I have been running Samba at home as a fileserver for a long time and I
have now been changing it to a PDC (later I want to try switching it to
an AD server as a learning experience prior to doing the same on a
server in work, which is already a PDC).I have got it to the point that
it logs onto the user account but not the machine account.
The local machine is called asus, the user account asususer, and the
domain is lunar.
I set up the user account asususer on the Samba server.I was able to
join the domain via the Computer properties & the Change button, and got
the expected “Welcome to LUNAR” message. This created the asus$ machine
account (in the “users” group).
If I try to log on to the domain from a Windows 7 PC as LUNAR\aceruser,
I get the following error (note that the machine account asus$ is set up):
The trust relationship between the workstation and the primary domain
failed.
…and the samba log shows:
[2016/01/03 15:46:17, 2] lib/access.c:check_access(323)
Allowed connection from(192.168.1.2)
[2016/01/03 15:46:17, 2] libsmb/credentials.c:creds_server_check(220)
creds_server_check: credentials check failed.
[2016/01/03 15:46:17, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
_net_auth2: creds_server_check failed. Rejecting auth request from
client ASUS machine account ASUS$
[2016/01/03 15:46:17, 2] libsmb/credentials.c:creds_server_check(220)
creds_server_check: credentials check failed.
[2016/01/03 15:46:17, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
_net_auth2: creds_server_check failed. Rejecting auth request from
client ASUS machine account ASUS$
[2016/01/03 15:46:32, 0] lib/util_sock.c:read_data(540)
read_data: read failure for 4 bytes to client 192.168.1.2. Error =
Connection reset by peer
If I then log on locally as ASUS\asususer, the computer does seem to log
on to the user account asususer on samba even though the machine account
seems to be rejected: I have access to my samba home directory as well
as the other shares without getting prompted for a password.The Samba
log shows:
[2016/01/03 15:37:56, 2] lib/access.c:check_access(323)
Allowed connection from(192.168.1.2)
[2016/01/03 15:38:08, 0] lib/util_sock.c:read_data(540)
read_data: read failure for 4 bytes to client 192.168.1.2. Error =
Connection reset by peer
[2016/01/03 15:38:28, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password:authentication for user [asususer] -> [asususer] ->
[asususer] succeeded
Any ideas on what I am doing wrong?
Note: During this conversion to a PDC, I had hit a few problems getting
it to this point.The server in work is running Ubuntu and I was using it
as a reference as much as I could (I know Ubuntu and CentOS do some
things differently). After doing a lot of reading, I had done the
following, which may not be right:
1) I originally tried setting up the machine account on the server, but
was getting an error like “…home directory already exists…did not copy
files from /skel”.I never found out what this problem was so I just
deleted this machine account and relied on Samba creating it
automatically when I would join the domain from a Windows computer (I
uncommented the lines in smb.conf for creating accounts and groups).
2) I had read that Samba may not like the way CentOS creates a group
with the same name as the user when creating an account, so after
creating asususer on the server I renamed its group to asususergrp.
3) I initially had “Access is denied” errors when attempting to get the
computer to join the domain: the samba log had
“check_ntlm_password:Authentication for user [root] -> [root] FAILED
with error NT_STATUS_NO_SUCH_USER”.I added root to the domadm group
(mapped to Domain Administrators) and did “smbpasswd –a root” and that
problem seemed to go away.
4) samba version from smbstatus is 3.0.33-3.40.el5_10
If you read this far, thanks!
Ciaran
