Day 2 of my adventure into Samba. Having had such success with workgroup-based Samba, it was time to try Samba as a PDC. Unfortunately, it got cut short very quickly because I am not able to log into the domain from the XP client. I took the following steps (I'm using Samba 3.0): - modified my smb.conf as per instructions in O'Reilly Using Samba, 2nd Ed. (I think this may be part of the problem - see below) - ran 'smbpasswd -a root' giving the account a password different than the real root password - restarted the daemons - hacked my XP registry to turn off the signorseal bit - rebooted XP - logged into XP with my administrator account - control panel, system, computer name, change, enter name of my domain to join,click ok, user/pass dialog pops up - tried 'root' with the samba password i created above, not the real root password, and get the following WinXP error message dialog: The following error occurred attempting to join the domain "CISSAMBA" The user name could not be found checking the log files on the linux server, I see nothing unusual. I investigated and learned from testparm that Samba 3.0 no longer understands "domain admin group" as an smb.conf parameter (so much for Using Samba's claim that it covers Samba 2.2 and 3.0 :-( So I poked around the web and the samba site and tried the sample smb.conf from the official HOWTO, which seemed to replace the old "domain admin group" with a "write list" in the [netlogon] section. I tried "write list = root" in there, but it's still giving me the same error. What's the proper way to set this up on Samba 3.0? Here is my smb.conf... [global] netbios name = ds119b workgroup = cissamba wins support = yes encrypt passwords = yes domain master = yes local master = yes preferred master = yes os level = 65 security = user domain logons = yes logon path = \\%L\profiles\%u\%m logon script = logon.bat logon drive = H: logon home = \\%L\%u\.win_profile\%m time server = yes ;domain admin group = root ; book says to do this but is invalid for Samba 3.0 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u [netlogon] path = /usr/local/samba/lib/netlogon writable = no browsable = no write list = root [profiles] path=/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = no browsable = no guest ok = no map archive = yes Any ideas? Thanks, Fran
Hi Fran, I have had the same Problem with Samba 2.2.8 but I solved it. I created an user "root" on my W2k Client with Administrator Privileges and the same password as on my Samba Server. In Samba 2.2.8 you only can join the Samba PDC as "root". Perhaps this could also work on Samba3. -----Urspr?ngliche Nachricht----- Von: samba-bounces+hendrik=styx.homeunix.org@lists.samba.org [mailto:samba-bounces+hendrik=styx.homeunix.org@lists.samba.org] Im Auftrag von Fran Fabrizio Gesendet: Sonntag, 23. November 2003 08:08 An: samba@lists.samba.org Betreff: [Samba] Can't join my domain Day 2 of my adventure into Samba. Having had such success with workgroup-based Samba, it was time to try Samba as a PDC. Unfortunately, it got cut short very quickly because I am not able to log into the domain from the XP client. I took the following steps (I'm using Samba 3.0): - modified my smb.conf as per instructions in O'Reilly Using Samba, 2nd Ed. (I think this may be part of the problem - see below) - ran 'smbpasswd -a root' giving the account a password different than the real root password - restarted the daemons - hacked my XP registry to turn off the signorseal bit - rebooted XP - logged into XP with my administrator account - control panel, system, computer name, change, enter name of my domain to join,click ok, user/pass dialog pops up - tried 'root' with the samba password i created above, not the real root password, and get the following WinXP error message dialog: The following error occurred attempting to join the domain "CISSAMBA" The user name could not be found checking the log files on the linux server, I see nothing unusual. I investigated and learned from testparm that Samba 3.0 no longer understands "domain admin group" as an smb.conf parameter (so much for Using Samba's claim that it covers Samba 2.2 and 3.0 :-( So I poked around the web and the samba site and tried the sample smb.conf from the official HOWTO, which seemed to replace the old "domain admin group" with a "write list" in the [netlogon] section. I tried "write list = root" in there, but it's still giving me the same error. What's the proper way to set this up on Samba 3.0? Here is my smb.conf... [global] netbios name = ds119b workgroup = cissamba wins support = yes encrypt passwords = yes domain master = yes local master = yes preferred master = yes os level = 65 security = user domain logons = yes logon path = \\%L\profiles\%u\%m logon script = logon.bat logon drive = H: logon home = \\%L\%u\.win_profile\%m time server = yes ;domain admin group = root ; book says to do this but is invalid for Samba 3.0 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u [netlogon] path = /usr/local/samba/lib/netlogon writable = no browsable = no write list = root [profiles] path=/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = no browsable = no guest ok = no map archive = yes Any ideas? Thanks, Fran
>I have had the same Problem with Samba 2.2.8 but I solved it. I created >an user "root" on my W2k Client with Administrator Privileges and the >same password as on my Samba Server. >In Samba 2.2.8 you only can join the Samba PDC as "root". > >Perhaps this could also work on Samba3.Not a bad idea, but it didn't work in my case. :-( My XP box has two administrator accounts now, 'root' and 'fran'. My linux Samba server also has those two accounts, root of course, and fran as my regular user account. I've added root to smbpasswd with a password specifically for samba. I've also added fran to smbpasswd. The odd thing is that if I try to join the domain as root, I get "user not found", if I try to join the domain as fran, I get "Access Denied". You'd think it would be the same since they're both in smbpasswd. I was watching log.nmbd, log.smbd, and /var/log/messages while attempting to join the domain, and I see a bunch of process_logon_packet messages from the XP client's IP, but no error messages. Just some hex values like 0x12 and 0x07 associated with the process_logon messages, do they mean anything? -Fran