samba - Oct 2004 - Specified user does not exist. Huh?!

Ok folks I?m at my wit?s end here as I cannot seem to join the domain I
setup under Samba version 3.0.7. Every time I try and join the domain
with a user that has the power to add a machine to the domain it just
says that the user does not exist. This happens with all accounts which
I have specified in the smb.conf file as a user that can do this
function. I have added those users via smbpasswd ?a <username> as well
as username ?g admin <username> and they do show up in the smbpasswd
file. Here?s what appears in my smbd.log file:



smbd version 3.0.7 started.

  Copyright Andrew Tridgell and the Samba Team 1992-2004

[2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435)

  Unknown parameter encountered: "domain admin group"

[2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125)

  Ignoring unknown parameter "domain admin group"

[2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435)

  Unknown parameter encountered: "domain admin user"

[2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125)

  Ignoring unknown parameter "domain admin user"

[2004/10/26 11:29:50, 2] param/loadparm.c:do_section(3407)

  Processing section "[netlogon]"



And here?s what?s in my smb.conf file:



[global]



            Netbios name = Server

            Server string = PDC

            Workgroup = HOMEUSE

            Passdb backend = smbpasswd

            os level = 33

            preferred master = yes

            domain master = yes

            local master = yes

            domain logons = yes

            hide dot files = yes

            security = user

            invalid users = bin daemon sys man postfix mail ftp

            domain admin group = @admin

            domain admin user = root

            encrypt passwords = yes

            log level = 2

            log file = /var/log/samba/log.%L

            max log size = 1000

            debug timestamp = yes

            syslog = 1

            add user script = /usr/sbin/useradd ?d /dev/null ?g 100 ?s
/bin/false ?m %u



[netlogon]



            path = /home/samba/netlogon

            read only = yes

            write list = @admin



Here?s what appears in my logfile (changed loglevel to 5 for this)



[2004/10/26 11:43:15, 3] smbd/process.c:switch_message(887)

  switch message SMBtrans (pid 8613) conn 0x83a6130

[2004/10/26 11:43:15, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 502) - sec_ctx_stack_ndx = 0

[2004/10/26 11:43:15, 5] auth/auth_util.c:debug_nt_user_token(491)

  NT user token of user S-1-5-21-1861440459-1144414950-1732935726-2008

  contains 5 SIDs

  SID[  0]: S-1-5-21-1861440459-1144414950-1732935726-2008

  SID[  1]: S-1-5-21-1861440459-1144414950-1732935726-2005

SID[  2]: S-1-1-0

  SID[  3]: S-1-5-2

  SID[  4]: S-1-5-11

[2004/10/26 11:43:15, 5] auth/auth_util.c:debug_unix_user_token(505)

  UNIX token of user 0

  Primary group is 502 and contains 1 supplementary groups

  Group[  0]: 502

[2004/10/26 11:43:15, 5] smbd/uid.c:change_to_user(281)

  change_to_user uid=(0,0) gid=(0,502)

[2004/10/26 11:43:15, 3] smbd/ipc.c:reply_trans(538)

  trans <\PIPE\> data=44 params=0 setup=2

[2004/10/26 11:43:15, 5] smbd/ipc.c:reply_trans(557)

  calling named_pipe

[2004/10/26 11:43:15, 3] smbd/ipc.c:named_pipe(334)

  named pipe command on <> name

[2004/10/26 11:43:15, 5] smbd/ipc.c:api_fd_reply(267)

  api_fd_reply

[2004/10/26 11:43:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1170)

  search for pipe pnum=7517

[2004/10/26 11:43:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1174)

  pipe name lsarpc pnum=7517 (pipes_open=1)



Another section:



[2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296)

  change_to_root_user: now uid=(0,0) gid=(0,0)

[2004/10/26 11:43:16, 3] smbd/service.c:close_cnum(837)

  chris (192.168.2.101) closed connection to service IPC$

[2004/10/26 11:43:16, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to IPC$

[2004/10/26 11:43:16, 4] smbd/vfs.c:vfs_ChDir(654)

  vfs_ChDir to /

[2004/10/26 11:43:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/10/26 11:43:16, 5] auth/auth_util.c:debug_nt_user_token(486)

  NT user token: (NULL)

[2004/10/26 11:43:16, 5] auth/auth_util.c:debug_unix_user_token(505)

  UNIX token of user 0

  Primary group is 0 and contains 0 supplementary groups

[2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296)

  change_to_root_user: now uid=(0,0) gid=(0,0)

[2004/10/26 11:43:16, 5] lib/util.c:show_msg(439)

[2004/10/26 11:43:16, 5] lib/util.c:show_msg(449)





Those seem to be the relevant sections although I am not sure, let me
know if you just want me to post the entire logfile. Any help with this
problem would be appreciated as I would really like to get this up and
running.

