Ok folks I?m at my wit?s end here as I cannot seem to join the domain I setup under Samba version 3.0.7. Every time I try and join the domain with a user that has the power to add a machine to the domain it just says that the user does not exist. This happens with all accounts which I have specified in the smb.conf file as a user that can do this function. I have added those users via smbpasswd ?a <username> as well as username ?g admin <username> and they do show up in the smbpasswd file. Here?s what appears in my smbd.log file: smbd version 3.0.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435) Unknown parameter encountered: "domain admin group" [2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125) Ignoring unknown parameter "domain admin group" [2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435) Unknown parameter encountered: "domain admin user" [2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125) Ignoring unknown parameter "domain admin user" [2004/10/26 11:29:50, 2] param/loadparm.c:do_section(3407) Processing section "[netlogon]" And here?s what?s in my smb.conf file: [global] Netbios name = Server Server string = PDC Workgroup = HOMEUSE Passdb backend = smbpasswd os level = 33 preferred master = yes domain master = yes local master = yes domain logons = yes hide dot files = yes security = user invalid users = bin daemon sys man postfix mail ftp domain admin group = @admin domain admin user = root encrypt passwords = yes log level = 2 log file = /var/log/samba/log.%L max log size = 1000 debug timestamp = yes syslog = 1 add user script = /usr/sbin/useradd ?d /dev/null ?g 100 ?s /bin/false ?m %u [netlogon] path = /home/samba/netlogon read only = yes write list = @admin Here?s what appears in my logfile (changed loglevel to 5 for this) [2004/10/26 11:43:15, 3] smbd/process.c:switch_message(887) switch message SMBtrans (pid 8613) conn 0x83a6130 [2004/10/26 11:43:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 502) - sec_ctx_stack_ndx = 0 [2004/10/26 11:43:15, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1861440459-1144414950-1732935726-2008 contains 5 SIDs SID[ 0]: S-1-5-21-1861440459-1144414950-1732935726-2008 SID[ 1]: S-1-5-21-1861440459-1144414950-1732935726-2005 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 [2004/10/26 11:43:15, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 502 and contains 1 supplementary groups Group[ 0]: 502 [2004/10/26 11:43:15, 5] smbd/uid.c:change_to_user(281) change_to_user uid=(0,0) gid=(0,502) [2004/10/26 11:43:15, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2004/10/26 11:43:15, 5] smbd/ipc.c:reply_trans(557) calling named_pipe [2004/10/26 11:43:15, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2004/10/26 11:43:15, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2004/10/26 11:43:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1170) search for pipe pnum=7517 [2004/10/26 11:43:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1174) pipe name lsarpc pnum=7517 (pipes_open=1) Another section: [2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/10/26 11:43:16, 3] smbd/service.c:close_cnum(837) chris (192.168.2.101) closed connection to service IPC$ [2004/10/26 11:43:16, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2004/10/26 11:43:16, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to / [2004/10/26 11:43:16, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/26 11:43:16, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/10/26 11:43:16, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/10/26 11:43:16, 5] lib/util.c:show_msg(439) [2004/10/26 11:43:16, 5] lib/util.c:show_msg(449) Those seem to be the relevant sections although I am not sure, let me know if you just want me to post the entire logfile. Any help with this problem would be appreciated as I would really like to get this up and running.
Ok folks I?m at my wit?s end here as I cannot seem to join the domain I setup under Samba version 3.0.7. Every time I try and join the domain with a user that has the power to add a machine to the domain it just says that the user does not exist. This happens with all accounts which I have specified in the smb.conf file as a user that can do this function. I have added those users via smbpasswd ?a <username> as well as username ?g admin <username> and they do show up in the smbpasswd file. Here?s what appears in my smbd.log file: smbd version 3.0.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435) Unknown parameter encountered: "domain admin group" [2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125) Ignoring unknown parameter "domain admin group" [2004/10/26 11:29:50, 0] param/loadparm.c:map_parameter(2435) Unknown parameter encountered: "domain admin user" [2004/10/26 11:29:50, 0] param/loadparm.c:lp_do_parameter(3125) Ignoring unknown parameter "domain admin user" [2004/10/26 11:29:50, 2] param/loadparm.c:do_section(3407) Processing section "[netlogon]" And here?s what?s in my smb.conf file: [global] Netbios name = Server Server string = PDC Workgroup = HOMEUSE Passdb backend = smbpasswd os level = 33 preferred master = yes domain master = yes local master = yes domain logons = yes hide dot files = yes security = user invalid users = bin daemon sys man postfix mail ftp domain admin group = @admin domain admin user = root encrypt passwords = yes log level = 2 log file = /var/log/samba/log.%L max log size = 1000 debug timestamp = yes syslog = 1 add user script = /usr/sbin/useradd ?d /dev/null ?g 100 ?s /bin/false ?m %u [netlogon] path = /home/samba/netlogon read only = yes write list = @admin Here?s what appears in my logfile (changed loglevel to 5 for this) [2004/10/26 11:43:15, 3] smbd/process.c:switch_message(887) switch message SMBtrans (pid 8613) conn 0x83a6130 [2004/10/26 11:43:15, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 502) - sec_ctx_stack_ndx = 0 [2004/10/26 11:43:15, 5] auth/auth_util.c:debug_nt_user_token(491) NT user token of user S-1-5-21-1861440459-1144414950-1732935726-2008 contains 5 SIDs SID[ 0]: S-1-5-21-1861440459-1144414950-1732935726-2008 SID[ 1]: S-1-5-21-1861440459-1144414950-1732935726-2005 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 [2004/10/26 11:43:15, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 502 and contains 1 supplementary groups Group[ 0]: 502 [2004/10/26 11:43:15, 5] smbd/uid.c:change_to_user(281) change_to_user uid=(0,0) gid=(0,502) [2004/10/26 11:43:15, 3] smbd/ipc.c:reply_trans(538) trans <\PIPE\> data=44 params=0 setup=2 [2004/10/26 11:43:15, 5] smbd/ipc.c:reply_trans(557) calling named_pipe [2004/10/26 11:43:15, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2004/10/26 11:43:15, 5] smbd/ipc.c:api_fd_reply(267) api_fd_reply [2004/10/26 11:43:15, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1170) search for pipe pnum=7517 [2004/10/26 11:43:15, 5] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1174) pipe name lsarpc pnum=7517 (pipes_open=1) Another section: [2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/10/26 11:43:16, 3] smbd/service.c:close_cnum(837) chris (192.168.2.101) closed connection to service IPC$ [2004/10/26 11:43:16, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2004/10/26 11:43:16, 4] smbd/vfs.c:vfs_ChDir(654) vfs_ChDir to / [2004/10/26 11:43:16, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/10/26 11:43:16, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/10/26 11:43:16, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/10/26 11:43:16, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/10/26 11:43:16, 5] lib/util.c:show_msg(439) [2004/10/26 11:43:16, 5] lib/util.c:show_msg(449) Those seem to be the relevant sections although I am not sure, let me know if you just want me to post the entire logfile. Any help with this problem would be appreciated as I would really like to get this up and running.
Gustavo Lima wrote:> On the other office I?m using the same system and both are linked with > a 256k Frame-relay connection. The domain is called other-dom. In the > mais office I have a firewall where is connected my LAN in one iface, > internet connection in the second iface and on third is connected the > router that establishes the frame-relay connection. The security guys > said me there?s no rule blocking 137, 139 or 445 traffic. Is there any > other port used by samba or WINS?Depending on authentication methods 389 ldap 636 ldaps 88 kerberos 749 kerberos admin Mostly just 389 & perhaps 88. Hope it helps. Regards, Doug
Doug, I forgot to mention the other ports. They are already free to go. Thank?s anyway, Gustavo ----- Original Message ----- From: "Doug VanLeuven" <roamdad@sonic.net> To: "Gustavo Lima" <listas@opendf.com.br> Cc: <samba@lists.samba.org> Sent: Wednesday, October 27, 2004 4:54 PM Subject: Re: [Samba] Samba on WAN> Gustavo Lima wrote: > >> On the other office I?m using the same system and both are linked with a >> 256k Frame-relay connection. The domain is called other-dom. In the mais >> office I have a firewall where is connected my LAN in one iface, internet >> connection in the second iface and on third is connected the router that >> establishes the frame-relay connection. The security guys said me there?s >> no rule blocking 137, 139 or 445 traffic. Is there any other port used by >> samba or WINS? > > Depending on authentication methods > 389 ldap > 636 ldaps > 88 kerberos > 749 kerberos admin > > Mostly just 389 & perhaps 88. > > Hope it helps. > > Regards, Doug >
Paul, Here's what I've done but I'm still receiving the same error message: 1) I've removed the domain admin user & domain admin group from the smb.conf file 2) I've switched from the smbpasswd backend to tdbsam 3) I've changed smbpasswd to smbpassw.old 4) I've added the root user to the tdbsam database via pdbedit -a -u root and it gives me this output which seems to look just fine to me: Trying to load: tdbsam Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Netbios name list:- my_netbios_names[0]="SERVER" Trying to load: tdbsam Attempting to find an passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init Attempting to find an passdb backend to match guest (guest) Found pdb backend guest pdb backend guest has a valid init Finding user root Trying _Get_Pwnam(), username as lowercase is root Get_Pwnam_internals did find user [root]! Home server: server Home server: server new password: retype new password: TDBSAM version too old (0), trying to convert it. TDBSAM converted successfully. Storing (new) account root with RID 1000 Home server: server Home server: server Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-1861440459-1144414950-1732935726-1000 Primary Group SID: S-1-5-21-1861440459-1144414950-1732935726-1001 Full Name: root Home Directory: \\server\root HomeDir Drive: Logon Script: Profile Path: \\server\root\profile Domain: ECHOFIENDS Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 20:14:07 GMT Kickoff time: Mon, 18 Jan 2038 20:14:07 GMT Password last set: Wed, 27 Oct 2004 13:30:16 GMT Password can change: Wed, 27 Oct 2004 13:30:16 GMT Password must change: Mon, 18 Jan 2038 20:14:07 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF I'm really stumped now, any other suggestions?