[TriLUG] Help with SAMBA acting as PDC for windows
    Matt Pusateri 
    mpusateri at wickedtrails.com
       
    Wed Oct  5 12:16:39 EDT 2005
    
    
  
Upgrading to Samba 3.0.20 will allow you to define Admin users who can
join machines to the domain.  There are tons of fixes in Samba 3.0.20
so it is worthwhile.  Also 3.0.20a beta is out that fixes and AD
problem, but it doens't sound like you will need that.
Matt P.
On Wed, October 5, 2005 12:19 pm, John-David Henderson wrote:
> Hey Mark.
>
> I got it to join.
>
> Apparently I was using the wrong root password.
>
> So root worked.
>
> Only root will work in my situation.
>
> Sill me.
>
> Thank you for your help.
>
> JD
> Jd at savagegeek.com
>
>
>  -----Original Message-----
> From: 	Mark Fowle [mailto:mark at thefowles.com]
> Sent:	Wed Oct 05 11:47:38 2005
> To:	Triangle Linux Users Group discussion list
> Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows
>
> root doesn't work -- there is something that prevents it from working
> right (there is something in V3 samba docs that mentions it - I just
> can't
> remember off the top of my head)-
>
> have you tried entering the machine name (/etc/passwd and smbpasswd)
> in
> upper case?  The default in windows is UPPERCASE and it wont match
> lower
> case in unix ....
>
>
>> Ok
>>
>> Well I tried root as well, but still access denied.
>>
>> Very odd
>>
>>  -----Original Message-----
>> From: 	Mark Fowle [mailto:mark at thefowles.com]
>> Sent:	Wed Oct 05 11:34:47 2005
>> To:	Triangle Linux Users Group discussion list
>> Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>
>> If you removed it, it should be gone -- you can restart samba to be
>> safe.
>>
>>>From what I've read - you have to have an Administrator account on
>>> the
>> unix side -- any other user wont work  -- (at least I've never been
>> able
>> to myself) --
>>
>>> Also, is there somewhere some file hidden with cache info from the
>>> previous workstation name in samba?
>>>
>>> Reason I ask is because this workstation was already in the WEBNET
>>> domain
>>> under
>>> a name called j-madios$, but I did remove that machine account
>>> before I
>>> tried to join
>>> the n-pace$ machine account.
>>>
>>> Not sure if that is relevant here.
>>>
>>>
>>> JD Henderson
>>> <http://www.landemonium.com>
>>> email - jd at savagegeek.com
>>> mobile - 919-649-5589
>>>
>>>
>>> ________________________________
>>>
>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>> Sent: Wed 10/5/2005 10:55 AM
>>> To: Triangle Linux Users Group discussion list
>>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>>
>>>
>>>
>>> Hmmmm....   is the workstation being added in uppercase?  It should
>>> show
>>> up in both your /etc/passwd and smbpasswd  -   another thing to
>>> check -
>>> is
>>> the user you are using added in smbpasswd as well?
>>>
>>>
>>>> Well I tried "administrator" as well but the same error happens.
>>>>
>>>> attempting to join the domain WEBNET: Access is denied
>>>>
>>>> But some other info as well.
>>>>
>>>> If you have for instance this workstation on the domain before
>>>> with a
>>>> different workstation name, and then
>>>> remove it by using:
>>>> smbpasswd -x workstation$
>>>> and then remove it from the /etc/passwd file as well as the
>>>> /etc/shadow
>>>> file....
>>>>
>>>> That does get rid of the account and the associated MAC address of
>>>> the
>>>> previous workstation's SID right?
>>>>
>>>> Not sure if the SAMBA server uses SID's or not like NT does, but
>>>> just
>>>> wondering.
>>>>
>>>> Thanks
>>>>
>>>> JD Henderson
>>>> <http://www.landemonium.com>
>>>> email - jd at savagegeek.com
>>>> mobile - 919-649-5589
>>>>
>>>>
>>>> ________________________________
>>>>
>>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>>> Sent: Wed 10/5/2005 10:27 AM
>>>> To: Triangle Linux Users Group discussion list
>>>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>>>
>>>>
>>>>
>>>> the user that you use to to add a system to the domain must be in
>>>> the
>>>> Admin group
>>>> root = admin administrator @it
>>>>
>>>> Mark
>>>>
>>>>> Yes, This is the contents of the smbusers file
>>>>>
>>>>> # Unix_name = SMB_name1 SMB_name2 ...
>>>>> root = admin administrator
>>>>> nobody = guest pcguest smbguest
>>>>> it = @it
>>>>> oranet = @oranet
>>>>> dmerkle = dmerkle
>>>>>
>>>>>
>>>>> I am a member of the "it" group.
>>>>>
>>>>> The it group is on a NIS server acting as a group that I am a
>>>>> member.
>>>>>
>>>>> BTW, I am coming into this postion with this already in place,
>>>>> but had
>>>>> something
>>>>> like this in place at another location.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> JD Henderson
>>>>> <http://www.landemonium.com>
>>>>> email - jd at savagegeek.com
>>>>> mobile - 919-649-5589
>>>>>
>>>>>
>>>>> ________________________________
>>>>>
>>>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>>>> Sent: Wed 10/5/2005 10:00 AM
>>>>> To: Triangle Linux Users Group discussion list
>>>>> Subject: Re: [TriLUG] Help with SAMBA acting as PDC for windows
>>>>>
>>>>>
>>>>>
>>>>> Just curious - is the user you are trying to use to add the
>>>>> machine to
>>>>> the
>>>>> domain in the smbusers file and associated with root?
>>>>>
>>>>> - Mark
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have a situation that is happening to one of my Windows XP
>>>>>> workstations
>>>>>> trying to connect
>>>>>> to a SAMBA server acting as a Primary Domain Controller.  So to
>>>>>> begin
>>>>>> with, the server is
>>>>>> a RedHat Fedora Core 3 Running SAMBA version 3.0.10-1.fc3
>>>>>>
>>>>>> So what is happening is when I am trying to join the machine
>>>>>> account
>>>>>> to
>>>>>> our "WEBNET" domain,
>>>>>> the error on the Windows XP workstation is " The following error
>>>>>> occurred
>>>>>> attempting to join the domain WEBNET: Access is denied
>>>>>>
>>>>>> Now, I am using a valid username to authenticate the machine
>>>>>> account,
>>>>>> and
>>>>>> the machine account exists
>>>>>> in the /etc/samba/smbpasswd file.  Also the machine account
>>>>>> exists in
>>>>>> the
>>>>>> /etc/passwd and /etc/shadow file.
>>>>>>
>>>>>> entry in /etc/passwd file:
>>>>>> n-pace$:x:1105:105::Machine Account:/dev/null:/bin/false
>>>>>>
>>>>>> entry in /etc/shadow file:
>>>>>> n-pace$:!:13011:0:99999:7:::
>>>>>>
>>>>>> entry in /etc/samba/smbpasswd file
>>>>>> n-pace$:1105:498B3F3A1D654D56AAD3B435B51404EE:7C5D6F77A7C4A52F3F771BA178AD21D4:[W
>>>>>>          ]:LCT-4342E59A:
>>>>>>
>>>>>> Now I do know when getting the error above it means:
>>>>>> There isn't a machine account entered in smbpasswd for the
>>>>>> computer
>>>>>> you're
>>>>>> attempting to have
>>>>>> join the domain, or the machine account is currently disabled.
>>>>>> It's
>>>>>> also
>>>>>> possible that you're
>>>>>> trying to join the domain using an account name other than
>>>>>> "root",
>>>>>> which
>>>>>> is required.
>>>>>>
>>>>>>
>>>>>> Also, this machine was on the domain as a different machine
>>>>>> account,
>>>>>> but
>>>>>> I
>>>>>> removed the account from the /etc/passwd file /etc/shadow file,
>>>>>> and
>>>>>> /etc/samba/smbpasswd file.
>>>>>>
>>>>>> Can anybody help?
>>>>>>
>>>>>> Thank you very much
>>>>>>
>>>>>> JD Henderson
>>>>>> <http://www.landemonium.com>
>>>>>> email - jd at savagegeek.com
>>>>>> mobile - 919-649-5589
>>>>>>
>>>>>> --
>>>>>> TriLUG mailing list        :
>>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>>> TriLUG Member Services FAQ :
>>>>>> http://members.trilug.org/services_faq/
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> TriLUG mailing list        :
>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>> TriLUG Member Services FAQ :
>>>>> http://members.trilug.org/services_faq/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>> --
>>>>> TriLUG mailing list        :
>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>> TriLUG Member Services FAQ :
>>>>> http://members.trilug.org/services_faq/
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ :
>>>> http://members.trilug.org/services_faq/
>>>>
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ :
>>>> http://members.trilug.org/services_faq/
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ :
>>> http://members.trilug.org/services_faq/
>>>
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ :
>>> http://members.trilug.org/services_faq/
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
    
    
More information about the TriLUG
mailing list