We put together a samba 3.0.x server to replace an nt domain
controller 3 weeks ago when our nt servers were being hit by and
unpatched/unpatchable vulnerability in nt. we went through numerous
howto's and other documents. The net rpc vampire seem to grab
everything fine. However, now when we attempt to add a machine to the
domain we get a failure.
looking through the log files we see
2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452)
NT user token: (NULL)
[2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319)
change_to_root_user: now uid=(0,0) gid=(0,0)
but no other obvious failure.
relevant portion of smb.conf
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel '%g'
add user script = /usr/sbin/useradd -m '%u'
add user to group script = /usr/sbin/groupmod -A '%u'
'%g'
delete user from group script = /usr/sbin/groupmod -R '%u'
'%g'
delete user script = /usr/sbin/userdel '%s'
add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s
/bin/false '%u'
idmap uid = 10000-20000
idmap gid = 10000-20000
We might have had a problem with our groupmaps but we were able to
resovle those with net groupmap modify commands. Now 'Domain Admins'
maps to group root. The user I add the machine as is a member of group
root.
Any pointers would be greatly appreciated.
btw, I posted on this problem 3 weeks ago and received no responses.
However, after googling for it, I did find someone responded but I
never received it. Please, if you have any advice post both to the
list and to me so I can follow the thread somewhere.
--
David Bear
phone: 602-496-0424
fax: 602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
"Beware the IP portfolio, everyone will be suspect of trespassing"
David, This might be able to help you with your problem: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html It solved mine. Dale David Bear wrote:> We put together a samba 3.0.x server to replace an nt domain > controller 3 weeks ago when our nt servers were being hit by and > unpatched/unpatchable vulnerability in nt. we went through numerous > howto's and other documents. The net rpc vampire seem to grab > everything fine. However, now when we attempt to add a machine to the > domain we get a failure. > > looking through the log files we see > 2006/10/09 17:29:21, 5] auth/auth_util.c:debug_nt_user_token(452) > NT user token: (NULL) > [2006/10/09 17:29:21, 5] auth/auth_util.c:debug_unix_user_token(473) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2006/10/09 17:29:21, 5] smbd/uid.c:change_to_root_user(319) > change_to_root_user: now uid=(0,0) gid=(0,0) > > but no other obvious failure. > > relevant portion of smb.conf > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel '%g' > add user script = /usr/sbin/useradd -m '%u' > add user to group script = /usr/sbin/groupmod -A '%u' '%g' > delete user from group script = /usr/sbin/groupmod -R '%u' '%g' > delete user script = /usr/sbin/userdel '%s' > add machine script = /usr/sbin/useradd -d /home/nohome -g 42 -s /bin/false '%u' > idmap uid = 10000-20000 > idmap gid = 10000-20000 > > We might have had a problem with our groupmaps but we were able to > resovle those with net groupmap modify commands. Now 'Domain Admins' > maps to group root. The user I add the machine as is a member of group > root. > > Any pointers would be greatly appreciated. > > btw, I posted on this problem 3 weeks ago and received no responses. > However, after googling for it, I did find someone responded but I > never received it. Please, if you have any advice post both to the > list and to me so I can follow the thread somewhere. > > >