW if I try to login after having 'sucessfully' joined the domain and rebooted the system I got this: Cannot login! The remote user doesn't exist and/or the password is invalid (with every user registered onto the pdc) P.S. I patched the workstation (W2K SP3) with the plainpassword.reg fix... C.ya -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems 2
On Wed, 20 Nov 2002, Michele Santucci wrote: BTW if I try to login after having 'sucessfully' joined the domain and rebooted the system I got this: Cannot login! The remote user doesn't exist and/or the password is invalid (with every user registered onto the pdc) P.S. I patched the workstation (W2K SP3) with the plainpassword.reg fix... Sorry. Domain security is NOT compatible with plain-text password only servers. You need to enable encrypted passwords and enter each machine and user into your smbpasswd database. Follow the directions in the Entire-HOWTO-Collection on the samba home page. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 18 From: Michele Santucci [EMAIL PROTECTED] To: Samba [EMAIL PROTECTED] Date: Mon, 18 Nov 2002 21:34:13 +0100 Subject: [Samba] PDC Problems Hello, That's what I got trying to join a Win2K workstation to my domain (managed by a linux/samba server), after I joined the domain the system refuse to logon/add any domain user reporting a trust relationship failure... 1) All the clients are Windows 2000 sp3 machines (tcp + netbeui) 2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6 /etc/passwd video$:x:504:421:Machine Account:/dev/null:/bin/false /etc/samba/smbpasswd video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91 :[W ]:LCT-3DD8E642: ^ seems like it created the machine account correctly [root@server samba]# more log.video [2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) As long as I add machine accounts it just show this [2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest these lines appear after the procedure created the machine account and I try to add a new local account (called michele) taking it from the domain. Explain this more please. Are you trying to log in with a domain account that exists on the samba server, which has been given an smbpasswd? The user is being mapped to 'guest' which seems to not exist. [root@server samba]# more log.smbd [2002/11/18 14:06:42, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238) Got SIGHUP This's my CONFIGURATION file ... [root@server samba]# more /etc/samba/smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/11/18 13:52:01 # Global parameters [global] workgroup = CCGM-DOM netbios name = CCGM-SERVER server string = Samba Server %v encrypt passwords = Yes update encrypted = Yes null passwords = Yes pam password change = Yes You may want to disable unix password sync and pam password change until you have this working. You haven't got a 'passwd chat' configured, which could cause this to fail. username map = /etc/samba/smbusers unix password sync = Yes admin log = Yes log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat domain admin group = @smb-admin domain guest group = @users add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes guest account = guest valid users = @smb-admin @ccgm @satyagra admin users = @smb-admin read list = @ccgm @satyagra write list = @smb-admin printer admin = @smb-admin printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @smb-admin - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92gi9rJK6UGDSBKcRAjgsAKDDTIkG6nlPjohDHtP6mDlzXg7X7wCgrSwU fmYQJKCcYdUK7wp7er5ILAo= =WU74 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
Ok this time I attached all the involved files. I try to explain the incident from the very beginning: I have a linux server (Mandrake Pro Suite 8.2 updated to the latest fixes etc.) I removed the supplied 2.2.3 samba distrib. and reinstalled the new 2.2.6 (mandrake 8.2 rpm taken from the binary distribution of samba.org), the attached smb.conf show how I set it up to act as a PDC. The domain must be CCGM and the server netbios name CCGM-SERVER I just added an alias for backward compatibilities... I created all the users (since we have two distinct kind of users I created two groups i.e. ccgm and satyagra) and 'passed' everyone to smbpasswd. Now I have to join a W2K PRO SP3 workstation called 'video' to this domain, it run just TCP/IP (no NETBeui neither IPX). Before attempting to join the domain I set the workstation to act as a standalone pc then rebooted it (I also restarted smbd nmbd) I logged in as administrator, then I start the network ID configuration (I supplied root as the username (with it's password) VIDEO as the computer name and CCGM as the domain name), the procedure goes on haging a little just before the last step after that I found these lines on log.video but the w2k worstation at this time reported no errors: [2002/11/19 13:13:28, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest After joining the domain the network ID procedure wizard asked me to add a local user so I tried to import a domain account and I got these lines in the log.video file: [2002/11/19 13:47:03, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) [2002/11/19 13:47:08, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest This time the w2k workstation reported me the infamous error: Cannot add user the trust relationship has failed I really cannot understand what's going on... bye by(t)e[s] TuX! smbusers Description: Binary data smb.conf Description: Binary data log.nmbd Description: Binary data log.smbd Description: Binary data log.video Description: Binary data passwd Description: Binary data group Description: Binary data smbpasswd Description: Binary data
Re: [Samba] PDC Problems
Try read and aply /usr/share/doc/samba/readme.w2ksp2 . - Original Message - From: Michele Santucci [EMAIL PROTECTED] To: Buchan Milne [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 19, 2002 2:04 PM Subject: Re: [Samba] PDC Problems Ok this time I attached all the involved files. I try to explain the incident from the very beginning: I have a linux server (Mandrake Pro Suite 8.2 updated to the latest fixes etc.) I removed the supplied 2.2.3 samba distrib. and reinstalled the new 2.2.6 (mandrake 8.2 rpm taken from the binary distribution of samba.org), the attached smb.conf show how I set it up to act as a PDC. The domain must be CCGM and the server netbios name CCGM-SERVER I just added an alias for backward compatibilities... I created all the users (since we have two distinct kind of users I created two groups i.e. ccgm and satyagra) and 'passed' everyone to smbpasswd. Now I have to join a W2K PRO SP3 workstation called 'video' to this domain, it run just TCP/IP (no NETBeui neither IPX). Before attempting to join the domain I set the workstation to act as a standalone pc then rebooted it (I also restarted smbd nmbd) I logged in as administrator, then I start the network ID configuration (I supplied root as the username (with it's password) VIDEO as the computer name and CCGM as the domain name), the procedure goes on haging a little just before the last step after that I found these lines on log.video but the w2k worstation at this time reported no errors: [2002/11/19 13:13:28, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest After joining the domain the network ID procedure wizard asked me to add a local user so I tried to import a domain account and I got these lines in the log.video file: [2002/11/19 13:47:03, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) [2002/11/19 13:47:08, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest This time the w2k workstation reported me the infamous error: Cannot add user the trust relationship has failed I really cannot understand what's going on... bye by(t)e[s] TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michele Santucci wrote: Ok this time I attached all the involved files. I try to explain the incident from the very beginning: I have a linux server (Mandrake Pro Suite 8.2 updated to the latest fixes etc.) I removed the supplied 2.2.3 samba distrib. and reinstalled the new 2.2.6 (mandrake 8.2 rpm taken from the binary distribution of samba.org) It's normally best *not* to remove a package, but just to upgrade it, but this shouldn't make much of a difference. , the attached smb.conf show how I set it up to act as a PDC. I haven't looked at it in detail now, but FYI, the default smb.conf that ships with the samba RPMS on Mandrake needs about 6 lines uncommented to turn it into a domain controller with many features. I don't like swat because it removes all these well-tested examples which are configured for Mandrake including the directory layout we use. The domain must be CCGM and the server netbios name CCGM-SERVER I just added an alias for backward compatibilities... I created all the users (since we have two distinct kind of users I created two groups i.e. ccgm and satyagra) and 'passed' everyone to smbpasswd. Now I have to join a W2K PRO SP3 workstation called 'video' to this domain, it run just TCP/IP (no NETBeui neither IPX). Before attempting to join the domain I set the workstation to act as a standalone pc then rebooted it (I also restarted smbd nmbd) I logged in as administrator, then I start the network ID configuration (I supplied root as the username (with it's password) VIDEO as the computer name and CCGM as the domain name), the procedure goes on haging a little just before the last step after that I found these lines on log.video but the w2k worstation at this time reported no errors: [2002/11/19 13:13:28, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest After joining the domain the network ID procedure wizard asked me to add a local user I always use the procedure that I have made animated screenshots of here: http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html#join I don't trust wizards ;-). so I tried to import a domain account and I got these lines in the log.video file: [2002/11/19 13:47:03, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) [2002/11/19 13:47:08, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest This time the w2k workstation reported me the infamous error: Cannot add user the trust relationship has failed I really cannot understand what's going on... But have you rebooted the machine and tried to log in? Also, we don't run SP3 yet, we currently only run up to SP2 due to issues with the EULA ... Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92lM5rJK6UGDSBKcRAtwfAJ411872z9AjPaOgZrqjM+MoL6oNYgCfTM1B qoBOfGF0M8QuDUd/k241wcM= =AXzu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Problems
Hello, That's what I got trying to join a Win2K workstation to my domain (managed by a linux/samba server), after I joined the domain the system refuse to logon/add any domain user reporting a trust relationship failure... 1) All the clients are Windows 2000 sp3 machines (tcp + netbeui) 2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6 /etc/passwd video$:x:504:421:Machine Account:/dev/null:/bin/false /etc/samba/smbpasswd video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91 :[W ]:LCT-3DD8E642: ^ seems like it created the machine account correctly [root@server samba]# more log.video [2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) As long as I add machine accounts it just show this [2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest these lines appear after the procedure created the machine account and I try to add a new local account (called michele) taking it from the domain. [root@server samba]# more log.smbd [2002/11/18 14:06:42, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238) Got SIGHUP This's my CONFIGURATION file ... [root@server samba]# more /etc/samba/smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/11/18 13:52:01 # Global parameters [global] workgroup = CCGM-DOM netbios name = CCGM-SERVER server string = Samba Server %v encrypt passwords = Yes update encrypted = Yes null passwords = Yes pam password change = Yes username map = /etc/samba/smbusers unix password sync = Yes admin log = Yes log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat domain admin group = @smb-admin domain guest group = @users add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes guest account = guest valid users = @smb-admin @ccgm @satyagra admin users = @smb-admin read list = @ccgm @satyagra write list = @smb-admin printer admin = @smb-admin printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @smb-admin bye by(t)e[S]...TuX! --- Questo messaggio è certificato Virus Free - AVG 6 Free Edition Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
In your conf miss netlogon share ... - Original Message - From: Michele Santucci [EMAIL PROTECTED] To: Samba [EMAIL PROTECTED] Sent: Monday, November 18, 2002 9:34 PM Subject: [Samba] PDC Problems Hello, That's what I got trying to join a Win2K workstation to my domain (managed by a linux/samba server), after I joined the domain the system refuse to logon/add any domain user reporting a trust relationship failure... 1) All the clients are Windows 2000 sp3 machines (tcp + netbeui) 2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6 /etc/passwd video$:x:504:421:Machine Account:/dev/null:/bin/false /etc/samba/smbpasswd video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91 :[W ]:LCT-3DD8E642: ^ seems like it created the machine account correctly [root@server samba]# more log.video [2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381) make_connection: root logged in as admin user (root privileges) As long as I add machine accounts it just show this [2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest these lines appear after the procedure created the machine account and I try to add a new local account (called michele) taking it from the domain. [root@server samba]# more log.smbd [2002/11/18 14:06:42, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238) Got SIGHUP This's my CONFIGURATION file ... [root@server samba]# more /etc/samba/smb.conf # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/11/18 13:52:01 # Global parameters [global] workgroup = CCGM-DOM netbios name = CCGM-SERVER server string = Samba Server %v encrypt passwords = Yes update encrypted = Yes null passwords = Yes pam password change = Yes username map = /etc/samba/smbusers unix password sync = Yes admin log = Yes log file = /var/log/samba/log.%m max log size = 50 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = lpstat domain admin group = @smb-admin domain guest group = @users add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes guest account = guest valid users = @smb-admin @ccgm @satyagra admin users = @smb-admin read list = @ccgm @satyagra write list = @smb-admin printer admin = @smb-admin printing = cups [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. browseable = No [print$] path = /var/lib/samba/printers write list = @smb-admin bye by(t)e[S]...TuX! --- Questo messaggio è certificato Virus Free - AVG 6 Free Edition Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
Sorry, I just want to clarify, does it fail when adding a computer account in the domain? No... it fails after that... when the system ask to create a local profile for a Domain user... it happens with all the users, normal ones and admins... In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest When you were trying to do what? When I try to create a local profile for a Domain user... I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. You cannot join a windows 2000 machine to a domain if you have set it to use clear text passwords, and you smb.conf is set for encrypted passwords. U're right it seemed strage to me too but I found notes about setting encryption in the smb.conf file in the samba PDC faq howto and also hints about unsetting the encryption for third party PDCs in similar documentation... and anyway this fix another problem: when u try to add a Domain user in a local machine u can specify it manually or u can browse it from the PDC... if don't enable the password encryption for third parties server the user list browsing fails... Can you be more clear on exactly which procedure you are using? About what? bye by(t)e[S]...TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC problems ....
I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: --- SMB.CONF - # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/31 09:48:05 # Global parameters [global] coding system = client code page = 850 code page directory = /var/lib/samba/codepages workgroup = CCGM-DOM netbios name = SERVER-CCGM netbios aliases = netbios scope = server string = CCGM Samba Server interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = ccgm-admin domain guest group = machine password timeout = 604800 # How can I encode the machine name in the -c param? ( -c 'Workstation %m') add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes comment = path = alternate permissions = No username = guest guest account = guest invalid users = valid users = ccgm-admin, ccgm, satya admin users = ccgm-admin read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force
[Samba] PDC Problems (read this the first one is incomplete)
Sorry but I've posted an incomplete message before that: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: --- SMB.CONF - # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/31 10:15:15 # Global parameters [global] coding system = client code page = 850 code page directory = /var/lib/samba/codepages workgroup = CCGM-DOM netbios name = SERVER-CCGM netbios aliases = netbios scope = server string = CCGM Samba Server interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = ccgm-admin domain guest group = guest machine password timeout = 604800 add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes comment = path = alternate permissions = No username = guest account = guest invalid users = valid users = ccgm-admin, ccgm, satya admin users = ccgm-admin read list = write list = printer admin = force user =
Re: [Samba] PDC Problems (read this the first one is incomplete)
Michele Santucci wrote: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. man smb.conf Search for add user script for details. -- Mike Rambo [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. I don't know what man page u're reading but mine says that the only security option not useable for the adduser script is 'SHARE' anyway the 'USER' option is compulsory since I have got to set the samba server to act as a PDC. Anyone else listening c'ya ... TUX -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
Michele Santucci wrote: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. I don't know what man page u're reading but mine says that the only security option not useable for the adduser script is 'SHARE' anyway the 'USER' option is compulsory since I have got to set the samba server to act as a PDC. Anyone else listening c'ya ... TUX Sorry - only tried to help... SMB.CONF(5) SMB.CONF(5) NAME smb.conf - The configuration file for the Samba suite SYNOPSIS The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime config uration information for the Samba programs. The smb.conf file is designed to be configured and administered by the swat(8) program. The complete description of the file format and possible parameters held within are here for reference purposes. SNIP add user script (G) This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users ON DEMAND when a user accesses the Samba server. In order to use this option, smbd must be set to security = server or security = domain and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create. When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbdcontacts the password server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and add user script is set then smbd will call the specified script AS ROOT, expanding any %u argument to be the user name to create. If this script successfully creates the user then smbd will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts. See also security, password server, delete user script. Default: add user script = empty string Example: add user script = /usr/local/samba/bin/add_user %u This box has samba 2.2.2 - has it changed with newer/older versions? -- Mike Rambo [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 3 From: Michele Santucci [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 31 Oct 2002 10:25:34 +0100 Subject: [Samba] PDC Problems (read this the first one is incomplete) Sorry but I've posted an incomplete message before that: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: Sorry, I just want to clarify, does it fail when adding a computer account in the domain? The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest When you were trying to do what? I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. You cannot join a windows 2000 machine to a domain if you have set it to use clear text passwords, and you smb.conf is set for encrypted passwords. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: Which show that you have successfully added machines with the name video and gfx to the domain. FYI, if you have any pre-sp3 machines, please test with those first ... And, with the default smb.conf (such as http://ranger.dnsalias.com/mandrake/samba/smb.conf), you only have to uncomment about 10 lines to get a working smb.conf for a domain controller (such as this file http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf) on any recent version of Mandrake linux. Can you be more clear on exactly which procedure you are using? And to answer Mike Rambo's replies, when samba runs in 'security = user', add user script is used when samba creates a new machine account. Mandrake ships with the following example for a domain controller not using LDAP backend: # Script for domain controller for adding machines: ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u Regards, Buchan (PDC runs Mandrake 8.2 / samba-2.2.6). - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9wVCnrJK6UGDSBKcRAkCVAKDG2nBdlKZa2fgDyYlmwgM1eGow1gCfRCfp fNQBqm1r6+AMhgk25iRwy7g= =YKzg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems
When do you get this problem and what are your client settings. Are you moving an existing account to another machine or the same machine with a new os? Nick Michele Santucci wrote: This's my conf file I still have problems but the error message is different this time, it sounds like (translating it from italian): It's impossible to join this machine to the domain. There's a conflict between the supllied credential and pre existent ones P.S. When v3.0 will be released? bye by(t)e[S]...TuX! # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/25 17:42:26 # Global parameters [global] coding system = client code page = 850 code page directory = /var/lib/samba/codepages workgroup = CCGM netbios name = SERVER-CCGM netbios aliases = netbios scope = server string = CCGM Samba Server interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = ccgm-admin domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes comment = path = alternate permissions = No username = guest guest account = guest invalid users = valid users = ccgm-admin, ccgm, satya admin users = ccgm-admin read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes nt acl support = Yes block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = cups print command = lpr -r -P%p %s lpq command =
Re: [Samba] PDC Problems
When do you get this problem and what are your client settings. Are you moving an existing account to another machine or the same machine with a new os? Nick Michele Santucci wrote: This's my conf file I still have problems but the error message is different this time, it sounds like (translating it from italian): It's impossible to join this machine to the domain. There's a conflict between the supllied credential and pre existent ones P.S. When v3.0 will be released? bye by(t)e[S]...TuX! # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/25 17:42:26 # Global parameters [global] coding system = client code page = 850 code page directory = /var/lib/samba/codepages workgroup = CCGM netbios name = SERVER-CCGM netbios aliases = netbios scope = server string = CCGM Samba Server interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = ccgm-admin domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes comment = path = alternate permissions = No username = guest guest account = guest invalid users = valid users = ccgm-admin, ccgm, satya admin users = ccgm-admin read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes nt acl support = Yes block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = cups print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause
Re: [Samba] PDC Problems
On the client machine; Control Panel Administration Tools Local Security Policy Local Policy Security Options Send unencrypted password to third-party SMB servers = enabled Michele Santucci wrote: Are the user and machine$ added to your /etc/passwd and smbpasswd files? all the user already added, I'm trying to add machine$ automatically (via adduser) Also do you have send unencrypted passwd to third party smb servers enabled in you local security policy settings? How? Something like that? encrypt passwords = Yes bye by(t)e[S]...TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba