I didn't get a response to my earlier request, so I'll try rephrasing.
I am in the process of trying to set up Samba 2.2.2 on some DEC Alpha
systems and get them to join our existing Domain with a Win2K PDC.
After setting up the initial smb.conf file on the machine 'alpha9' (one
of the DEC servers), I ran the command:
smbpasswd -j ITD -r <PDC Name> -U <adminid>%<passwd>
I then started samba and from a Win2K client I logged in to the ITD
domain and I could then connect to alpha9 and see the shares that I
defined. So far so good.
This system has an alias that users need to connect to. The name
'dev_svc' is defined in our DNS with an IP address separate from
'alpha9'. On 'alpha9' the IP alias is setup for the network
interface
so that it will respond to both addresses. So now I need to define
'dev_svc' to Samba as an alias for this machine, so I added the
following line to my smb.conf:
netbios alias = dev_svc
If I try to run the 'smbpasswd -j' command again, it fails probably
because the physical machine (alpha9) already exists. If I go to the
Win2K Admin app 'Active Directory Users and Computers' I can add an
Object definition for the 'dev_svc' computer, but it still appears that
Samba can't join the domain with that name. If I try to browse
'\\dev_svc\' from a Win2K machine, I get a logon popup which fails since
I don't have a smbpasswd file (I want authentication to be done through
the PDC). I can still connect through the 'alpha9' name though. In the
log.smbd file (debug level = 2) I see (among other things):
===================================8<-----------------------------
[2002/01/24 09:56:04, 0, pid=1923]
rpc_client/cli_netlogon.c:cli_net_auth2(160)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2002/01/24 09:56:04, 0, pid=1923]
rpc_client/cli_login.c:cli_nt_setup_creds(72)
cli_nt_setup_creds: auth2 challenge failed
[2002/01/24 09:56:04, 0, pid=1923]
smbd/password.c:connect_to_domain_password_server(1372)
connect_to_domain_password_server: unable to setup the PDC credentials
to machine HQISDC01. Error was : NT_STATUS_ACCESS_DENIED.
[2002/01/24 09:56:04, 0, pid=1923]
smbd/password.c:domain_client_validate(1591)
domain_client_validate: Domain password server not available.
===================================8<-----------------------------
Any ideas as to how I can get alias names to be accepted into a Domain?
Thanks
/dwight
--
Dwight N. Tovey Unix System Administrator /
Developer
League of American Bicyclists Idaho Transportation Dept.
Certified Instructor #750-K-C 3311 W. State St.
Email: dwight@dtovey.net Boise, ID. 83702
http://www.dtovey.net/dwight (208)334-8166 / fax: (208)334-8121
---
If Barbie's so popular, why do you have to buy all her friends?
I think I see what my problem is, but I'm not sure of how to fix it.
I need to be able to have Samba handle shares for multiple netbios
names/aliases and use a remote PDC for authentication.
If I change my smb.conf file from
netbios name = alpha9
netbios aliases = dev_svc
to
netbios name = dev_svc
bind interfaces only = yes
interfaces = 10.1.9.59 <---- the IP address of 'dev_svc'
and then run the 'smbpasswd -j' again, I can then connect to dev_svc,
but not alpha9, even if I set the netbios name and netbios aliases lines
back.
I think what is happening is that the 'secrets.tdb' file gets a Machine
Account Password for the last name that was set by netbios name when
smbpasswd was run. What I need then (I think) is for a separate
password for each netbios name/alias to be stored in the secrets file
and used as appropriate. Alternativly, I can have a separate smbd
process running for each name/alias, each using it's own config file and
secrets file. I can specify a different config file to use with the -s
flag, but as far as I've been able to tell, the only way to specify a
different secrets file is to recompile the server and specify the file
at that time, which means a different binary file for each name. Yuck.
Does anybody have a better way to use multiple names/aliases with a PDC?
/dwight
--
Dwight N. Tovey Unix System Administrator /
Developer
League of American Bicyclists Idaho Transportation Dept.
Certified Instructor #750-K-C 3311 W. State St.
Email: dwight@dtovey.net Boise, ID. 83702
http://www.dtovey.net/dwight (208)334-8166 / fax: (208)334-8121
---
All I ask is a chance to prove that money can't make me happy.
On Thursday 24 January 2002 07:34 pm, Dwight Tovey wrote:> I didn't get a response to my earlier request, so I'll try rephrasing. > > I am in the process of trying to set up Samba 2.2.2 on some DEC Alpha > systems and get them to join our existing Domain with a Win2K PDC. > After setting up the initial smb.conf file on the machine 'alpha9' (one > of the DEC servers), I ran the command: > smbpasswd -j ITD -r <PDC Name> -U <adminid>%<passwd> > > I then started samba and from a Win2K client I logged in to the ITD > domain and I could then connect to alpha9 and see the shares that I > defined. So far so good. > > This system has an alias that users need to connect to. The name > 'dev_svc' is defined in our DNS with an IP address separate fromI think you can't define in DNS a name with an underscore( "_" ) in it. Maybe thats your problem...> 'alpha9'. On 'alpha9' the IP alias is setup for the network interface > so that it will respond to both addresses. So now I need to define > 'dev_svc' to Samba as an alias for this machine, so I added the > following line to my smb.conf: > netbios alias = dev_svc > > If I try to run the 'smbpasswd -j' command again, it fails probably > because the physical machine (alpha9) already exists. If I go to the > Win2K Admin app 'Active Directory Users and Computers' I can add an > Object definition for the 'dev_svc' computer, but it still appears that > Samba can't join the domain with that name. If I try to browse > '\\dev_svc\' from a Win2K machine, I get a logon popup which fails since...> > Any ideas as to how I can get alias names to be accepted into a Domain? > > Thanks > /dwightI'm not in the know to comment on ohter matters, but try change the DNS name to dev-src (be careful, the NetBios name can contain underscore, DNS name can't, better change them both; I've had in the past problems having them different; and look in /etc/hosts to have consistent names) hope this helps, dragos
On 24 Jan 2002, Dwight Tovey wrote:> I am in the process of trying to set up Samba 2.2.2 on some DEC Alpha > systems and get them to join our existing Domain with a Win2K PDC. > After setting up the initial smb.conf file on the machine 'alpha9' (one > of the DEC servers), I ran the command: > smbpasswd -j ITD -r <PDC Name> -U <adminid>%<passwd> > > I then started samba and from a Win2K client I logged in to the ITD > domain and I could then connect to alpha9 and see the shares that I > defined. So far so good. > > This system has an alias that users need to connect to. The name > 'dev_svc' is defined in our DNS with an IP address separate from > 'alpha9'. On 'alpha9' the IP alias is setup for the network interface > so that it will respond to both addresses. So now I need to define > 'dev_svc' to Samba as an alias for this machine, so I added the > following line to my smb.conf: > netbios alias = dev_svc > > If I try to run the 'smbpasswd -j' command again, it fails probably > because the physical machine (alpha9) already exists. If I go to the > Win2K Admin app 'Active Directory Users and Computers' I can add an > Object definition for the 'dev_svc' computer, but it still appears that > Samba can't join the domain with that name. If I try to browse > '\\dev_svc\' from a Win2K machine, I get a logon popup which fails since > I don't have a smbpasswd file (I want authentication to be done through > the PDC). I can still connect through the 'alpha9' name though. In the > log.smbd file (debug level = 2) I see (among other things):This is a limitation (feature) of the current Samba code. If you really need this right now, you should look at running multiple, concurrent servers on the same host (see "interfaces", "bind interfaces only", "lock directory", etc...in smb.conf(5)). You will probably also need to define separate private directories via compile time options (for MACHINE.SID, secrets.tdb should be ok....). chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--