samba - Jan 2002 - machine accounts

Well I thank everybody that helped me get swat working.  I am very thankful.

Now, though, it seems I have more problems.  When I try to join my samba
domain, my XP box says "a domain controller for the domain edith could not
be contacted."

Okay, well, after reading up on things in this list, it seems that I need to
create a machine account.  I didn't have to on my NT box.  When I join the
domain with that,  it just creates an account automatically.  So how do I do
this with Samba?

For helpers, here is my smb.conf file.  TAke into account that I do have teh
security set as share right now and it is wide open to anybody on the
network just because I like to be able to use it as a storage medium.

thanks
jim

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2002/01/21 15:02:23

# Global parameters
[global]
	workgroup = EDITH
	netbios name = WALDO
	server string = Samba Server
	security = SHARE
	encrypt passwords = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
	unix password sync = Yes
	log file = /var/log/samba/%m.log
	max log size = 0
	socket options = TCP_NODELAY IPTOS_LOWDELAY
	preferred master = True
	domain master = True
	dns proxy = No
	default service = homes
	guest account = bear
	read only = No
	guest ok = Yes
	printing = lprng

[homes]
	comment = Home Directories
	path = /home
	force user = bear
	create mask = 0664
	directory mask = 0775

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	printer name = lab
	browseable = Yes

jim
English Teacher
Montpelier School

From:           	"James Bear" <james.s.bear@sendit.nodak.edu>
To:             	<samba@lists.samba.org>
Subject:        	machine accounts
Date sent:      	Tue, 22 Jan 2002 08:30:29 -0600
> Well I thank everybody that helped me get swat working.  I am very
thankful.
> 
> Now, though, it seems I have more problems.  When I try to join my samba
> domain, my XP box says "a domain controller for the domain edith could
not
> be contacted."
> 
> Okay, well, after reading up on things in this list, it seems that I need
to
> create a machine account.  I didn't have to on my NT box.  When I join
the
> domain with that,  it just creates an account automatically.  So how do I
do
> this with Samba?
1. Add a unix account for the machine. If the machine is 
waldo, add a unix account for waldo$. I use webmin, but 
adduser works. Check the samba howto for syntax. 
2. Add a samba account for the machine. You can use smbpasswd 
for this. As root "smbpasswd -a -m waldo" w/o quotes.
> 
> For helpers, here is my smb.conf file.  TAke into account that I do have
teh
> security set as share right now and it is wide open to anybody on the
> network just because I like to be able to use it as a storage medium.
If you want the samba box to be a pdc, then security should be 
USER.
> 
> thanks
> jim
> 
> # Samba config file created using SWAT
> # from 0.0.0.0 (0.0.0.0)
> # Date: 2002/01/21 15:02:23
> 
> # Global parameters
> [global]
> 	workgroup = EDITH
> 	netbios name = WALDO
> 	server string = Samba Server
> 	security = SHARE
> 	encrypt passwords = Yes
> 	passwd program = /usr/bin/passwd %u
> 	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> 	unix password sync = Yes
> 	log file = /var/log/samba/%m.log
> 	max log size = 0
> 	socket options = TCP_NODELAY IPTOS_LOWDELAY
> 	preferred master = True
> 	domain master = True
> 	dns proxy = No
> 	default service = homes
> 	guest account = bear
> 	read only = No
> 	guest ok = Yes
> 	printing = lprng
> 
> [homes]
> 	comment = Home Directories
> 	path = /home
> 	force user = bear
> 	create mask = 0664
> 	directory mask = 0775
> 
> [printers]
> 	comment = All Printers
> 	path = /var/spool/samba
> 	printable = Yes
> 	printer name = lab
> 	browseable = Yes
> 
> jim
> English Teacher
> Montpelier School
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

Joel Barnett
Systems Administrator
Allegro Corporation
503-257-8480 x2059

I got some problems with Samba/Winbind in a WINNT-Domain.How could I get the
machine-accounts to my samba-server?
Winbind including this feature? How could I activate this?

best regards

nieloo
-------------- next part --------------
Diese Mail wurde im Hause SCHMIEDER it-solutions GmbH auf Viren ?berpr?ft !

---- Original Message -----
From: "Operator (SCHMIEDER it-solutions)"
<operator@SCHMIEDER.DE>
To: <samba@lists.samba.org>
Sent: Monday, March 17, 2003 3:13 PM
Subject: [Samba] machine accounts

> I got some problems with Samba/Winbind in a WINNT-Domain.How could I get
the
> machine-accounts to my samba-server?
> Winbind including this feature? How could I activate this?
>
> best regards
>
> nieloo
>
How to ask questions:

http://www.security-forums.com/forum/viewtopic.php?t=249

Gareth Davies
Willowbrook I.T.
Ext. 235



*****************************************************************
This email has been checked by the altohiway e-Sweeper Service
*****************************************************************

Hi, I'm trying to configure a Samba 3.0 as a PDC. I've problems with
users on Win2k, probably because of machine accounts. I'm using tdbsam
(when it works, I'll try ldapsam). I can add users with
pdbedit -a, if users are in /etc/passwd. If an user is not in /etc/passwd,
I can't add it with pdbedit or smbpasswd (why?).
  I've added user root with pdbedit also. But users can't log in to the
domain using the root account (says password incorrect).

  I can't add machines no matter how I try:

  [root@t1 bin]# grep pirineus /etc/passwd
  pirineus:x:1049:1049::/home/pirineus:/bin/bash
  [root@t1 bin]# ./pdbedit -a -m pirineus
  tdb_update_sam: SAM_ACCOUNT (pirineus$) with no RID!
  Unable to add machine! (does it already exist?)

 Can someone clarify how do I add machine accounts and user accounts? Do
they have to exist already in /etc/passwd?

  Thanks,


-- 
Dani Pardo, dani@enplater.com
Enplater S.A

>  Can someone clarify how do I add machine accounts and user accounts?
Do they have to exist already in /etc/passwd?

	Pdbedit is reading your smb.conf and specially the backend you
choose. What is your backend in smb.conf ? I think your are using
ldapbackend.

	Machine account must exist in /etc/passwd or on ldap.( as user
accounts )
	With ldap pdbedit is going to the job , if the ldap record exist
( pdbedit just add samba attribute ), both for users and machine.
Smbpasswd continue to work with 3.0 version.

	Hope this help

	Jean-Marc

Mensaje citado por Michael Gasch <gasch@eva.mpg.de>:
> a short answer
>
> yes, you always need this posix-account - no matter which backend you use
>
> i'm using ldap with this structure
>
> users in ou=users,... (posix and samba)
> machines in ou=machines,... (posix and samba)
>
> and i'm not able to add samba users with just "#
> /usr/local/samba/bin/pdbedit -a -m machine_name", because there's
no
> posix-account
>
  Mmm.. I turned again to LDAP sam, and now I've been able to add machine
accounts, but this way:
  I've made an ldif file taken from an user possixAccount (one entry that
does
not contain any samba attribute). I've adapted this file with the name of
the
machine (with the trailing $).

  Then:


   # /usr/local/samba/bin/pdbedit -a -m -u machine_name$

   So, pdbedit adds the samba attributes, and the ou=Computers stills with no
entries (everything goes into ou=People).
   So I have the same mess in LDAP that I was having with smbpasswd file in
samba 2, no? Isn't it too complicated?


--
Dani Pardo, dani@enplater.com
Enplater S.A

>   So, pdbedit adds the samba attributes, and the ou=Computers stills
with no entries (everything goes into ou=People).

Did you use  ldap machine suffix = ou=pc
	in your smb.conf.

I'm running Linux from my home. I've been running Samba 2.27a for a
while
now. I've just recently upgraded my system to Fedora Core 1. With that,
sAmba has been upgraded to 3.0015.

I've included my smb.conf file. I can't seem to create a machine
account.
I get unknown user or password. I do have a user root in smbpasswd.

Like they say.......HELP!!!!!  <:-)

[global]
	logon path 	dns proxy = No
	server string = samba server
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	ldap ssl = no
	preferred master = Yes
	workgroup = MEPHISTOPHELES
	unix password sync = yes
	password server = None
	logon home 	add machine script = /usr/sbin/useradd -d /dev/null -g 100 \{} -s
/bin/false -M %u
	encrypt passwords = yes
	guest ok = Yes
	wins support = Yes
	domain logons = Yes
	log file = /var/log/samba/%m.log
	max log size = 50
	domain master = Yes
	username map = /etc/samba/smbusers

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No

---------------------------

I'm not using smbpasswd  -a... , but trying through xp to add the machine
to the domain. When in Computer Name Changes window I specify the domain
<MEPHISTOPHELES>, and then I'm prompted for the administrator
username/password <MEPHISTOPHELES\root and <passwd>> I get the
unkown
username/password message.
> are you saying you can't do smbpasswd -a -m user or that you can't
add
windows 2000/xp to a domain?
>
> Roberto Mason wrote:
>
>>I'm running Linux from my home. I've been running Samba 2.27a
for a
while now. I've just recently upgraded my system to Fedora Core 1. With
that, sAmba has been upgraded to 3.0015.
>>
>>I've included my smb.conf file. I can't seem to create a machine
account. I get unknown user or password. I do have a user root in
smbpasswd.
>>
>>Like they say.......HELP!!!!!  <:-)
>>
>>[global]
>>	logon path >>	dns proxy = No
>>	server string = samba server
>>	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>	ldap ssl = no
>>	preferred master = Yes
>>	workgroup = MEPHISTOPHELES
>>	unix password sync = yes
>>	password server = None
>>	logon home >>	add machine script = /usr/sbin/useradd -d /dev/null
-g 100 \{} -s
>>/bin/false -M %u
>>	encrypt passwords = yes
>>	guest ok = Yes
>>	wins support = Yes
>>	domain logons = Yes
>>	log file = /var/log/samba/%m.log
>>	max log size = 50
>>	domain master = Yes
>>	username map = /etc/samba/smbusers
>>
>>[homes]
>>	comment = Home Directories
>>	read only = No
>>	browseable = No
>>
>>[printers]
>>	comment = All Printers
>>	path = /var/spool/samba
>>	printable = Yes
>>	browseable = No
>>
>>---------------------------
>>
>>
>
>
>
>

Change the add machine script to this:

add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M
%u

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Santos Soler
MCP, Network+, A+
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=