Ok...I can't believe I'm still struggling with this!!! I've setup a SAMBA server using ARCH Linux 0.7 (Wombat) *what a distro!!* and everything is fine except when it comes to adding machines to the domain (aaarrrgghh). When I try to do it via windows, I get "the domain is no longer available". So I add a machine account manually, then go to windows and walla, I get the same error What I've done : useradd -g wheel -pxxxx admin smbpasswd -a admin --------- I then supply this username/passwd when asked in windows while adding to domain -----> error Then out of frustration I added root: --------- smbpasswd -a root ---------------- still no joy.... Then I added the machine account manually as root ----------------- useradd <machinename>$ smbpasswd -a -m <machinename>$ ---------------- still get the error....(even after samba restart) ---------------- my smb.conf file: [global] workgroup = xxxxxxxx netbios name = xxxxxxxx passdb backend = tdbsam printcap name = cups hosts allow - 10.0.0.0/255.255.0.0 add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u # Note: The following specifies the default logon script. # Per user logon scripts can be specified in the user account using pdbedit logon script = scripts\logon.bat # This sets the default profile path. Set per user paths with pdbedit logon path logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 printing = cups [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /etc/samba/netlogon admin users = root guest ok = Yes browseable = No Thanks guys! Alfred (ready to pull his own fingernails with pliers) Payne
Alfred, Please do not extricate your finger nails with a precision instrument, such as a pair of pliers. May I suggest that you follow the appropriate chapter of the book "Samba-3 by Example" (aka. Samba-Guide). The first 6 chapters document 8 complete network configurations that go all the way from the simplest design to a rather complex design. Each chapter is designed to be stand-alone. The benefit of following the step-by-step implementation that is documented in this book is that it reduces the overhead for those who wish to assist you when things go wrong. The benefit you get from following this book is that you have guidance that is known to work. In respect of your smb.conf file, please escape your macros using either single or double quotes. So, for example: add user script = /usr/sbin/useradd -m "%u" has the %u macro quoted so that the value of the macro will not have undesirable side-effects, such as when a name has a space in it. Also, please be aware that some versions of the Linux utilities that provide the user and group management tools have adopted draconian policies that prevents the addition of user and group names that contain upper-case characters and non-alphanumeric characters. Since machine names may be upper or lower case, and conntains a '$' character the use of the more restrictive shadow-utils package (and it's related equivalents) are potential road-blocks to Samba deployment. Cheers, John T. On Friday 03 June 2005 07:19, Alfred Payne wrote:> Ok...I can't believe I'm still struggling with this!!! > > I've setup a SAMBA server using ARCH Linux 0.7 (Wombat) *what a > distro!!* and everything is fine except when it comes to adding > machines to the domain (aaarrrgghh). When I try to do it via windows, I > get "the domain is no longer available". So I add a machine account > manually, then go to windows and walla, I get the same error > > What I've done : > > useradd -g wheel -pxxxx admin > smbpasswd -a admin > > --------- > I then supply this username/passwd when asked in windows while adding to > domain -----> error > Then out of frustration I added root: > --------- > > smbpasswd -a root > > ---------------- > still no joy.... > Then I added the machine account manually as root > ----------------- > > useradd <machinename>$ > smbpasswd -a -m <machinename>$ > > ---------------- > still get the error....(even after samba restart) > ---------------- > > my smb.conf file: > > [global] > workgroup = xxxxxxxx > netbios name = xxxxxxxx > passdb backend = tdbsam > printcap name = cups > hosts allow - 10.0.0.0/255.255.0.0 > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/userdel -r %u > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/groupmod -A %u %g > delete user from group script = /usr/sbin/groupmod -R %u %g > add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u > # Note: The following specifies the default logon script. > # Per user logon scripts can be specified in the user account using pdbedit > logon script = scripts\logon.bat > # This sets the default profile path. Set per user paths with pdbedit > logon path > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 35 > preferred master = Yes > domain master = Yes > idmap uid = 15000-20000 > idmap gid = 15000-20000 > printing = cups > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /etc/samba/netlogon > admin users = root > guest ok = Yes > browseable = No > > > Thanks guys! > Alfred (ready to pull his own fingernails with pliers) Payne-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
Folks,
I have a samba 3 (Fedora 3) PDC which has been working fine for some time now
with a roaming profile. I've just reinstalled Windows XP SP2 on my main work
machine. I remembered to set the three "*seal*" registry flags to 0,
and
joined the computer (which has the same textual name as before) to the domain.
All well so far. Trying to log in as local user works. That user can access
samba shares also. I also managed to join the domain ok.
The problem is that something prevents me from logging in to roaming profile
user defined on the PDC. The only diagnostic samba messages I get are:
[2005/06/03 14:56:39, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766)
_net_sam_logon: user HOME\rivimey has user sid
S-1-5-21-117080783-426460007-1280929931-2002
but group sid S-1-5-32-547.
The conflicting domain portions are not supported for NETLOGON calls
I eventually found a note on the net about using gpedit.msc not checking for
ownership of files, and set the policy: "Local Configuration/Administrative
Templates/System/User Profiles/Do not check for user ownership of Roaming
Profile Folders" => Enabled.
Having done that I took the computer out of the domain, rebooted twice, logged
in as admin and tried to take the machine back into the domain. Now it
doesn't
want to play: it says "a domain controller for the domain HOME could not be
contacted". Well, I restart samba and it agrees to join the domain.
Now, however, it complains that I can't log in to the roaming user because a
device has failed. There is no problem logging into the local accounts and I
can't see any warning or errors in the event log, nor can I see Devices
listed
in device manager that aren't working, nor Services set to
"automatic" that
aren't running (except "Security Center", which stopped
successfully when I
started it by hand).
What is going wrong?
Thanks
--
Ruth Ivimey-Cook
Software engineer and technical writer.