We have really enjoyed our first couple of weeks using samba2.2.2 as our PDC but the past couple of days have been a nightmare the server out of nowhere stopped letting people log in. We recieved an error message that said "Device is not installed on this network." Now we were able to get rid of the problem and at first were not sure how but, a couple of days later it happened again but tis time we had found the problem. we have two servers both freebsd 4.4 one is a firewal/proxy server the other is our PDC on both occasions i noticed that our internet connection had been locked up I restarted our connection and the PDC allowed people to log in again. also i had noticed that when the internet connection is up and running it takes a while to log in to the PDC here is our smb.conf: [global] printcap name = /etc/printcap domain master = yes interfaces = 128.223.2.5/255.255.0.0 logon home = "\\bsd2\%U" domain logons = yes encrypt passwords = yes preferred master = yes printing = bsd logon path = \\bsd2\%U\profiles workgroup = qtpcorp logon script = %U.bat socket options = TCP_NODELAY netbios name = bsd2 keep alive = 30 load printers = yes security = user logon drive = h: os level = 65 writable = yes wins support = yes create mode = 775 [netlogon] comment = On the fly creation off Logon script root preexec = /usr/local/netlogon/logonscript.pl %U %M %m root postexec = /usr/local/netlogon/logoutscript.pl %U %M %m path = /usr/local/netlogon [homes] comment = Home directories browseable = yes read only = no create mode = 0750 [Accounting] path = /scratch5/acct valid users = wallacek,heathk,@acct create mode = 775 [HR_Dept] path = /scratch5/hr_dept valid users = wallacek,heathk,@hr create mode = 775 [Credit] path = /scratch5/credit valid users = wallacek,heathk,@credit create mode = 775 [Management] path = /scratch5/management valid users = wallacek,heathk,@manage create mode = 775 [Public] path = /scratch6/public create mode = 777 [IT_Dept] path = /scratch6/is valid users = wallacek,heathk,@wheel create mode = 775 [Fender] path = /scratch6/fend valid users = wallacek,heathk,@fend create mode = 775 [Marketing] path = /scratch6/marketing valid users = wallacek,heathk,@marketing create mode = 775 [Purchasing] path = /scratch6/purchasing valid users = wallacek,heathk,@purch create mode = 775 [Warehouse] path = /scratch6/warehouse valid users = wallacek,heathk,@ware create mode = 775 [local] path = /usr/local valid users = heathk [printers] comment = All Printers browseable = no printable = yes public = no read only = yes create mode = 0700 directory = /tmp [homeward] path = /home valid users = wallacek,heathk [recov] path = /recov valid users = heathk wallacek [webscripts] path = /usr/local/www valid users = heathk,@web
Hi ml,
I got a weird problem using smb server as pdc for a M$ lan... In this lan I
have several W2K (SP3) / XP (SP1) workstations and a couple of Win98.
Win98 machines are working fine since they just authenticate on the
domain...
W2K ones give some more headaches....even if I followed step by step the
most recent PDC howtos and faq as long as the smb pdf manual (btw I'm using
smb release 2.2.5) I cannot join the machine to the domain neither
automatically nor manually.
If I try to create the machine trust account by shell (via adduser) on the
server and then try to modify the network id of the win2k pc but I got an
error more or less like this: "remote procedure malfunction" *
If I try to create the trust automatically I got 2 behaviors:
1) if use the root user to authenticate and force the join I got a
"unknown user or bad password" *
2) if I try to use Administrator user I got: "This's a machine
account.
Use the remote / local user account to perform this operation" *
Any hints? Maybe I have to modify something on the W2K worstations?
* NB I suppose these are the english messages... I'm using a W2K italian
release
bye by(t)e[S]...TuX!
This's my conf file.... I still have problems but the error message is
different this time, it sounds like (translating it from italian):
"It's impossible to join this machine to the domain. There's a
conflict
between the supllied credential and pre existent ones"
P.S. When v3.0 will be released?
bye by(t)e[S]...TuX!
-------------- next part --------------
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2002/10/25 17:42:26
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /var/lib/samba/codepages
workgroup = CCGM
netbios name = SERVER-CCGM
netbios aliases =
netbios scope =
server string = CCGM Samba Server
interfaces = eth0
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = Yes
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = lpstat
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group = @ccgm-admin
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = Yes
os level = 65
lm announce = Auto
lm interval = 60
preferred master = True
local master = Yes
domain master = True
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = Yes
wins server =
wins support = Yes
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
comment =
path =
alternate permissions = No
username = guest
guest account = guest
invalid users =
valid users = @ccgm-admin, @ccgm, @satya
admin users = @ccgm-admin
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side printer
drivers.
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @adm root
[CCGM Folder]
comment = CCGM Private Folder
path = /home/local/samba-private/ccgm
valid users = @ccgm-admin, @ccgm
write list = @ccgm
read only = No
[Satya Folder]
comment = Satya Gr? Private Folder
path = /home/local/samba-private/SatyaGra
valid users = @ccgm-admin, @satya
write list = @satya
read only = No
[public]
comment = CCGM Folder
path = /home/local/samba-public
valid users = @ccgm-admin, @ccgm
write list = @ccgm
read only = No
On the client machine; Control Panel > Administration Tools > Local Security Policy > Local Policy > Security Options > Send unencrypted password to third-party SMB servers = enabled Michele Santucci wrote: >>Are the user and machine$ added to your /etc/passwd and smbpasswd files? >> >> > >all the user already added, I'm trying to add machine$ automatically (via >adduser) > > > >>Also do you have send unencrypted passwd to third party smb servers >>enabled in you local security policy settings? >> >> > >How? > >Something like that? > > encrypt passwords = Yes > > > > bye by(t)e[S]...TuX! > >
Hello,
That's what I got trying to join a Win2K workstation to my domain (managed
by a linux/samba server),
after I joined the domain the system refuse to logon/add any domain user
reporting a trust relationship failure...
1) All the clients are Windows 2000 sp3 machines (tcp + netbeui)
2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6
/etc/passwd
video$:x:504:421:Machine Account:/dev/null:/bin/false
/etc/samba/smbpasswd
video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91
:[W
]:LCT-3DD8E642:
^ seems like it created the machine account correctly
[root@server samba]# more log.video
[2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381)
make_connection: root logged in as admin user (root privileges)
As long as I add machine accounts it just show this
[2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863)
authorise_login: rejected invalid user guest
[2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863)
authorise_login: rejected invalid user guest
these lines appear after the procedure created the machine account and I try
to add a new local account (called michele) taking it from the domain.
[root@server samba]# more log.smbd
[2002/11/18 14:06:42, 0] smbd/server.c:main(707)
smbd version 2.2.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2002
[2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238)
Got SIGHUP
????
This's my CONFIGURATION file ...
[root@server samba]# more /etc/samba/smb.conf
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2002/11/18 13:52:01
# Global parameters
[global]
workgroup = CCGM-DOM
netbios name = CCGM-SERVER
server string = Samba Server %v
encrypt passwords = Yes
update encrypted = Yes
null passwords = Yes
pam password change = Yes
username map = /etc/samba/smbusers
unix password sync = Yes
admin log = Yes
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
domain admin group = @smb-admin
domain guest group = @users
add user script = /usr/sbin/useradd -d /dev/null -g machines -c
'Machine Account' -s /bin/false -M %u
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
guest account = guest
valid users = @smb-admin @ccgm @satyagra
admin users = @smb-admin
read list = @ccgm @satyagra
write list = @smb-admin
printer admin = @smb-admin
printing = cups
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r # using client side
printer drivers.
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @smb-admin
bye by(t)e[S]...TuX!
