samba - Jan 2004 - Unable to use Samba 3.0.1 as PDC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I'm trying to use Samba 3.0.1 on a RedHat 7.0 system as a PDC, with
tdbsam as a backend, migrating from a NT4.0 PDC (the machine on which
NT4 is running is going to be dismessed).

I've manually created the user accounts as local users, I've manually
populated passdb.tdb, setting SIDs and RIDs identical to the existing
ones (manually obtained with 'getsid' on the NT4 machine).

I've manually created the local groups, and mapped the existing nt4
groups onto them.

I've create a machine account as a local user and added with 'smbpasswd
- -a -m' to the database.

All seems fine, but.... it's not working.

Disconnecting the existing NT4 server and restarting samba as a PDC, I
cannot log on from the other servers/workstations. Note that accessing
the shares without accessing the domain works as usual.

The error message I've got from a Win2000 server (and also from another
NT4 workstation) was something like "incorrect user namo or password".

I've tryed to figure out what's not working, upping the debug level to
3, and the only thing that I've found suspicous is

[2004/01/28 16:43:09, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
~  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)

I'm including also my smb.conf file:

~ ----------------BEGIN of SMB.CONF--------------------
[global]
~   netbios name = FS5

~   idmap uid = 10000-20000
~   idmap gid = 10000-20000
~   winbind enum users = yes
~   winbind enum groups = yes

~   workgroup = Task_84

~   server string = Server FS5

~   printcap name = /etc/printcap
~   load printers = yes

~    printing = cups

~   guest account = nobody
~   map to guest = never
~   log file = /var/log/samba/samba3.log
~   log level = 3
~   max log size = 0

~   security = user

~  encrypt passwords = yes
~  passdb backend = tdbsam:/usr/local/samba3/lib/passdb.tdb




~  unix password sync = Yes
~  passwd program = /usr/bin/passwd %u
~  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
~   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	interfaces = 10.0.1.32/24

~   local master = yes

~   os level = 65

~   domain master = yes

~   preferred master = yes

~  domain logons = yes

~    logon script = script\%U.bat
~   wins server = 10.0.1.34

~   dns proxy = no

disable spoolss = no
use client driver = yes
[netlogon]
	path = /var/lib/samba3/netlogon
	comment = Servizio di Logon
	guest ok = yes
	browseable = No

[homes]
~   comment = Home Directories
~   browseable = no
~   writable = yes
~   hide dot files = yes

[laserjet]
~   comment = Stampante in progettazione
~   directory = /var/spool/samba
~   browseable = yes
~   public = yes
~   printable = yes
~   create mode = 0700
~   guest ok = no
~   read only = yes
~   printer name = laserjet


[lav]
~   comment = Lavori progrettazione
~   path = /home/prg/lavori
~   public = no
~   writable = yes
~   printable = no
~   valid users = @amminrete @analogico @lamiera @col_ana @col_lam
~   force create mode = 660
~   force directory mode = 770

[apps]
~   comment = Applicazioni comuni
~   path = /home/prg/applicazioni
~   public = no
~   writable = yes
~   printable = no
~   valid users = @amminrete @analogico @lamiera @col_ana @col_lam
@direzione @uftec @amministrazione
~   force create mode = 660
~   force directory mode = 770
~ ----------------END of SMB.CONF--------------------

Any Ideas ?

By the way... samba was installed from sources, compiled with kgcc
(aka egcs-2.91.66) 'cos gcc-2.96-85 barfed at some point of the
compilation. Can this cause some troubles ?
- --
Simone Lazzaris
Task84 S.p.A.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAGMmu/38nB9eqrJYRAvDsAJoCRfmuMt1baloA7B2pdcumCJrbbACfTMp9
JScfe4gLsSkscXh0gAdD16Q=bogE
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I'm trying to use Samba 3.0.1 on a RedHat 7.0 system as a PDC, with
tdbsam as a backend, migrating from a NT4.0 PDC (the machine on which
NT4 is running is going to be dismessed).

I've manually created the user accounts as local users, I've manually
populated passdb.tdb, setting SIDs and RIDs identical to the existing
ones (manually obtained with 'getsid' on the NT4 machine).

I've manually created the local groups, and mapped the existing nt4
groups onto them.

I've create a machine account as a local user and added with 'smbpasswd
- -a -m' to the database.

All seems fine, but.... it's not working.

Disconnecting the existing NT4 server and restarting samba as a PDC, I
cannot log on from the other servers/workstations. Note that accessing
the shares without accessing the domain works as usual.

The error message I've got from a Win2000 server (and also from another
NT4 workstation) was something like "incorrect user namo or password".

I've tryed to figure out what's not working, upping the debug level to
3, and the only thing that I've found suspicous is

[2004/01/28 16:43:09, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
~  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)

I'm including also my smb.conf file:

~ ----------------BEGIN of SMB.CONF--------------------
[global]
~   netbios name = FS5

~   idmap uid = 10000-20000
~   idmap gid = 10000-20000
~   winbind enum users = yes
~   winbind enum groups = yes

~   workgroup = Task_84

~   server string = Server FS5

~   printcap name = /etc/printcap
~   load printers = yes

~    printing = cups

~   guest account = nobody
~   map to guest = never
~   log file = /var/log/samba/samba3.log
~   log level = 3
~   max log size = 0

~   security = user

~  encrypt passwords = yes
~  passdb backend = tdbsam:/usr/local/samba3/lib/passdb.tdb




~  unix password sync = Yes
~  passwd program = /usr/bin/passwd %u
~  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
~   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

	interfaces = 10.0.1.32/24

~   local master = yes

~   os level = 65

~   domain master = yes

~   preferred master = yes

~  domain logons = yes

~    logon script = script\%U.bat
~   wins server = 10.0.1.34

~   dns proxy = no

disable spoolss = no
use client driver = yes
[netlogon]
	path = /var/lib/samba3/netlogon
	comment = Servizio di Logon
	guest ok = yes
	browseable = No

[homes]
~   comment = Home Directories
~   browseable = no
~   writable = yes
~   hide dot files = yes

[laserjet]
~   comment = Stampante in progettazione
~   directory = /var/spool/samba
~   browseable = yes
~   public = yes
~   printable = yes
~   create mode = 0700
~   guest ok = no
~   read only = yes
~   printer name = laserjet


[lav]
~   comment = Lavori progrettazione
~   path = /home/prg/lavori
~   public = no
~   writable = yes
~   printable = no
~   valid users = @amminrete @analogico @lamiera @col_ana @col_lam
~   force create mode = 660
~   force directory mode = 770

[apps]
~   comment = Applicazioni comuni
~   path = /home/prg/applicazioni
~   public = no
~   writable = yes
~   printable = no
~   valid users = @amminrete @analogico @lamiera @col_ana @col_lam
@direzione @uftec @amministrazione
~   force create mode = 660
~   force directory mode = 770
~ ----------------END of SMB.CONF--------------------

Any Ideas ?

By the way... samba was installed from sources, compiled with kgcc
(aka egcs-2.91.66) 'cos gcc-2.96-85 barfed at some point of the
compilation. Can this cause some troubles ?
- --
Simone Lazzaris
Task84 S.p.A.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAGON7/38nB9eqrJYRAjMFAJ4wFQL7GulMTVUcHAv4IOmv47X4JgCfcJ0/
VglWSKoVGKKOgdCHa2eGcaw=Ybzq
-----END PGP SIGNATURE-----