I have not been able to get Samba to work as a PDC for Win 2k system. I'm setting up Samba 2.2.2 on Solaris 8. The Win 2k system has SP2 installed. This is my third attempt starting with version 2.2.0 of Samba. I followed the documentation in Samba-HOWTO-Collection.pdf which indicates that it is the latest information. By the way I believe that there is an error in section 8.4.2 page 42. I believe the adduser script command should use the same flags as the manual section 8.4.1 on page 41. Solaris system is running NIS. Steps taken to turn Samba into PDC: 1) Stop Samba 2) Edit smb.conf turning on master options, all options per HowTo PDF 3) Disconnect NT 4.0 PDC from network. 4) Start Samba 5) Change network properties on Win 2k to a workgroup 6) Reboot Win 2k system 7) Change network properties to Domain 8) Use user root and password I get one or the other of the following two errors with multiple attempts: - Win 2k system reports RPC error - User or password not valid Machine account entry gets created in /etc/passwd, /etc/shadow file and Samba smbpasswd file. Works find for NT 4.0 and of course Win 98 systems. Can hardly wait for Windows XP, not in my shop! Log entries for Win 2k system multiple attempts: [2001/10/17 15:52:14, 0] passdb/pdb_smbpasswd.c:build_sam_account(1193) build_sam_account: smbpasswd database is corrupt! username smtp not in unix passwd database! [2001/10/17 15:52:14, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2469) _samr_set_userinfo: Unable to get smbpasswd entry for uid 0 [2001/10/17 15:52:14, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2673) _samr_delete_dom_user: Not yet implemented. [2001/10/17 15:52:21, 0] rpc_server/srv_netlog_nt.c:get_md4pw(162) get_md4pw: Workstation dogwood$: no account in domain [2001/10/17 15:54:24, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2001/10/17 15:54:24, 0] passdb/pdb_smbpasswd.c:build_sam_account(1193) build_sam_account: smbpasswd database is corrupt! username smtp not in unix passwd database! [2001/10/17 15:54:24, 0] rpc_server/srv_samr_nt.c:_samr_set_userinfo(2469) _samr_set_userinfo: Unable to get smbpasswd entry for uid 0 [2001/10/17 15:54:31, 0] rpc_server/srv_netlog_nt.c:get_md4pw(162) get_md4pw: Workstation dogwood$: no account in domain [2001/10/17 16:04:55, 0] passdb/pdb_smbpasswd.c:build_sam_account(1193) build_sam_account: smbpasswd database is corrupt! username dogwood$ not in unix passwd database! [2001/10/17 16:04:57, 0] rpc_server/srv_samr_nt.c:_samr_delete_dom_user(2673) _samr_delete_dom_user: Not yet implemented. Log entries for nmbd: become_domain_master_browser_wins: Attempting to become domain master browser on workgroup RECOMMENDED, subnet UN ICAST_SUBNET. [2001/10/17 15:50:35, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_win s(354) become_domain_master_browser_wins: querying WINS server at IP 10.2.2.3 for domain master browser name RECOMMENDED<1b> on workgroup RECOMMENDED [2001/10/17 15:50:36, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(235) become_domain_master_query_success: There is already a domain master browser at IP 10.2.2.8 for workgroup RECOMMENDED registered on subnet UNICAST_SUBNET. [2001/10/17 15:55:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_win s(341) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup RECOMMENDED, subnet UNICAST_SUBNET. [2001/10/17 15:55:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(354) become_domain_master_browser_wins: querying WINS server at IP 10.2.2.3 for domain master browser name RECOMMENDED<1b> on workgroup RECOMMENDED [2001/10/17 15:55:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(235) become_domain_master_query_success: There is already a domain master browser at IP 10.2.2.8 for workgroup RECOMMENDED registered on subnet UNICAST_SUBNET. -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: dhighley@highley-recommended.com Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com
Getting Samba 2.2.2 setup as a PDC on Solaris 8 with ISCs DHCP server
version 2.0pl5. We are also using NIS and automounted home directories.
This is not meant to be a replacement for the documentation delivered
with Samba or ISCs DHCP server software.
With this configuration we are networking Windows 98, Windows 98 second
edition, NT 4.0 SP6a, Windows 2000 SP2, RedHat 6.2, and RedHat 7.1.
There are many more settings we would like to experiment with given
time.
First we must thank the very helpful individual who will remain
nameless at his request for educating me on a mistake and some over
looked documentation. He also enlightened me on the meaning of an
acronym that I had been using for a workgroup, in Australia FRED stands
for Flaming Ridiculous Electronic Device.
Now for the details which I hope can help others. We configured Samba
build as follows:
./configure --with-smbwrapper --with-acl-support --with-automount
Fixed line 603 in Makefile for target bin/smbwrapper.so changing
the -shared flag to -G.
make
su - to root
cd /etc/init.d
./samba stop
make install
cd /etc/init.d
./samba start
In release 2.2.2 smbsh does not work, but the build problem and smbsh
are fixed in the CVS tree.
Manually added machine accounts to /etc/passwd and /etc/shadow files:
passwd - dogwood$:x:10006:10000:Machine:/dev/null:/bin/false
shadow - dogwood$:*LK*:::::::
group - machines::10000: just for admin consistency
Set up the /usr/local/samba/private/smbpasswd file. Make sure you
include the root user, but you should use a different password than used
for logging in as the UNIX root user. Add other users as needed and set
their passwords.
Now for the much needed assistance. We had been trying to get Samba to
work as a PDC since version 2.2.0. All machines Windows NT 4.0 and
Windows 98 were able to work with the PDC, but not Windows 2000 systems.
Windows 2000 systems would return an RPC error at the end of trying to
join the domain. When attempting to use the adduser script the machine
account entries would get created in the /etc/passwd /etc/shadow and
/usr/local/samba/private/smbpasswd files and then error out with the RPC
problem.
We had existing smb.conf files and the line "password server = *" on
the system being set up as a PDC was causing the RPC failure to occur.
So we removed this line as the PDC system was not able to find its self
as the password server. The other helpful information was to make the
following modifications to our dhcpd.conf files:
- In the subnet section add the following two lines
option netbios-dd-server 10.2.2.3;
option netbios-node-type 8;
Restart your dhcp server after making the above changes.
Changing the node type to 8 tells the clients to go to the wins server
before broadcasting, this is documented in a fairly new Samba file
.../samba-2.2.2/docs/textdocs/DHCP-Server-Configuration.txt. Full
documentation is in the man -s 4 dhcp.options that is installed with
ISCs DHCP software. This may not show up on your system as the catman
command shipped with Solaris 8 is broken and does not build the windex
file correctly. The above changes really diminish the number of
broadcast messages sent.
Another thing to know is that its best to run swat to configure the
smb.conf file for reasons that we will not go into here. In fact it may
be best to make a copy of your smb.conf file and then remove it as I
have found that it does not remove some existing lines if you set them
to default in swat. This is one of the areas we would like to experiment
with more as we believe we may still have too many things being set in
the global section.
Oplocks and max open files configuration are still areas for
experimentation especially when using the Configuration Management
product ClearCase.
To join a Windows 2000 system to the domain:
- logon to the local Administrator account
- right click on My Computer
- select Properties
- Network Identification
- select Properties
- select workgroup
- type in FOO
- Apply
- OK
- Reboot
- logon to the local Administrator account
- right click on My Computer
- select Properties
- Network Identification
- select Properties
- select Domain
- type in "YOUR DOMAIN"
- type in root and password
- Apply
- OK
- Reboot
Note: make sure you do not all ready have a machine entry for the system
you are trying to add to the domain in the
/usr/local/samba/private/smbpasswd file.
Below is our working PDC smb.conf file:
# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2001/10/19 13:52:28
# Global parameters
[global]
workgroup = RECOMMENDED
netbios name = HEMLOCK
server string = Samba %v on (%L)
encrypt passwords = Yes
username map = /usr/local/samba/lib/users.map
log file = /usr/local/samba/var/log.%m
max log size = 50
time server = Yes
max open files = 1000
domain admin group = @Administrators
logon path = \\%N\profiles\%U
logon drive = H:
domain logons = Yes
os level = 33
domain master = True
dns proxy = No
wins support = Yes
homedir map = auto.home
NIS homedir = Yes
invalid users = daemon bin sys adm lp uucp nuucp listen noaccess lnman lmxadmin
lmxguest lmworld ppp
create mask = 0644
[homes]
comment = Home Directories
read only = No
browseable = No
oplocks = No
level2 oplocks = No
[ccase_rls]
comment = ClearCase Releases
path = /usr/local/ccase_rls
write list = @vob
read only = No
[www]
comment = ClearCase Releases
path = /outside/www/dhighley
write list = dhighley
read only = No
guest ok = Yes
oplocks = No
level2 oplocks = No
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
write list = @Administrators
guest ok = Yes
browseable = No
[profiles]
comment = User profiles
path = /usr/local/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
Here is a second samba configured systems smb.conf file:
# Samba config file created using SWAT
# from hemlock.highley-recommended.com (10.2.2.3)
# Date: 2001/10/20 10:59:39
# Global parameters
[global]
workgroup = RECOMMENDED
netbios name = SPRUCE
server string = Samba %v on (%L)
encrypt passwords = Yes
password server = *
username map = /usr/local/samba/lib/users.map
log file = /usr/local/samba/var/log.%m
max log size = 50
time server = Yes
max open files = 1000
domain admin group = @Administrators
logon drive = H:
preferred master = False
local master = No
dns proxy = No
wins server = 10.2.2.3
NIS homedir = Yes
invalid users = daemon bin sys adm lp uucp nuucp listen noaccess lnman lmxadmin
lmxguest lmworld ppp
create mask = 0644
[homes]
comment = Home Directories
read only = No
browseable = No
oplocks = No
level2 oplocks = No
[ccase_rls]
comment = ClearCase Releases
path = /usr/local/ccase_rls
write list = @vob
read only = No
guest ok = Yes
[vobs]
comment = ClearCase VOB and View Storage
path = /vobs
read list = @vob, @staff
write list = @vob, @staff
read only = No
guest ok = Yes
oplocks = No
level2 oplocks = No
[ClearCase]
comment = ClearCase VOB and View Storage
path = /ClearCase
read list = @vob, @staff
write list = @vob, @staff
read only = No
guest ok = Yes
oplocks = No
level2 oplocks = No
[www]
comment = ClearCase Releases
path = /outside/www
write list = dhighley
read only = No
guest ok = Yes
oplocks = No
level2 oplocks = No
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
browseable = No
[profiles]
comment = User profiles
path = /usr/local/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
--
Regards,
David Highley Phone: (206) 669-0081
Highley Recommended, Inc. FAX: (253) 838-8509
2927 SW 339th Street Email: dhighley@highley-recommended.com
Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com