I'm having problems with samba using the 2K PDC. I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd is running and I can ping it. I've tried googling, but was unsuccessful at finding something useful. The Windows 2K event viewer shows: The session setup from the computer DATASRV failed to authenticate. The name of the account referenced in the security database is DATASRV$. The following error occurred: Access is denied. On my linux box, I'm using datasrv, does case matter? My box is Lunar-Linux. AMB Athlon XP 1700+ 256MB PC2100 DDR Memory 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is installed on the 3.5GB PDC is Windows 2000 Server Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for stale data... Mostly backup) wbinfo -u gives 0xc0000022 Wbinfo -t gives Secret is good Smb.conf is [global] security = domain encrypt passwords = yes netbios name = Datasrv workgroup = CDROBOT log file = /var/log/samba/%m.log password server = mainsrv domain master = yes os level = 65 winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U [public] comment = public path = /home/tmp read only = no public = yes Testparm complains that the winbind separator might cause problems with group memobship. I've tried using '-' and it stopped complaining, but didn't fix the problem. I use '+' because it's used in the docs. Has anyone experianced this? Sometimes the users have problems signing on the the PDC saying that no domain controller exist. Very weird, because after a few tries it seems to work on 98/ME machines. 2K & XP seem to experience this as well, but logon anyway. If anyone needs more info, feel free to ask. TIA! --KM
Reset the computer account in the 2k domain and rejoin the domain using: smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password Once that's done try: wbinfo -t If it says "Secret is good" then you're set to go.. Glenn Glenn --On Wednesday, January 29, 2003 3:47 PM -0600 Kenny Mann <Kennymann@cdrobot.com> wrote:> I'm having problems with samba using the 2K PDC. > I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd > is running and I can ping it. I've tried googling, but was unsuccessful > at finding something useful. The Windows 2K event viewer shows: > > The session setup from the computer DATASRV failed to authenticate. The > name of the account referenced in the security database is DATASRV$. > The following error occurred: > Access is denied. > > On my linux box, I'm using datasrv, does case matter? > My box is Lunar-Linux. > AMB Athlon XP 1700+ > 256MB PC2100 DDR Memory > 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is > installed on the 3.5GB > > PDC is Windows 2000 Server > Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 > IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for > stale data... Mostly backup) > > wbinfo -u gives > 0xc0000022 > > Wbinfo -t gives > Secret is good > > Smb.conf is > [global] > security = domain > encrypt passwords = yes > netbios name = Datasrv > workgroup = CDROBOT > log file = /var/log/samba/%m.log > password server = mainsrv > domain master = yes > os level = 65 > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > template homedir = /home/winnt/%D/%U > > > [public] > comment = public > path = /home/tmp > read only = no > public = yes > > Testparm complains that the winbind separator might cause problems with > group memobship. I've tried using '-' and it stopped complaining, but > didn't fix the problem. I use '+' because it's used in the docs. > > Has anyone experianced this? > Sometimes the users have problems signing on the the PDC saying that no > domain controller exist. Very weird, because after a few tries it seems > to work on 98/ME machines. 2K & XP seem to experience this as well, but > logon anyway. > > > If anyone needs more info, feel free to ask. TIA! > > --KM > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba--- Glenn E. Sieb System Administrator Lumeta Corporation +1 732 357-3514 (V) +1 732 564-0731 (Fax)
I had the same problem except mine was working for several months then decided to quit ... deleted the computers from the domain and re-added them using: smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password Works again, but I still don't understand what caused it. -----Original Message----- From: Kenny Mann [mailto:Kennymann@cdrobot.com] Sent: Wednesday, January 29, 2003 3:47 PM To: samba@lists.samba.org Subject: [Samba] Problems making use of 2K PDC I'm having problems with samba using the 2K PDC. I've gotten it to successfully join the 2K PDC via smbpasswd. Winbindd is running and I can ping it. I've tried googling, but was unsuccessful at finding something useful. The Windows 2K event viewer shows: The session setup from the computer DATASRV failed to authenticate. The name of the account referenced in the security database is DATASRV$. The following error occurred: Access is denied. On my linux box, I'm using datasrv, does case matter? My box is Lunar-Linux. AMB Athlon XP 1700+ 256MB PC2100 DDR Memory 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 Everything is installed on the 3.5GB PDC is Windows 2000 Server Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the big HD is just for stale data... Mostly backup) wbinfo -u gives 0xc0000022 Wbinfo -t gives Secret is good Smb.conf is [global] security = domain encrypt passwords = yes netbios name = Datasrv workgroup = CDROBOT log file = /var/log/samba/%m.log password server = mainsrv domain master = yes os level = 65 winbind separator = + winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/winnt/%D/%U [public] comment = public path = /home/tmp read only = no public = yes Testparm complains that the winbind separator might cause problems with group memobship. I've tried using '-' and it stopped complaining, but didn't fix the problem. I use '+' because it's used in the docs. Has anyone experianced this? Sometimes the users have problems signing on the the PDC saying that no domain controller exist. Very weird, because after a few tries it seems to work on 98/ME machines. 