---
Questo messaggio ? certificato Virus Free - AVG 6 Free Edition
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 18 > From: "Michele Santucci" <tux@shiny.it> > To: "Samba" <samba@lists.samba.org> > Date: Mon, 18 Nov 2002 21:34:13 +0100 > Subject: [Samba] PDC Problems > > Hello, > > That's what I got trying to join a Win2K workstation to my domain (managed > by a linux/samba server), > after I joined the domain the system refuse to logon/add any domain user > reporting a trust relationship failure... > 1) All the clients are Windows 2000 sp3 machines (tcp + netbeui) > 2) Linux server use a Mandrake 8.2 pro suite running samba 2.2.6 > > /etc/passwd > > video$:x:504:421:Machine Account:/dev/null:/bin/false > > /etc/samba/smbpasswd > >video$:504:DD8EB67612E73F3842517E31664A1C6C:BC3911425DC8A72332F814FC212ABE91> :[W > ]:LCT-3DD8E642: > > ^ seems like it created the machine account correctly > > > > [root@server samba]# more log.video > [2002/11/18 14:08:17, 0] smbd/service.c:make_connection(381) > make_connection: root logged in as admin user (root privileges) > > As long as I add machine accounts it just show this > > [2002/11/18 14:09:18, 0] smbd/password.c:authorise_login(863) > authorise_login: rejected invalid user guest > [2002/11/18 14:10:30, 0] smbd/password.c:authorise_login(863) > authorise_login: rejected invalid user guest > > these lines appear after the procedure created the machine account andI try> to add a new local account (called michele) taking it from the domain.Explain this more please. Are you trying to log in with a domain account that exists on the samba server, which has been given an smbpasswd? The user is being mapped to 'guest' which seems to not exist.> > [root@server samba]# more log.smbd > [2002/11/18 14:06:42, 0] smbd/server.c:main(707) > smbd version 2.2.6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2002 > [2002/11/18 14:07:42, 0] smbd/server.c:open_sockets(238) > Got SIGHUP > > ???? > > This's my CONFIGURATION file ... > > [root@server samba]# more /etc/samba/smb.conf > # Samba config file created using SWAT > # from 0.0.0.0 (0.0.0.0) > # Date: 2002/11/18 13:52:01 > > # Global parameters > [global] > workgroup = CCGM-DOM > netbios name = CCGM-SERVER > server string = Samba Server %v > encrypt passwords = Yes > update encrypted = Yes > null passwords = Yes > pam password change = YesYou may want to disable unix password sync and pam password change until you have this working. You haven't got a 'passwd chat' configured, which could cause this to fail.> username map = /etc/samba/smbusers > unix password sync = Yes > admin log = Yes > log file = /var/log/samba/log.%m > max log size = 50 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = lpstat > domain admin group = @smb-admin > domain guest group = @users > add user script = /usr/sbin/useradd -d /dev/null -g machines -c > 'Machine Account' -s /bin/false -M %u > domain logons = Yes > os level = 64 > preferred master = Yes > domain master = Yes > wins proxy = Yes > wins support = Yes > guest account = guest > valid users = @smb-admin @ccgm @satyagra > admin users = @smb-admin > read list = @ccgm @satyagra > write list = @smb-admin > printer admin = @smb-admin > printing = cups > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > guest ok = Yes > printable = Yes > print command = lpr-cups -P %p -o raw %s -r # using client side > printer drivers. > browseable = No > > [print$] > path = /var/lib/samba/printers > write list = @smb-admin > > > >- -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE92gi9rJK6UGDSBKcRAjgsAKDDTIkG6nlPjohDHtP6mDlzXg7X7wCgrSwU fmYQJKCcYdUK7wp7er5ILAo=WU74 -----END PGP SIGNATURE-----
Hi list, I am running Samba 2.2.7 on a 2.4 Linux, I have 3 clients, each win2kSP3. There a a few users, but with just 2 of them I can log in. If I try to connect(from win, smbclient runs perfectly) to the server using one of the other, I get the message "the domain is not available", and my log.int01 (where int01 is my workstation) says "int01 - no account in domain". hmm. I know all these problems, machine accounts, registy-hacks, but, as you see - the server knows the workstation with some user accounts, while others are blocked. If I enter a wrong user name I get "cannot log on to domain". Any suggestions? Thanks a lot, jan