Mike Young
2004-Mar-22 00:53 UTC
[Samba] Cannot Join Domain unless I use username Root - 3.0.2.a tdbsam
I am unable to get a client to join a domain unless I login and join as root. The worksation errors with username or password incorrect. However I notice that if I then immediately go to the network neighborhood I can actually see the domain and navigate all its resourses (shares / printers etc). I am running samba3.0.2a on redhat 8 and have both winXP and win2K clients. I have a unix & samba user called "administrator" that belongs to both the usergroup "ntadmins" and "root". The group mappings work correctly as once I have joined the domain as root and then logged on as administrator, administrator has Domain Admin privilleges. I am currently manually adding the machines to the backend database by issuing the following commands: useradd -g 100 -d /dev/null -c "description" -s /bin/false mahine_name$ pdbedit -a -m -u machine_name I then go to the relavant client and use the control panel / system / join domain functionality to try and register with the domain. I only seem to be able to register with the domain if I use user ROOT and not administrator. I would greatly oblige any ideas on this - Is it a bug or have i got something wrong with my configuration? Here is the relavant configuration information : Unix groups: GrpName GID ======== ===ntadmins 702 administrator 703 Unix users: UsrName GID Primary Group Groups ======== ==== ============ ======================administrator 603 ntadmins users,root,admnistrator> net groupmap listSystem Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-2420991726-2856996462-1657861143-512) -> ntadmins Domain Guests (S-1-5-21-2420991726-2856996462-1657861143-514) -> nobody Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-2420991726-2856996462-1657861143-513) -> users Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1> pdbedit -l -v------- snip ------- Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-2420991726-2856996462-1657861143-1000 Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-1001 Full Name: root Home Directory: \\juan\root HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\root\0.0.0.0 Domain: E-MAGE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 07:45:51 GMT Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT Password last set: Sun, 21 Mar 2004 18:37:01 GMT Password can change: Sun, 21 Mar 2004 18:37:01 GMT Password must change: Sat, 14 Dec 1901 07:45:51 GMT --------------- Unix username: dimension$ NT username: Account Flags: [W ] User SID: S-1-5-21-2420991726-2856996462-1657861143-2216 Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-515 Full Name: dimension XP Home Directory: \\juan\dimension_ HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\dimension_\0.0.0.0 Domain: E-MAGE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 07:45:51 GMT Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT Password last set: Fri, 05 Mar 200409:16:24 GMT Password can change: Fri, 05 Mar 2004 09:16:24 GMT Password must change: Sat, 14 Dec 1901 07:45:51 GMT --------------- Unix username: dimension-w2k$ NT username: Account Flags: [W ] User SID: S-1-5-21-2420991726-2856996462-1657861143-2220 Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-515 Full Name: dimension 2k Home Directory: \\juan\dimension-w2k_ HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\dimension-w2k_\0.0.0.0 Domain: E-MAGE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 07:45:51 GMT Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT Password last set: Sun, 21 Mar 2004 18:41:16 GMT Password can change: Sun, 21 Mar 2004 18:41:16 GMT Password must change: Sat, 14 Dec 1901 07:45:51 GMT --------------- Unix username: administrator NT username: Account Flags: [U ] User SID: S-1-5-21-2420991726-2856996462-1657861143-2206 Primary Group SID: S-1-5-21-2420991726-2856996462-1657861143-512 Full Name: wrkgrp domain administrator Home Directory: \\juan\administrator HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\juan\profiles\administrator\0.0.0.0 Domain: E-MAGE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 07:45:51 GMT Kickoff time: Sat, 14 Dec 1901 07:45:51 GMT Password last set: Fri, 05 Mar 2004 09:08:19 GMT Password can change: Fri, 05 Mar 2004 09:08:19 GMT Password must change: Sat, 14 Dec 1901 07:45:51 GMT ------- snip ------->cat smb.conf[global] workgroup = e-mage netbios name = JUAN server string = %h server (Samba %v) log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 client lanman auth = No client plaintext auth = No wins support = Yes domain master = yes local master = yes preferred master = yes os level = 65 security = user time server = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 preserve case = yes short preserve case = yes encrypt passwords = true passdb backend = tdbsam domain logons = yes guest account = nobody unix password sync = yes logon path = \\%L\profiles\%U\%M logon script = logon.bat logon drive = H: add machine script = /usr/sbin/adduser --home /dev/null --ingroup machines --shell /bin/false --no-create-home --disabled-login --gecos "SAMBA Machine Account" --force-badname "%u" passwd program = /usr/bin/passwd %u passwd chat = *Enter*new*UNIX*password:* %n\n *Retype*new*UNIX*password:*%n\n *passwd:*password*updated*successfully* passwd chat debug = yes add user script = /usr/sbin/adduser --shell /dev/null --quiet --disabled-login -- gecos "Samba user" %u delete user script = /usr/sbin/deluser --remove-home --remove-all-files --backup %u add group script = /usr/local/samba/bin/addgroup.sh "%g" delete group script = /usr/sbin/delgroup "%g" add user to group script = /usr/sbin/adduser %u "%g" delete user from group script = /usr/sbin/deluser %u "%g" set primary group script /usr/sbin/usermod -g "%g" %u load printers = yes show add printer wizard = yes printcap name = /etc/printcap printing = cups use client driver = no [netlogon] comment = Network Logon Service ;Needed for a PDC path /home/samba_cfg/netlogon writable = no read only = no browsable = no share modes = no write list = @ntadmin [profiles] path = /home/samba_cfg/samba-ntprof browsable = no writable = yes create mask = 0700 directory mask = 0700 [homes] comment = Home Directories read only = no browsable = no guest ok = no map archive = yes writable = yes create mask = 0700 directory mask = 0700 # Use virtual file systems to create a recycle bin vfs objects recycle ------- snip -------