Ok folks I?m at my wit?s end here as I cannot seem to join the domain I
setup under Samba version 3.0.7. Every time I try and join the domain
with a user that has the power to add a machine to the domain it just
says that the user does not exist. This happens with all accounts which
I have specified in the smb.conf file as a user that can do this
function. I have added those users via smbpasswd ?a <username> as well
as username ?g admin <username> and they do show up in the smbpasswd
file. Here?s what appears in my smbd.log file:



smbd version 3.0.7 started.

  Copyright Andrew Tridgell and the Samba Team 1992-2004

[2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435)

  Unknown parameter encountered: "domain admin group"

[2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125)

  Ignoring unknown parameter "domain admin group"

[2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435)

  Unknown parameter encountered: "domain admin user"

[2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125)

  Ignoring unknown parameter "domain admin user"

[2004/10/26 11:29:50, 2] param/loadparm.c:do_section(3407)

  Processing section "[netlogon]"



And here?s what?s in my smb.conf file:



[global]



            Netbios name = Server

            Server string = PDC

            Workgroup = HOMEUSE

            Passdb backend = smbpasswd

            os level = 33

            preferred master = yes

            domain master = yes

            local master = yes

            domain logons = yes

            hide dot files = yes

            security = user

            invalid users = bin daemon sys man postfix mail ftp

            domain admin group = @admin

            domain admin user = root

            encrypt passwords = yes

            log level = 2

            log file = /var/log/samba/log.%L

            max log size = 1000

            debug timestamp = yes

            syslog = 1

            add user script = /usr/sbin/useradd ?d /dev/null ?g 100 ?s
/bin/false ?m %u



[netlogon]



            path = /home/samba/netlogon

            read only = yes

            write list = @admin



Here?s what appears in my logfile (changed loglevel to 5 for this)



[2004/10/26 11:43:15, 3] smbd/process.c:switch_message(887)

  switch message SMBtrans (pid 8613) conn 0x83a6130

[2004/10/26 11:43:15, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 502) - sec_ctx_stack_ndx = 0

[2004/10/26 11:43:15, 5] auth/auth_util.c:debug_nt_user_token(491)

  NT user token of user S-1-5-21-1861440459-1144414950-1732935726-2008

  contains 5 SIDs

  SID[  0]: S-1-5-21-1861440459-1144414950-1732935726-2008

  SID[  1]: S-1-5-21-1861440459-1144414950-1732935726-2005

SID[  2]: S-1-1-0

  SID[  3]: S-1-5-2

  SID[  4]: S-1-5-11

[2004/10/26 11:43:15, 5] auth/auth_util.c:debug_unix_user_token(505)

  UNIX token of user 0

  Primary group is 502 and contains 1 supplementary groups

  Group[  0]: 502

[2004/10/26 11:43:15, 5] smbd/uid.c:change_to_user(281)

  change_to_user uid=(0,0) gid=(0,502)

[2004/10/26 11:43:15, 3] smbd/ipc.c:reply_trans(538)

  trans <\PIPE\> data=44 params=0 setup=2

[2004/10/26 11:43:15, 5] smbd/ipc.c:reply_trans(557)

  calling named_pipe

[2004/10/26 11:43:15, 3] smbd/ipc.c:named_pipe(334)

  named pipe command on <> name

[2004/10/26 11:43:15, 5] smbd/ipc.c:api_fd_reply(267)

  api_fd_reply

[2004/10/26 11:43:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1170)

  search for pipe pnum=7517

[2004/10/26 11:43:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1174)

  pipe name lsarpc pnum=7517 (pipes_open=1)



Another section:



[2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296)

  change_to_root_user: now uid=(0,0) gid=(0,0)

[2004/10/26 11:43:16, 3] smbd/service.c:close_cnum(837)

  chris (192.168.2.101) closed connection to service IPC$

[2004/10/26 11:43:16, 3] smbd/connection.c:yield_connection(69)

  Yielding connection to IPC$

[2004/10/26 11:43:16, 4] smbd/vfs.c:vfs_ChDir(654)

  vfs_ChDir to /

[2004/10/26 11:43:16, 3] smbd/sec_ctx.c:set_sec_ctx(288)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2004/10/26 11:43:16, 5] auth/auth_util.c:debug_nt_user_token(486)

  NT user token: (NULL)

[2004/10/26 11:43:16, 5] auth/auth_util.c:debug_unix_user_token(505)

  UNIX token of user 0

  Primary group is 0 and contains 0 supplementary groups

[2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296)

  change_to_root_user: now uid=(0,0) gid=(0,0)

[2004/10/26 11:43:16, 5] lib/util.c:show_msg(439)

[2004/10/26 11:43:16, 5] lib/util.c:show_msg(449)





Those seem to be the relevant sections although I am not sure, let me
know if you just want me to post the entire logfile. Any help with this
problem would be appreciated as I would really like to get this up and
running.

Gustavo Lima wrote:
> On the other office I?m using the same system and both are linked with 
> a 256k Frame-relay connection. The domain is called other-dom. In the 
> mais office I have a firewall where is connected my LAN in one iface, 
> internet connection in the second iface and on third is connected the 
> router that establishes the frame-relay connection. The security guys 
> said me there?s no rule blocking 137, 139 or 445 traffic. Is there any 
> other port used by samba or WINS?
Depending on authentication methods
389   ldap
636   ldaps
88    kerberos
749   kerberos admin

Mostly just 389 & perhaps 88.

Hope it helps.

Regards, Doug

Doug,

I forgot to mention the other ports. They are already free to go.

Thank?s anyway,

Gustavo
----- Original Message ----- 
From: "Doug VanLeuven" <roamdad@sonic.net>
To: "Gustavo Lima" <listas@opendf.com.br>
Cc: <samba@lists.samba.org>
Sent: Wednesday, October 27, 2004 4:54 PM
Subject: Re: [Samba] Samba on WAN

> Gustavo Lima wrote:
>
>> On the other office I?m using the same system and both are linked with
a
>> 256k Frame-relay connection. The domain is called other-dom. In the
mais
>> office I have a firewall where is connected my LAN in one iface,
internet
>> connection in the second iface and on third is connected the router
that
>> establishes the frame-relay connection. The security guys said me
there?s
>> no rule blocking 137, 139 or 445 traffic. Is there any other port used
by
>> samba or WINS?
>
> Depending on authentication methods
> 389   ldap
> 636   ldaps
> 88    kerberos
> 749   kerberos admin
>
> Mostly just 389 & perhaps 88.
>
> Hope it helps.
>
> Regards, Doug
>

Paul,

Here's what I've done but I'm still receiving the same error
message:

1) I've removed the domain admin user & domain admin group from the
smb.conf file
2) I've switched from the smbpasswd backend to tdbsam
3) I've changed smbpasswd to smbpassw.old
4) I've added the root user to the tdbsam database via pdbedit -a -u
root and it gives me this output which seems to look just fine to me:


Trying to load: tdbsam
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Netbios name list:-
my_netbios_names[0]="SERVER"
Trying to load: tdbsam
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
Finding user root
Trying _Get_Pwnam(), username as lowercase is root
Get_Pwnam_internals did find user [root]!
Home server: server
Home server: server
new password:
retype new password:
TDBSAM version too old (0), trying to convert it.
TDBSAM converted successfully.
Storing (new) account root with RID 1000
Home server: server
Home server: server
Unix username:        root
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1861440459-1144414950-1732935726-1000
Primary Group SID:    S-1-5-21-1861440459-1144414950-1732935726-1001
Full Name:            root
Home Directory:       \\server\root
HomeDir Drive:
Logon Script:
Profile Path:         \\server\root\profile
Domain:               ECHOFIENDS
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 20:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 20:14:07 GMT
Password last set:    Wed, 27 Oct 2004 13:30:16 GMT
Password can change:  Wed, 27 Oct 2004 13:30:16 GMT
Password must change: Mon, 18 Jan 2038 20:14:07 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

I'm really stumped now, any other suggestions?