2K & XP seem to experience this as well, but logon anyway. If anyone needs more info, feel free to ask. TIA! --KM -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 29 Jan 2003, Kenny Mann wrote:> Smb.conf is > [global] > security = domain > encrypt passwords = yes > netbios name = Datasrv > workgroup = CDROBOT > log file = /var/log/samba/%m.log > password server = mainsrv > domain master = yesdon't mix security = domain and domain master = yes. Bad mojo. Set domaion master = no so smbd/winbindd can find the real Windows PDC. cheers, jerry ---------------------------------------------------------------------- Hewlett-Packard ------------------------- http://www.hp.com SAMBA Team ---------------------- http://www.samba.org GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+OT4DIR7qMdg1EfYRAvyBAKCVpQgE8G3Zfg9BQ81R+yeZjDHd0ACg8J5k oRET5v8nwFo6ooqHTSeTkyw=agp8 -----END PGP SIGNATURE-----
It said command completed successfully. However still the same issue. Now tha tyo uhave said that, it sounds like that could be the problem. Would I need to reboot? Win98 machines can login sometimes. Sometimes It says cannot find domain controller. If Win2K is in native mode ,I would think it would deny access all the time. I'm going to hop to the MS mail list/news groups. You'r most likely right that this Is a 2K issue and not Samba. THANKS!> -----Original Message----- > From: Jan Chorowski [mailto:jasiek@lo14.wroc.pl] > Sent: Thursday, January 30, 2003 12:39 AM > To: Kenny Mann > Subject: Re: [Samba] Problems making use of 2K PDC > > > On Wed, Jan 29, 2003 at 03:47:09PM -0600, Kenny Mann wrote: > > > wbinfo -u gives > > 0xc0000022 > > > > Wbinfo -t gives > > Secret is good > > > your problem lies in the win2k native mode (denying access to > machines older than win2k). It's a security feature enabled > with the installation of windows. To disable it use: net > localgroup "Pre-Windows 2000 Compatible Access" everyone /add > > --KM > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > Jan Chorowski > >
I'm able to "join" the comain. Wbinfo -t says secret is good. Wbinfo -u shows me 0xc000022 Wbinfo --sequence says CDROBOT: DISCONNECTED The catchy thing is that I joined via smbpasswd and it said I joined. 'Joined domain CDROBOT' Very odd. Thanks! --KM> -----Original Message----- > From: Gaffey, Mike [mailto:MGaffey@fastekintl.com] > Sent: Wednesday, January 29, 2003 4:06 PM > To: Kenny Mann > Cc: 'samba@lists.samba.org' > Subject: RE: [Samba] Problems making use of 2K PDC > > > I had the same problem except mine was working for several > months then decided to quit ... deleted the computers from > the domain and re-added them > using: > > smbpasswd -j DOMAIN -r DOMAINPDCSMBNAME -UAdministrator%password > > Works again, but I still don't understand what caused it. > > > -----Original Message----- > From: Kenny Mann [mailto:Kennymann@cdrobot.com] > Sent: Wednesday, January 29, 2003 3:47 PM > To: samba@lists.samba.org > Subject: [Samba] Problems making use of 2K PDC > > > I'm having problems with samba using the 2K PDC. > I've gotten it to successfully join the 2K PDC via smbpasswd. > Winbindd is running and I can ping it. I've tried googling, > but was unsuccessful at finding something useful. The Windows > 2K event viewer shows: > > The session setup from the computer DATASRV failed to > authenticate. The name of the account referenced in the > security database is DATASRV$. The following error occurred: > Access is denied. > > On my linux box, I'm using datasrv, does case matter? > My box is Lunar-Linux. > AMB Athlon XP 1700+ > 256MB PC2100 DDR Memory > 40GB 7200 RPM hard drive. 2 partitions. 3.5GB and a 35.5 > Everything is installed on the 3.5GB > > PDC is Windows 2000 Server > Compaq Prolient w/ 2GB of RAM & 20GB Ultra3 SCSI 15K RPM and > 80GB 5400 IDE 5400RPM (yeah, I know it sounds funny but the > big HD is just for stale data... Mostly backup) > > wbinfo -u gives > 0xc0000022 > > Wbinfo -t gives > Secret is good > > Smb.conf is > [global] > security = domain > encrypt passwords = yes > netbios name = Datasrv > workgroup = CDROBOT > log file = /var/log/samba/%m.log > password server = mainsrv > domain master = yes > os level = 65 > > winbind separator = + > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > > template homedir = /home/winnt/%D/%U > > > [public] > comment = public > path = /home/tmp > read only = no > public = yes > > Testparm complains that the winbind separator might cause > problems with group memobship. I've tried using '-' and it > stopped complaining, but didn't fix the problem. I use '+' > because it's used in the docs. > > Has anyone experianced this? > Sometimes the users have problems signing on the the PDC > saying that no domain controller exist. Very weird, because > after a few tries it seems to work on 98/ME machines. 2K & XP > seem to experience this as well, but logon anyway. > > > If anyone needs more info, feel free to ask. TIA! > > --KM > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >