Hi all, I try to join samba3 to NT4 domain: My smb.conf is following: [global] workgroup = MYDOM netbios name = LANSERVER server string = Samba Server security = domain hosts allow = 10. 127. log file = /var/log/samba/log.%m max log size = 50 password server = PDC #encrypt passwords = yes #winbind uid = 10000-20000 #winbind gid = 10000-20000 idmap uid = 15000-20000 idmap gid = 15000-20000 winbind use default domain = yes template homedir = /home/%U template shell = /bin/csh #winbind separator = + winbind enum users = yes winbind enum groups = yes nt acl support = yes local master = no dns proxy = no dos charset = 866 unix charset = KOI8-U auth methods = winbind socket options = TCP_NODELAY I type: %net rpc testjoin -U Administrator [2005/12/06 16:52:45, 0] utils/net_rpc_join.c:net_rpc_join_ok(65) Join to domain 'HQ' is not valid % What may be wrong? %pkg_info -Ia|grep samba samba-3.0.20b,1 A free SMB and CIFS client and server for UNIX OS is FreeBSD 5.3. %cat /var/db/ports/samba3/options # This file is auto-generated by 'make config'. # No user-servicable parts inside! # Options for samba-3.0.20b,1 _OPTIONS_READ=samba-3.0.20b,1 WITH_LDAP=true WITHOUT_ADS=true WITHOUT_CUPS=true WITH_WINBIND=true WITHOUT_ACL_SUPPORT=true WITHOUT_AIO_SUPPORT=true WITH_SYSLOG=true WITH_QUOTAS=true WITH_UTMP=true WITHOUT_MSDFS=true WITHOUT_SAM_XML=true WITHOUT_SAM_MYSQL=true WITHOUT_SAM_PGSQL=true WITHOUT_SAM_OLD_LDAP=true WITHOUT_PAM_SMBPASS=true WITHOUT_EXP_MODULES=true WITH_POPT=true On another PC all works fine. One difference - I use samba-3.0.12_1,1 on that PC.
On Tue, 2005-12-06 at 16:59 +0200, Kryol wrote:> Hi all, > I try to join samba3 to NT4 domain: > My smb.conf is following: > > [global] > workgroup = MYDOM > netbios name = LANSERVER > server string = Samba Server > security = domain---- from smb.conf SECURITY = DOMAIN This mode will only work correctly if net(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do. Note that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to. You might want to try 'net join -S NETBIOS_NAME_OF_PDC -U Administrator' I also wonder if in your configuration...> password server = PDCis 'PDC' really the NETBIOS name of your primary domain controller? and note that it probably would help to have a line in smb.conf something like... wins server = IP_ADDRESS_OF_YOUR_WINS_SERVER Craig
-----Original Message----- From: Franz Strebel <franz.strebel@gmail.com> To: Kryol <okrg@ukr.net> Date: Wed, 7 Dec 2005 08:49:27 +0100 Subject: Re: Re[5]: [Samba] Joining Samba3 to NT4 domain problem> I wonder if it could be as simple as adding the computer on PDC > first via Server Manager on PDC. Then after adding it, try > > net join .... >I tried to do this already. But I tried: net rpc testjoin... All errors are same.
-----Original Message----- From: "Kryol" <okrg@ukr.net> To: samba@lists.samba.org Date: Wed, 07 Dec 2005 09:55:14 +0200 Subject: Re[7]: [Samba] Joining Samba3 to NT4 domain problem> > -----Original Message----- > From: Franz Strebel <franz.strebel@gmail.com> > To: Kryol <okrg@ukr.net> > Date: Wed, 7 Dec 2005 08:49:27 +0100 > Subject: Re: Re[5]: [Samba] Joining Samba3 to NT4 domain problem > > > I wonder if it could be as simple as adding the computer on PDC > > first via Server Manager on PDC. Then after adding it, try > > > > net join .... > > >Joined successfully. But another problem appears. lanserver# id Administrator uid=15000(administrator) gid=15000(Domain Users) groups=15000(Domain Users) lanserver# Compare with (from another samba): ws170101# id Administrator uid=15000(administrator) gid=15002(domain users) groups=15002(domain users), 15000 (domain admins), 15003(exchange users), 15011(wsp) ws170101# How to resolve?
-----Original Message----- From: "Kryol" <okrg@ukr.net> To: samba@lists.samba.org Date: Wed, 07 Dec 2005 10:15:35 +0200 Subject: Re[8]: [Samba] Joining Samba3 to NT4 domain problem> > -----Original Message----- > From: "Kryol" <okrg@ukr.net> > To: samba@lists.samba.org > Date: Wed, 07 Dec 2005 09:55:14 +0200 > Subject: Re[7]: [Samba] Joining Samba3 to NT4 domain problem > > > > > -----Original Message----- > > From: Franz Strebel <franz.strebel@gmail.com> > > To: Kryol <okrg@ukr.net> > > Date: Wed, 7 Dec 2005 08:49:27 +0100 > > Subject: Re: Re[5]: [Samba] Joining Samba3 to NT4 domain problem > > > > > I wonder if it could be as simple as adding the computer on PDC > > > first via Server Manager on PDC. Then after adding it, try > > > > > > net join .... > > > > > > > Joined successfully. > > But another problem appears. > > lanserver# id Administrator > uid=15000(administrator) gid=15000(Domain Users) groups=15000(Domain Users) > lanserver# > > Compare with (from another samba): > > ws170101# id Administrator > uid=15000(administrator) gid=15002(domain users) groups=15002(domain users), 15000 > (domain admins), 15003(exchange users), 15011(wsp) > ws170101# > > How to resolve?Also during winbindd startup I see: Dec 7 10:10:05 lanserver winbindd[79689]: [2005/12/07 10:10:05, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) Dec 7 10:10:05 lanserver winbindd[79689]: rpc_pipe_bind failed Later another message appears: Dec 7 10:25:29 lanserver smbd[79749]: [2005/12/07 10:25:29, 0] lib/util_sock.c:read_data(526) Dec 7 10:25:29 lanserver smbd[79749]: read_data: read failure for 4 bytes to client 10.200.5.35. Error = Connection reset by peer