account to join the Win2K PCs to the domain. You have to use the root
account. Therefore making the account "root" invalid is not a good
thing
(or I would assume). Just create a root account in the smbpasswd file and
make the password different from your unix account (if security is your
concern). Does this make sense?
Regards,
Alan B. Moote
Systems Administrator
MARK IV Industries
tel: 905.624.7908
fax: 905.625.6197
Thomas Kirk
<thomas@arkena.co To:
samba@lists.samba.org
m> cc:
Sent by: Subject: [Samba] Samba 2.23a PDC
samba-admin@lists
.samba.org
07/10/02 06:24 AM
Hey there Listmembers
Im writing this because i havnt been able to solve my problem.
Im trying to set up a samba server as PDC and im using samba 2.2.3a
from debian "woody". ive attached my smb.conf file.
The problem :
When i try to join a win2k box to the domain i get this error :
"The specified network passwords is not correct" Ofcourse ive
doublecheck if the password im using is ok and it is.
Here is the output from log.smb :
Requested protocol [Windows for Workgroups 3.1a]
negprot index=5
smb_flg=136
smb_bcc=13
size=184
smb_mid=64
smt_wct=13
sesssetupX:name=[root]
Home server: nas
smb_password_ok: Checking SMB password for user root
smb_password_ok: challenge received
smb_password_ok: Checking NT MD4 password
smb_password_ok: NT MD4 password check succeeded
smb_pam_start: PAM: Init user: root
smb_pam_start: PAM: setting rhost to: mads
smb_pam_start: PAM: setting tty
smb_pam_start: PAM: Init passed for user: root
smb_pam_account: PAM: Account Management for User: root
smb_pam_account: PAM: Account OK for User: root
smb_pam_end: PAM: PAM_END OK.
user token sid S-1-5-11
Clearing default real name
User name: root Real name: root
smb_pam_start: PAM: Init user: root
smb_pam_start: PAM: setting tty
smb_pam_start: PAM: Init passed for user: root
smb_pam_end: PAM: PAM_END OK.
Chained message
size=184
smb_mid=64
smt_wct=4
smb_bcc=18
Got device type ?????
authorise_login: ACCEPTED: guest account and guest ok (nobody)
get_current_groups: user is in 1 groups: 65534
get_current_groups: user is in 1 groups: 65534
get_share_security: using default secdesc for IPC$
se_access_check: also S-1-5-11
Initialising default vfs hooks
Can't become connected user!
Yielding connection to IPC$
error string = No such file or directory
size=83
smb_flg=136
smb_mid=64
smt_wct=3
smb_bcc=36
Transaction 3 of length 43
smb_pam_start: PAM: Init user: root
smb_pam_start: PAM: setting tty
smb_pam_start: PAM: Init passed for user: root
smb_pam_end: PAM: PAM_END OK.
smb_flg=136
receive_smb error (Success) exiting
Closing connections
Yielding connection to
Server exit (normal exit)
I dont really know what this means? If anyone could help it would be
really cool. Please mail me for additional information or higher
loglevel output (this is 4 i think?)
smb.conf :
[global]
# Change this for the workgroup/NT-domain name your Samba server will part
of
netbios name = NAS
workgroup = TEST
os level = 64
preferred master = yes
domain master = yes
local master = yes
interfaces = 192.168.10.73/24
domain logons = yes
add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g 900
%u
domain admin group = root
# where to store user profiles?
logon path = \\$N\$U\.profile
; where is a user's home directory and where should it be mounted at?
logon drive = H:
logon home = \\%N\%U
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Debug level
log level = 5
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# If you want Samba to log though syslog only then set the following
# parameter to 'yes'. Please note that logging through syslog in
# Samba is still experimental.
; syslog only = no
# We want Samba to log a minimum amount of information to syslog.
Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something
higher.
syslog = 0
# "security = user" is always a good idea. This will require a Unix
account
# in this server for every user accessing the server. See
# security_level.txt for details.
; security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = yes
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# --- Browser Control Options ---
# Please _read_ BROWSING.txt and set the next four parameters according
# to your network setup. The defaults are specified below (commented
# out.) It's important that you read BROWSING.txt so you don't break
# browsing in your network!
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 20
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = auto
# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
; preferred master = auto
# --- End of Browser Control Options ---
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
name resolve order = lmhosts host wins bcast
# Name mangling options
; preserve case = yes
; short preserve case = yes
# This boolean parameter controlls whether Samba attempts to sync. the Unix
# password with the SMB password when the encrypted SMB password in the
# /etc/samba/smbpasswd file is changed.
; unix password sync = false
# For Unix password sync. to work on a Debian GNU/Linux system, the
following
# parameters must be set (thanks to Augustin Luton <aluton@hybrigenics.fr>
for
# sending the correct chat script for the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
; pam password change = no
# The following parameter is useful only if you have the linpopup package
# installed. The samba maintainer and the linpopup maintainer are
# working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
obey pam restrictions = yes
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; winbind uid = 10000-20000
; winbind gid = 10000-20000
; template shell = /bin/bash
#======================= Share Definitions ======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want
to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# Un-comment the following and create the netlogon directory for Domain
Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /raid/filserver/netlogon
guest ok = yes
writable = no
share modes = no
read only = yes
write list = ntadmin,root,administrator
#[profiles]
# path = /raid/samba/ntprofile
# read only = no
# create mask = 0600
# directory mask = 0700
--
Venlig hilsen/Kind regards
Thomas Kirk
ARKENA
thomas(at)arkena(dot)com
Http://www.arkena.com
BOFH excuse #331:
those damn racoons!
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
