Re: [Samba] Re: Samba PDC Problem
The last one is well-documented: on XP you need to set certain registry parameter, which I don't rember now, to zero. This was only an issue for samba pre 3.0, since the 3.0 release it is no longer needed. You're most likely referring to the SignOrSeal registry patch. Hope this helps. -- Kang "Kiryl Hakhovich" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hey Michael, thanks for a quick response. When i try to use BCHECKUP\Administrator it says "The parameter is incorrect" and does not work with ldap at all. (BCHECKUP is my domain name) I guess something wacky about my configs? Thanks. Michael Wray wrote: Sounds like Samba SID doesn't match SID being sent by XP workstation, which btw is what is being sent, not USERNAME Administrator. TO make sure it works for Admin's user name send sambamachinename\Administrator as the username...then the sid's should match. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kiryl Hakhovich Sent: Monday, July 26, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba PDC Problem Hello guys, I have a Samba 3.0.4 on FC2, it has LDAP backend. Machine authenticate users with no problem. However when i try to add XP client to domain, from that workstation, it asking for Administrator password to join to the Domain and them says "Login failure: unknown user name or bad password". And at the same time record does inserts into the LDAP!? I can see it right after i got message on the screen about error. Now here is a part from server log: -- Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1587) Jul 26 11:34:13 fileserver smbd[27897]: ldapsam_add_sam_account: SID 'S-1-5-21-299320441-2527492060-3102699668-3000' already in the base, with samba attributes Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2267) Jul 26 11:34:13 fileserver smbd[27897]: could not add user/computer kiryha$ to passdb. Check permissions? -- Note: i can login to linux server with name 'Administrator' and have root's privileges, since ldap has uid 0 for Administrator. smb.conf has line admin users = Administrator What do i missing? Any ideas? Thank you! Sincerely, Kiryl Hakhovich. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDC Problem
If you tried different configurations for testing, it might ends up with inconsistent SIDs. net getlocalsid will show what SID samba thinks and see if it is the consistent with your users accounts' SID or administrators SID in LDAP server. If not, then you know where your problem is. If all your accounts in ldap has consistent SID but the samba SID is different, the easist fix is net setlocalsid Another consideration, have you join your PDC server into your domain? I know it is wired but your PDC will not be in your LDAP unless you join it into the domain. I don't know if this has anything to do with your problem. The last one is well-documented: on XP you need to set certain registry parameter, which I don't rember now, to zero. Hope this helps. -- Kang "Kiryl Hakhovich" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hey Michael, > > thanks for a quick response. > > When i try to use BCHECKUP\Administrator it says "The parameter is > incorrect" and does not work with ldap at all. > > (BCHECKUP is my domain name) > > I guess something wacky about my configs? > > Thanks. > > > Michael Wray wrote: > > > Sounds like Samba SID doesn't match SID being sent by XP workstation, which > > btw is what is being sent, not USERNAME Administrator. TO make sure it > > works for Admin's user name send sambamachinename\Administrator as the > > username...then the sid's should match. > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Kiryl > > Hakhovich > > Sent: Monday, July 26, 2004 10:45 AM > > To: [EMAIL PROTECTED] > > Subject: [Samba] Samba PDC Problem > > > > > > Hello guys, > > > > I have a Samba 3.0.4 on FC2, it has LDAP backend. Machine authenticate > > users with no problem. > > However when i try to add XP client to domain, from that workstation, it > > asking for Administrator password to join to the Domain and them says > > "Login failure: unknown user name or bad password". And at the same time > > record does inserts into the LDAP!? I can see it right after i got > > message on the screen about error. > > > > Now here is a part from server log: > > -- > > Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] > > passdb/pdb_ldap.c:ldapsam_add_sam_account(1587) > > Jul 26 11:34:13 fileserver smbd[27897]: ldapsam_add_sam_account: SID > > 'S-1-5-21-299320441-2527492060-3102699668-3000' already in the base, with > > samba attributes > > Jul 26 11:34:13 fileserver smbd[27897]: [2004/07/26 11:34:13, 0] > > rpc_server/srv_samr_nt.c:_samr_create_user(2267) > > Jul 26 11:34:13 fileserver smbd[27897]: could not add user/computer > > kiryha$ > > to passdb. Check permissions? > > -- > > > > Note: i can login to linux server with name 'Administrator' and have > > root's privileges, since ldap has uid 0 for Administrator. > > > > smb.conf has line admin users = Administrator > > > > What do i missing? > > Any ideas? > > > > > > Thank you! > > > > Sincerely, > > Kiryl Hakhovich. > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-PDC problem
Your post says that you can access the profiles directory on the server. Make sure you can write to it as well. The Linux file permissions need to be correct. The following document has some good info. on setting up roaming profiles. Note that it deals with Samba 2.x but the info. may still be relevant to Samba 3.x. http://www-1.ibm.com/servers/esdd/tutorials/samba/index.html <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I am trying to get roaming profiles working for my Win2K workstation and > run a group login script at logon. My user account (traxx) can join and > logon to the domain (DATA) but I get 2 error messages after > authentication: > 1 'Windows cannot create profile directory \\henry\dcarter\profile.pds. > You will be loggeed on with a local profile only. Changes to the profile > will not be propogated to the server. Contact your network administrator.' > > 2-'Windows cannot find the local profile & is logging you on with a > temporary profile. Changes you make to this profile will be lost when you > log off.' > > These are the relevant lines from my smb.conf: > > workgroup=DATA > netbios name=DATASERVER > logon script=%g.bat > domain logons=yes > [Profiles] > path=/home/profiles > create mask=0777 > read only=no > browseable=no > > I can access \\henry\profiles from the run command okay I have also tried: > > path=/home/users/%u > > to store profiles in home directories e.g. mine would be /home/users/traxx > but I get the same error messages. > > By the way my samba logs also says: > > [2003/07/27 14:56:31, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) > api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > [2003/07/27 14:56:31, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200) > api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > [2003/07/27 14:56:35, 0] smbd/service.c:make_connection(248) > traxx (192.168.0.55) couldn't find service profiles > > > Can anybody help? > > Thank you > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba pdc problem
You need to add the line domain admin group = user1 user2 @group1 @group2 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] re: Samba PDC Problem (Account name security ID mapping blah blah blah)
Yes I know... you will all say... asked and answered but this is ridiculous... I still cannot add my win 2k wks to my Samba domain... I have created the machine account, and the root account in smbpasswd I have checked and they DO exist... I am running Samba 2.2.6-1, the build which many on these lists claim to fix this win2k problem but as of yet... no luck... here is my smb.conf if anyone can find a problem in it # Samba config file created using SWAT # from duar (127.0.0.1) # Date: 2002/11/16 11:58:30 # Global parameters [global] workgroup = KRONOS netbios name = DUAR netbios aliases = DUAR server string = encrypt passwords = Yes update encrypted = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = Yes username map = /etc/samba/smbusers unix password sync = Yes admin log = Yes log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin group = @DomainAdmins domain guest group = @DomainGuests domain logons = Yes os level = 33 lm announce = Yes preferred master = Yes domain master = Yes dns proxy = No winbind use default domain = Yes alternate permissions = Yes valid users = root admin users = root printer admin = root printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No Yours Hopefully Steve Jackson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba