Hey guys,
I configured Samba do be the domain controller for my network and to
share folders. the folder sharing works great. The problem is that
the domain function does not work at all. I cannot join the domain
from any workstation. It just says that the controller cannot be
contacted. I ran an Ethereal sniff on the packets and the computer
that i want to be PDC is sending ICMP Destination unreachable packets
in response to the NBNS Name Query. Here is the packet that the
workstation is sending to the server.
0000 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ........ ......E.
0010 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N...... .S......
0020 01 62 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.....: .N.c....
0030 00 00 00 00 00 00 20 46 46 46 44 45 43 45 4a 45 ...... F FFDECEJE
0040 4f 45 48 45 50 43 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC
0050 41 43 41 43 41 42 4d 00 00 20 00 01 ACACABM. . ..
The config file that i am using (not including shares that have
nothing to do with the domain controller). I do not want roaming
profiles.
#NetBIOS settings
netbios name = FILESERVER
workgroup = USBINGO
server string = File Server
log file = /var/log/samba/log.%m
max log size = 50
time server = yes
hide dot files = yes
log level = 1
#Security settings
security = user
domain logons = yes
encrypt passwords = yes
#Turn on the WINS server
wins support = yes
#Make sure that Samba is the master browser and domain master browser
domain master = yes
local master = yes
preferred master = yes
os level = 65
add user script = /usr/sbin/useradd -d /dev/null
-g 100 -s /bin/false -M %u
[netlogon]
path = /files/netlogon
writable = no
browsable = no
Thanks,
-Mark
Mark Ratering
2005-Mar-29 22:10 UTC
[Samba] Re: Primard Domain Controller feature not working
Well, i fixed it. nmbd wasn't working. now i am having another problem! I am using the 'using samba' book from o'reilly and it says that the parameter "domain admin group" is obsoleted in samba 3.0 I am using 3.0 and i cant add computers to the domain. What is the replacement/workaround for it? On Tue, 29 Mar 2005 12:35:56 -0800, Mark Ratering <thinkaboutit@gmail.com> wrote:> Hey guys, > > I configured Samba do be the domain controller for my network and to > share folders. the folder sharing works great. The problem is that > the domain function does not work at all. I cannot join the domain > from any workstation. It just says that the controller cannot be > contacted. I ran an Ethereal sniff on the packets and the computer > that i want to be PDC is sending ICMP Destination unreachable packets > in response to the NBNS Name Query. Here is the packet that the > workstation is sending to the server. > > 0000 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ........ ......E. > 0010 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N...... .S...... > 0020 01 62 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.....: .N.c.... > 0030 00 00 00 00 00 00 20 46 46 46 44 45 43 45 4a 45 ...... F FFDECEJE > 0040 4f 45 48 45 50 43 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC > 0050 41 43 41 43 41 42 4d 00 00 20 00 01 ACACABM. . .. > > The config file that i am using (not including shares that have > nothing to do with the domain controller). I do not want roaming > profiles. > > #NetBIOS settings > netbios name = FILESERVER > workgroup = USBINGO > server string = File Server > > log file = /var/log/samba/log.%m > max log size = 50 > time server = yes > hide dot files = yes > log level = 1 > > #Security settings > security = user > domain logons = yes > encrypt passwords = yes > > #Turn on the WINS server > wins support = yes > > #Make sure that Samba is the master browser and domain master browser > domain master = yes > local master = yes > preferred master = yes > os level = 65 > > add user script = /usr/sbin/useradd -d /dev/null > -g 100 -s /bin/false -M %u > > [netlogon] > path = /files/netlogon > writable = no > browsable = no > > Thanks, > -Mark >-- Mark Ratering A+, CCNP 248-437-1938
Mark Ratering
2005-Mar-29 23:37 UTC
[Samba] Re: Primard Domain Controller feature not working
When i use a username and password that does not have root privilages in the windows that pops up after i try to join the domain on the windows box i get the "Access is denied" error. On Tue, 29 Mar 2005 15:29:22 -0800, Tom Skeren <tms3@fsklaw.net> wrote:> Mark Ratering wrote: > I already did that. When i type in a user that does not have root > permissions it says "Access is denied" I don't know what that means. What > do you mean by: > When i type in a user that does not have root Where is this done? By what > user? Please be specific as to what you are doing. > > > On Tue, 29 Mar 2005 14:47:50 -0800, Tom Skeren <tms3@fsklaw.net> wrote: > Mark Ratering wrote: I tried using root and i get the error "The username > could not be found" As root type smbpasswd -a root On Tue, 29 Mar 2005 > 16:31:19 -0600, Paul Gienger <pgienger@ae-solutions.com> wrote: problem! I > am using the 'using samba' book from o'reilly and it says that the parameter > "domain admin group" is obsoleted in samba 3.0 I A good way to do that would > be creating a unix group that you want to be mapped to Domain Admins, map it > and assign it the appropriate SID (you can look into the source for the > smbldap-tools to get it in plain text). Then you simply add users to it. am > using 3.0 and i cant add computers to the domain. Either use root (properly > added as a samba user) or another user with uid=0, or use the privilege > delegation tools in recent versions. I believe the version that started with > them was 3.0.9. The documentation at samba.org (the howto and by example) > should be your guide as they are updated for the current version. On Tue, 29 > Mar 2005 12:35:56 -0800, Mark Ratering <thinkaboutit@gmail.com> wrote: Hey > guys, I configured Samba do be the domain controller for my network and to > share folders. the folder sharing works great. The problem is that the > domain function does not work at all. I cannot join the domain >from any > workstation. It just says that the controller cannot be contacted. I ran an > Ethereal sniff on the packets and the computer that i want to be PDC is > sending ICMP Destination unreachable packets in response to the NBNS Name > Query. Here is the packet that the workstation is sending to the server. > 0000 00 11 11 ba 82 1a 00 0a e6 d5 fa b4 08 00 45 00 ........ ......E. 0010 > 00 4e 01 fb 00 00 80 11 b4 53 c0 a8 01 9e c0 a8 .N...... .S...... 0020 01 62 > 00 89 00 89 00 3a 81 4e 80 63 01 00 00 01 .b.....: .N.c.... 0030 00 00 00 00 > 00 00 20 46 46 46 44 45 43 45 4a 45 ...... F FFDECEJE 0040 4f 45 48 45 50 43 > 41 43 41 43 41 43 41 43 41 43 OEHEPCAC ACACACAC 0050 41 43 41 43 41 42 4d 00 > 00 20 00 01 ACACABM. . .. The config file that i am using (not including > shares that have nothing to do with the domain controller). I do not want > roaming profiles. #NetBIOS settings netbios name = FILESERVER workgroup > USBINGO server string = File Server log file = /var/log/samba/log.%m max log > size = 50 time server = yes hide dot files = yes log level = 1 #Security > settings security = user domain logons = yes encrypt passwords = yes #Turn > on the WINS server wins support = yes #Make sure that Samba is the master > browser and domain master browser domain master = yes local master = yes > preferred master = yes os level = 65 add user script = /usr/sbin/useradd -d > /dev/null -g 100 -s /bin/false -M %u [netlogon] path = /files/netlogon > writable = no browsable = no Thanks, -Mark -- Paul Gienger Office: > 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 > URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com >-- Mark Ratering A+, CCNP 248-437-1938
Mark Ratering
2005-Apr-07 22:19 UTC
[Samba] Re: How to turn off roaming profiles while holding onto logon scripts.
nevermind, I will google before posting next time. On Apr 7, 2005 10:15 PM, Mark Ratering <thinkaboutit@gmail.com> wrote:> I have a Samba server acting as my PDC and i need roaming profiles > turned off. How do i turn roaming profiles off while mantaining the > ability to have logon scripts? > > Thanks ahead of time, > -Mark >-- Mark Ratering A+, CCNP 248-437-1938
Mark Ratering
2005-Apr-08 14:25 UTC
[Samba] Re: How to turn off roaming profiles while holding ontologon scripts.
I just added the line: logon path to the config. There is no paramater. --Mark On Apr 8, 2005 6:52 AM, Jason Balicki <kodak@frontierhomemortgage.com> wrote:> Mark Ratering <> wrote: > > nevermind, I will google before posting next time. > > As an aside, it's common courtesy that if you've posted > to the list and found an answer yourself, you post your > answer as well. > > That way, the next poor soul who searches for "turn off > roaming profiles logon scripts" won't find your message > and see "oh, I found it" with no answer and be forced > to curse you from afar "why didn't he just put the > damn answer in his message, or at least a link? Would > that have been too much to ask? Argh!" > > I say this from experience. :) > > Oh, and, client side. :) > > --J(K) > >-- Mark Ratering A+, CCNP 248-437-1938
Jason Balicki
2005-Apr-08 14:37 UTC
[Samba] Re: How to turn off roaming profiles while holdingontologon scripts.
Mark Ratering <> wrote:> I just added the line: > > logon path> > to the config. There is no paramater.On XP and 2k (at least) roaming profiles can be turned off client side as well (right click my computer, go to properties, advanced, profiles, settings.) You can set profiles to be local here and mix local/roaming profiles if need be. --J(K)