siavush@spin.it
2003-Oct-19 03:04 UTC
[Samba] Stuck on Problem with Joining Domains...please help!
after many hours of tries, I am still stuck with a simple: I have Samba 3.0.1
ore running fine on a red hat 9.0 box (installed from RPM) when I try to join a
domain I get the infamous invalid user name or bad password error from the Win2K
SP2 machines. I am really getting lost here, I have checked the root password in
smbpasswd database and have used the smbpasswd command, I still get that error.
Any help would be greatly appreciated....
this is my smb.conf as given by testparm
# Global parameters
[global]
workgroup = LPHGROUP
server string = Samba Server
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\\n *ReType*new*UNIX*password*
%n\\n*passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
password level = 8
username level = 8
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false
-M %u
logon path = \\\\%L\\Profiles\\%U
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
remote announce = 172.16.2.255
hosts allow = 172.16.
printing = lprng
preserve case = No
short preserve case = No
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/profiles
guest ok = Yes
browseable = No
share modes = No
[printers]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
printable = Yes
browseable = No
[public]
comment = Public Stuff
path = /home/samba
write list = @staff
guest ok = Yes
Örn Hansen
2003-Oct-19 14:41 UTC
[Samba] Stuck on Problem with Joining Domains...please help!
I've been fighting the same problem myself, and others too, alas with ldap backend. Here's what I've come by, so far, and might be useful to you. 1. You need to provide "admin users" in the global section, and make sure the user there exists in smbpaswd. This is the user, you type in when adding the machine to the domain. You can't use "root" as with 2.x. 2. The script you are using, to add machines ... you need to make sure that it creates the trailing dollar sign to the name. I don't think samba provides the "username$" for the machine at that point, and you need to provide it by issuing "%u$", but check this to be sure. On Sunday 19 October 2003 05:04, siavush@spin.it wrote:> after many hours of tries, I am still stuck with a simple: I have Samba > 3.0.1 ore running fine on a red hat 9.0 box (installed from RPM) when I try > to join a domain I get the infamous invalid user name or bad password > error from the Win2K SP2 machines. I am really getting lost here, I have > checked the root password in smbpasswd database and have used the smbpasswd > command, I still get that error. Any help would be greatly appreciated.... > this is my smb.conf as given by testparm > # Global parameters > [global] > workgroup = LPHGROUP > server string = Samba Server > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\\n *ReType*new*UNIX*password* > %n\\n*passwd:*all*authentication*tokens*updated*successfully* username map > = /etc/samba/smbusers > password level = 8 > username level = 8 > unix password sync = Yes > log file = /var/log/samba/log.%m > max log size = 50 > name resolve order = wins lmhosts bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s > /bin/false -M %u logon path = \\\\%L\\Profiles\\%U > domain logons = Yes > os level = 33 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > remote announce = 172.16.2.255 > hosts allow = 172.16. > printing = lprng > preserve case = No > short preserve case = No > > [homes] > comment = Home Directories > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/profiles > guest ok = Yes > browseable = No > share modes = No > > [printers] > comment = Temporary file space > path = /tmp > read only = No > guest ok = Yes > printable = Yes > browseable = No > > [public] > comment = Public Stuff > path = /home/samba > write list = @staff > guest ok = Yes-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: signature Url : http://lists.samba.org/archive/samba/attachments/20031019/3adf6627/attachment.bin
John H Terpstra
2003-Oct-19 15:05 UTC
[Samba] Stuck on Problem with Joining Domains...please help!
Orn,
Here is my smb.conf for a fully functional PDC. Granted that I do not use
LDAP on this particular system, but the LDAP part is easy once you get the
rest of it working.
My advice to anyone who is building a Samba server is to start with a
simple solution and granudally build in the complexities needed. That
makes it so much easier to figure out when and where things might be
breaking.
The migration of the database is a simple matter. If you have "passdb
backend = ldapsam:ldap://server.myorg.ext:636, tdbsam" then you can
migrate a tdbsam to LDAP by:
pdbedit -i tdbsam -e ldapsam
pdbedit -g -i tdbsam -e ldapsam
My smb.conf file:
# Global parameters
[global]
workgroup = MIDEARTH
server string = Samba3
interfaces = eth0, lo
bind interfaces only = Yes
obey pam restrictions = Yes
passdb backend = tdbsam
pam password change = Yes
passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n
*Password*changed*
username map = /etc/samba/smbusers
password level = 8
username level = 8
log level = 1
syslog = 0
log file = /var/log/samba/%m
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null
%u
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
utmp = Yes
panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e
gdb /proc/%d/exe %d || /bin/sleep
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind separator = +
winbind use default domain = Yes
hosts allow = 127., 192.168.1.
use sendfile = Yes
printing = cups
veto files = /*.eml/*.nws/riched20.dll/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
include = /etc/samba/machine.%m
[homes]
comment = Home Directories
read only = No
browseable = No
Share definitions for [netlogon], [profiles], etc. deleted to reduce size
of this message.
- John T.
--
John H Terpstra
Email: jht@samba.org
-------------- next part --------------
Skipped content of type multipart/signed-------------- next part --------------
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba