Anthony Linux
2006-May-04 12:56 UTC
[Samba] Samba file server -- samba domain join problem
Hello, I recently upgraded a network to FC3 from RH9 (I know, I know, behind the times). The network is small: one PDC, one file server. The PDC (Samba, LDAP, DNS, DHCP all on FC3) is running fine. Seamless between linux logins and windows XP. Users can log in, see the shares, mount drives. The second file server is just going to be an NFS and Samba server. The plan is to use security=domain and share everything the same way the PDC does. Two problems: first, it did not want to join the domain. I kept trying "net rpc join", it prompts for a password and tells me the password is incorrect. I checked the logs and it said something about not allowing NTLMv1 for root. So I set "client ntlmv2 auth = yes" and it allowed me to join the domain. So far so good, right? When I try to open the share it prompts for a username and password. When I type valid ones in, it rejects them and upgrades their bad password count (so the PDC is seeing an attempt to access the share). The log files only say NT_STATUS_WRONG_PASSWORD for the user account. I have looked through the HOWTO and searched google, but can't seem to find anything on this. Sad thing is, I remember this being really, really easy the last time I did it. Any ideas? Thanks, Anthony my simplified smb.conf (I have tried many other options like wins settings to no avail). workgroup=MYNET security=domain password server = MYPDC ntlmv2 client auth = yes encrypt passwords = yes [Share info ...]
Anthony Linux
2006-May-04 17:59 UTC
[Samba] Re: Samba file server -- samba domain join problem
Nevermind, I got it fixed. I changed security=domain to security=user and copied over all my ldap information (ou=Groups, ou=Users, etc). I then added the manager password with smbpasswd -w <PW> and everything works great now. It seems like 3.0.10 for FC3 does not pass the password encrypted the way the PDC is expecting it. It resolved the users fine, but something broke when trying to verify passwords. This fix is also nice because I can easily turn the second server into a BDC if necessary, although I would want to replicate my ldap database there first (no point having a BDC get user info from a PDC LDAP server that crashed! :-) Hopefully this will help some people I saw who had similar problems but no responses. Anthony On 5/4/06, Anthony Linux <anthony.linux@gmail.com> wrote:> > Hello, > I recently upgraded a network to FC3 from RH9 (I know, I know, behind the > times). > > The network is small: one PDC, one file server. The PDC (Samba, LDAP, > DNS, DHCP all on FC3) is running fine. Seamless between linux logins and > windows XP. Users can log in, see the shares, mount drives. > > The second file server is just going to be an NFS and Samba server. The > plan is to use security=domain and share everything the same way the PDC > does. > > Two problems: first, it did not want to join the domain. I kept trying > "net rpc join", it prompts for a password and tells me the password is > incorrect. I checked the logs and it said something about not allowing > NTLMv1 for root. So I set "client ntlmv2 auth = yes" and it allowed me to > join the domain. > > So far so good, right? > > When I try to open the share it prompts for a username and password. When > I type valid ones in, it rejects them and upgrades their bad password count > (so the PDC is seeing an attempt to access the share). The log files only > say NT_STATUS_WRONG_PASSWORD for the user account. > > I have looked through the HOWTO and searched google, but can't seem to > find anything on this. Sad thing is, I remember this being really, really > easy the last time I did it. > > Any ideas? > Thanks, > Anthony > > my simplified smb.conf (I have tried many other options like wins settings > to no avail). > > workgroup=MYNET > security=domain > password server = MYPDC > ntlmv2 client auth = yes > encrypt passwords = yes > > [Share info ...] >