[TriLUG] Help with SAMBA acting as PDC for windows

John-David Henderson jd at savagegeek.com
Wed Oct 5 12:19:49 EDT 2005


Hey Mark.

I got it to join.

Apparently I was using the wrong root password.

So root worked.

Only root will work in my situation.

Sill me.

Thank you for your help.

JD
Jd at savagegeek.com


 -----Original Message-----
From: 	Mark Fowle [mailto:mark at thefowles.com]
Sent:	Wed Oct 05 11:47:38 2005
To:	Triangle Linux Users Group discussion list
Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows

root doesn't work -- there is something that prevents it from working
right (there is something in V3 samba docs that mentions it - I just can't
remember off the top of my head)-

have you tried entering the machine name (/etc/passwd and smbpasswd) in
upper case?  The default in windows is UPPERCASE and it wont match lower
case in unix ....


> Ok
>
> Well I tried root as well, but still access denied.
>
> Very odd
>
>  -----Original Message-----
> From: 	Mark Fowle [mailto:mark at thefowles.com]
> Sent:	Wed Oct 05 11:34:47 2005
> To:	Triangle Linux Users Group discussion list
> Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows
>
> If you removed it, it should be gone -- you can restart samba to be safe.
>
>>From what I've read - you have to have an Administrator account on the
> unix side -- any other user wont work  -- (at least I've never been able
> to myself) --
>
>> Also, is there somewhere some file hidden with cache info from the
>> previous workstation name in samba?
>>
>> Reason I ask is because this workstation was already in the WEBNET
>> domain
>> under
>> a name called j-madios$, but I did remove that machine account before I
>> tried to join
>> the n-pace$ machine account.
>>
>> Not sure if that is relevant here.
>>
>>
>> JD Henderson
>> <http://www.landemonium.com>
>> email - jd at savagegeek.com
>> mobile - 919-649-5589
>>
>>
>> ________________________________
>>
>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>> Sent: Wed 10/5/2005 10:55 AM
>> To: Triangle Linux Users Group discussion list
>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>
>>
>>
>> Hmmmm....   is the workstation being added in uppercase?  It should show
>> up in both your /etc/passwd and smbpasswd  -   another thing to check -
>> is
>> the user you are using added in smbpasswd as well?
>>
>>
>>> Well I tried "administrator" as well but the same error happens.
>>>
>>> attempting to join the domain WEBNET: Access is denied
>>>
>>> But some other info as well.
>>>
>>> If you have for instance this workstation on the domain before with a
>>> different workstation name, and then
>>> remove it by using:
>>> smbpasswd -x workstation$
>>> and then remove it from the /etc/passwd file as well as the /etc/shadow
>>> file....
>>>
>>> That does get rid of the account and the associated MAC address of the
>>> previous workstation's SID right?
>>>
>>> Not sure if the SAMBA server uses SID's or not like NT does, but just
>>> wondering.
>>>
>>> Thanks
>>>
>>> JD Henderson
>>> <http://www.landemonium.com>
>>> email - jd at savagegeek.com
>>> mobile - 919-649-5589
>>>
>>>
>>> ________________________________
>>>
>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>> Sent: Wed 10/5/2005 10:27 AM
>>> To: Triangle Linux Users Group discussion list
>>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>>
>>>
>>>
>>> the user that you use to to add a system to the domain must be in the
>>> Admin group
>>> root = admin administrator @it
>>>
>>> Mark
>>>
>>>> Yes, This is the contents of the smbusers file
>>>>
>>>> # Unix_name = SMB_name1 SMB_name2 ...
>>>> root = admin administrator
>>>> nobody = guest pcguest smbguest
>>>> it = @it
>>>> oranet = @oranet
>>>> dmerkle = dmerkle
>>>>
>>>>
>>>> I am a member of the "it" group.
>>>>
>>>> The it group is on a NIS server acting as a group that I am a member.
>>>>
>>>> BTW, I am coming into this postion with this already in place, but had
>>>> something
>>>> like this in place at another location.
>>>>
>>>> Thanks.
>>>>
>>>> JD Henderson
>>>> <http://www.landemonium.com>
>>>> email - jd at savagegeek.com
>>>> mobile - 919-649-5589
>>>>
>>>>
>>>> ________________________________
>>>>
>>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>>> Sent: Wed 10/5/2005 10:00 AM
>>>> To: Triangle Linux Users Group discussion list
>>>> Subject: Re: [TriLUG] Help with SAMBA acting as PDC for windows
>>>>
>>>>
>>>>
>>>> Just curious - is the user you are trying to use to add the machine to
>>>> the
>>>> domain in the smbusers file and associated with root?
>>>>
>>>> - Mark
>>>>
>>>>> Hello,
>>>>>
>>>>> I have a situation that is happening to one of my Windows XP
>>>>> workstations
>>>>> trying to connect
>>>>> to a SAMBA server acting as a Primary Domain Controller.  So to begin
>>>>> with, the server is
>>>>> a RedHat Fedora Core 3 Running SAMBA version 3.0.10-1.fc3
>>>>>
>>>>> So what is happening is when I am trying to join the machine account
>>>>> to
>>>>> our "WEBNET" domain,
>>>>> the error on the Windows XP workstation is " The following error
>>>>> occurred
>>>>> attempting to join the domain WEBNET: Access is denied
>>>>>
>>>>> Now, I am using a valid username to authenticate the machine account,
>>>>> and
>>>>> the machine account exists
>>>>> in the /etc/samba/smbpasswd file.  Also the machine account exists in
>>>>> the
>>>>> /etc/passwd and /etc/shadow file.
>>>>>
>>>>> entry in /etc/passwd file:
>>>>> n-pace$:x:1105:105::Machine Account:/dev/null:/bin/false
>>>>>
>>>>> entry in /etc/shadow file:
>>>>> n-pace$:!:13011:0:99999:7:::
>>>>>
>>>>> entry in /etc/samba/smbpasswd file
>>>>> n-pace$:1105:498B3F3A1D654D56AAD3B435B51404EE:7C5D6F77A7C4A52F3F771BA178AD21D4:[W
>>>>>          ]:LCT-4342E59A:
>>>>>
>>>>> Now I do know when getting the error above it means:
>>>>> There isn't a machine account entered in smbpasswd for the computer
>>>>> you're
>>>>> attempting to have
>>>>> join the domain, or the machine account is currently disabled. It's
>>>>> also
>>>>> possible that you're
>>>>> trying to join the domain using an account name other than "root",
>>>>> which
>>>>> is required.
>>>>>
>>>>>
>>>>> Also, this machine was on the domain as a different machine account,
>>>>> but
>>>>> I
>>>>> removed the account from the /etc/passwd file /etc/shadow file, and
>>>>> /etc/samba/smbpasswd file.
>>>>>
>>>>> Can anybody help?
>>>>>
>>>>> Thank you very much
>>>>>
>>>>> JD Henderson
>>>>> <http://www.landemonium.com>
>>>>> email - jd at savagegeek.com
>>>>> mobile - 919-649-5589
>>>>>
>>>>> --
>>>>> TriLUG mailing list        :
>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>>
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/





More information about the TriLUG mailing list