[TriLUG] Help with SAMBA acting as PDC for windows

Mark Fowle mark at thefowles.com
Wed Oct 5 11:23:57 EDT 2005


If you removed it, it should be gone -- you can restart samba to be safe.

>From what I've read - you have to have an Administrator account on the
unix side -- any other user wont work  -- (at least I've never been able
to myself) --

> Also, is there somewhere some file hidden with cache info from the
> previous workstation name in samba?
>
> Reason I ask is because this workstation was already in the WEBNET domain
> under
> a name called j-madios$, but I did remove that machine account before I
> tried to join
> the n-pace$ machine account.
>
> Not sure if that is relevant here.
>
>
> JD Henderson
> <http://www.landemonium.com>
> email - jd at savagegeek.com
> mobile - 919-649-5589
>
>
> ________________________________
>
> From: trilug-bounces at trilug.org on behalf of Mark Fowle
> Sent: Wed 10/5/2005 10:55 AM
> To: Triangle Linux Users Group discussion list
> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>
>
>
> Hmmmm....   is the workstation being added in uppercase?  It should show
> up in both your /etc/passwd and smbpasswd  -   another thing to check - is
> the user you are using added in smbpasswd as well?
>
>
>> Well I tried "administrator" as well but the same error happens.
>>
>> attempting to join the domain WEBNET: Access is denied
>>
>> But some other info as well.
>>
>> If you have for instance this workstation on the domain before with a
>> different workstation name, and then
>> remove it by using:
>> smbpasswd -x workstation$
>> and then remove it from the /etc/passwd file as well as the /etc/shadow
>> file....
>>
>> That does get rid of the account and the associated MAC address of the
>> previous workstation's SID right?
>>
>> Not sure if the SAMBA server uses SID's or not like NT does, but just
>> wondering.
>>
>> Thanks
>>
>> JD Henderson
>> <http://www.landemonium.com>
>> email - jd at savagegeek.com
>> mobile - 919-649-5589
>>
>>
>> ________________________________
>>
>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>> Sent: Wed 10/5/2005 10:27 AM
>> To: Triangle Linux Users Group discussion list
>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>
>>
>>
>> the user that you use to to add a system to the domain must be in the
>> Admin group
>> root = admin administrator @it
>>
>> Mark
>>
>>> Yes, This is the contents of the smbusers file
>>>
>>> # Unix_name = SMB_name1 SMB_name2 ...
>>> root = admin administrator
>>> nobody = guest pcguest smbguest
>>> it = @it
>>> oranet = @oranet
>>> dmerkle = dmerkle
>>>
>>>
>>> I am a member of the "it" group.
>>>
>>> The it group is on a NIS server acting as a group that I am a member.
>>>
>>> BTW, I am coming into this postion with this already in place, but had
>>> something
>>> like this in place at another location.
>>>
>>> Thanks.
>>>
>>> JD Henderson
>>> <http://www.landemonium.com>
>>> email - jd at savagegeek.com
>>> mobile - 919-649-5589
>>>
>>>
>>> ________________________________
>>>
>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>> Sent: Wed 10/5/2005 10:00 AM
>>> To: Triangle Linux Users Group discussion list
>>> Subject: Re: [TriLUG] Help with SAMBA acting as PDC for windows
>>>
>>>
>>>
>>> Just curious - is the user you are trying to use to add the machine to
>>> the
>>> domain in the smbusers file and associated with root?
>>>
>>> - Mark
>>>
>>>> Hello,
>>>>
>>>> I have a situation that is happening to one of my Windows XP
>>>> workstations
>>>> trying to connect
>>>> to a SAMBA server acting as a Primary Domain Controller.  So to begin
>>>> with, the server is
>>>> a RedHat Fedora Core 3 Running SAMBA version 3.0.10-1.fc3
>>>>
>>>> So what is happening is when I am trying to join the machine account
>>>> to
>>>> our "WEBNET" domain,
>>>> the error on the Windows XP workstation is " The following error
>>>> occurred
>>>> attempting to join the domain WEBNET: Access is denied
>>>>
>>>> Now, I am using a valid username to authenticate the machine account,
>>>> and
>>>> the machine account exists
>>>> in the /etc/samba/smbpasswd file.  Also the machine account exists in
>>>> the
>>>> /etc/passwd and /etc/shadow file.
>>>>
>>>> entry in /etc/passwd file:
>>>> n-pace$:x:1105:105::Machine Account:/dev/null:/bin/false
>>>>
>>>> entry in /etc/shadow file:
>>>> n-pace$:!:13011:0:99999:7:::
>>>>
>>>> entry in /etc/samba/smbpasswd file
>>>> n-pace$:1105:498B3F3A1D654D56AAD3B435B51404EE:7C5D6F77A7C4A52F3F771BA178AD21D4:[W
>>>>          ]:LCT-4342E59A:
>>>>
>>>> Now I do know when getting the error above it means:
>>>> There isn't a machine account entered in smbpasswd for the computer
>>>> you're
>>>> attempting to have
>>>> join the domain, or the machine account is currently disabled. It's
>>>> also
>>>> possible that you're
>>>> trying to join the domain using an account name other than "root",
>>>> which
>>>> is required.
>>>>
>>>>
>>>> Also, this machine was on the domain as a different machine account,
>>>> but
>>>> I
>>>> removed the account from the /etc/passwd file /etc/shadow file, and
>>>> /etc/samba/smbpasswd file.
>>>>
>>>> Can anybody help?
>>>>
>>>> Thank you very much
>>>>
>>>> JD Henderson
>>>> <http://www.landemonium.com>
>>>> email - jd at savagegeek.com
>>>> mobile - 919-649-5589
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>>
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/




More information about the TriLUG mailing list