-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have my PDC up, but I cannot join any windows clients to it. I get prompted for the username/password to join the domain with but everything that is returned is a bad username/password. I created an "administrator" user who should be the equivalent of the windows domain admin, but perhaps I am wrong. I set the sambaPrimaryGroupSID to S-1-5-21-3040749549-2843134544-1782940832-500 where everything but the "-500" is my domains sid as returned by "net getlocalsid" Here is the entry for my administrator: # administrator, Users, mktec.com dn: uid=administrator,ou=Users,dc=mktec,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: administrator sn: administrator givenName: administrator uid: administrator uidNumber: 500 gidNumber: 512 homeDirectory: /home/administrator loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: System User sambaSID: S-1-5-21-3040749549-2843134544-1782940832-2000 sambaLogonScript: logon.bat sambaProfilePath: \\users.mktec.com\profiles\administrator sambaHomePath: \\users.mktec.com\administrator sambaHomeDrive: H: sambaAcctFlags: [U] sambaPwdLastSet: 1152654539 sambaPwdMustChange: 1156542539 sambaPrimaryGroupSID: S-1-5-21-3040749549-2843134544-1782940832-500 I am trying to follow the instructions in Chapter 6 that state: "When the user elects to make the client a domain member, Windows 200x prompts for an account and password that has privileges to create machine accounts in the domain. A Samba administrator account (i.e., a Samba account that has root privileges on the Samba server) must be entered here; the operation will fail if an ordinary user account is given." Perhaps I have misunderstood them? Zach -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEtCU1Myx0fW1d8G0RAuxKAJ9rLcmxyvgn8mz8l8MtG1OicezsbACeM6vU OuHSK1G27WGtnlzbbInEJ60=0Tdt -----END PGP SIGNATURE-----
"zdennis" <zdennis@mktec.com> wrote in message news:44B42535.3050901@mktec.com...> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have my PDC up, but I cannot join any windows clients to it. I getprompted for the username/password to join the domain with> but everything that is returned is a bad username/password.Type the following two commands and let me know if you see entries from the ldap directory. The first command should show the users from the /etc/passwd and then the users from the ldap directory. The second should show the groups from the /etc/group and then the groups from the ldap directory. getent passwd getent group
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are the results:> > getent passwdmail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh dhcp:x:101:101::/nonexistent:/bin/false syslog:x:102:102::/home/syslog:/bin/false klog:x:103:103::/home/klog:/bin/false zdennis:x:1000:1000:zdennis,,,:/home/zdennis:/bin/bash sshd:x:100:65534::/var/run/sshd:/bin/false root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false testuser:x:1001:513:Test User:/home/testuser:/bin/bash aries$:x:1003:515:Computer:/dev/null:/bin/false administrator:x:500:512:System User:/home/administrator:/bin/bash root@chloe:~# getent passwd | less root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh dhcp:x:101:101::/nonexistent:/bin/false syslog:x:102:102::/home/syslog:/bin/false klog:x:103:103::/home/klog:/bin/false zdennis:x:1000:1000:zdennis,,,:/home/zdennis:/bin/bash sshd:x:100:65534::/var/run/sshd:/bin/false root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:999:514:nobody:/dev/null:/bin/false testuser:x:1001:513:Test User:/home/testuser:/bin/bash aries$:x:1003:515:Computer:/dev/null:/bin/false administrator:x:500:512:System User:/home/administrator:/bin/bash> getent grouproot:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:zdennis tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20:zdennis fax:x:21: voice:x:22: cdrom:x:24:zdennis floppy:x:25:zdennis tape:x:26: sudo:x:27: audio:x:29:zdennis dip:x:30:zdennis www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44:zdennis sasl:x:45: plugdev:x:46:zdennis staff:x:50: games:x:60: users:x:100: nogroup:x:65534: dhcp:x:101: syslog:x:102: klog:x:103: crontab:x:104: ssh:x:105: zdennis:x:1000: lpadmin:x:106:zdennis scanner:x:107:zdennis admin:x:108:zdennis ssl-Domain Admins:x:512:root,administrator Domain Users:x:513: Domain Guests:x:514: Domain Computers:x:515: Administrators:x:544: Account Operators:x:548: Print Operators:x:550: Backup Operators:x:551: Replicators:x:552: cert:x:109: Zach -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEtP6bMyx0fW1d8G0RAvl4AJ4qy5sCYVewBbmheK80vvwPS/GfuACfc2ie 0BRn3Qi6seQKxPd6kG0aT+8=zxcK -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jamrock, Thanks for your reply. I just got my windows xp client to join the domain. After some alterations that Robert had me make in another thread, I believe that fixed my samba issues. However, I can only join a domain with the user root, and not with the user administrator. If I try to join with the user administrator I get... [2006/07/12 11:10:07, 0] lib/smbldap.c:smbldap_open(922) smbldap_open: cannot access LDAP when not root.. Do I need to give administrator specific permissions to query ldap? Zach -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEtRNAMyx0fW1d8G0RAmSiAJoC4eoNSpEL8zZAed/ima7JS0zhwACfaHLy O+OTf628SgoRVzXWnrcDd6E=JgT/ -----END PGP SIGNATURE-----
"zdennis" <zdennis@mktec.com> wrote in message news:44B51340.6090800@mktec.com...> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jamrock, > > Thanks for your reply. I just got my windows xp client to join the domain.After some alterations that Robert had me make in> another thread, I believe that fixed my samba issues. > > However, I can only join a domain with the user root, and not with theuser administrator. If I try to join with the user> administrator I get... > > [2006/07/12 11:10:07, 0] lib/smbldap.c:smbldap_open(922) > smbldap_open: cannot access LDAP when not root.. > > Do I need to give administrator specific permissions to query ldap?I have never tried. I have used root for administrative purposes. Typically, I give administrative rights to users by putting them as members of the Doman Admins group. You can try that. BTW, I use the NT 4.0 User Manager for Domains tool to manage my users and groups. It works quite well with the smb-ldap tools. Put the tool on a Samba share and run it from a workstation. You can find it here http://support.microsoft.com/kb/173673/