[TriLUG] Help with SAMBA acting as PDC for windows

Mark Fowle mark at thefowles.com
Wed Oct 5 12:13:43 EDT 2005


Glad it worked --  I will have to check my version and see why I can't use
root --  Glad it's going --

Any plans to incorporate it with ldap?

Mark

> Hey Mark.
>
> I got it to join.
>
> Apparently I was using the wrong root password.
>
> So root worked.
>
> Only root will work in my situation.
>
> Sill me.
>
> Thank you for your help.
>
> JD
> Jd at savagegeek.com
>
>
>  -----Original Message-----
> From: 	Mark Fowle [mailto:mark at thefowles.com]
> Sent:	Wed Oct 05 11:47:38 2005
> To:	Triangle Linux Users Group discussion list
> Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows
>
> root doesn't work -- there is something that prevents it from working
> right (there is something in V3 samba docs that mentions it - I just can't
> remember off the top of my head)-
>
> have you tried entering the machine name (/etc/passwd and smbpasswd) in
> upper case?  The default in windows is UPPERCASE and it wont match lower
> case in unix ....
>
>
>> Ok
>>
>> Well I tried root as well, but still access denied.
>>
>> Very odd
>>
>>  -----Original Message-----
>> From: 	Mark Fowle [mailto:mark at thefowles.com]
>> Sent:	Wed Oct 05 11:34:47 2005
>> To:	Triangle Linux Users Group discussion list
>> Subject:	RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>
>> If you removed it, it should be gone -- you can restart samba to be
>> safe.
>>
>>>From what I've read - you have to have an Administrator account on the
>> unix side -- any other user wont work  -- (at least I've never been able
>> to myself) --
>>
>>> Also, is there somewhere some file hidden with cache info from the
>>> previous workstation name in samba?
>>>
>>> Reason I ask is because this workstation was already in the WEBNET
>>> domain
>>> under
>>> a name called j-madios$, but I did remove that machine account before I
>>> tried to join
>>> the n-pace$ machine account.
>>>
>>> Not sure if that is relevant here.
>>>
>>>
>>> JD Henderson
>>> <http://www.landemonium.com>
>>> email - jd at savagegeek.com
>>> mobile - 919-649-5589
>>>
>>>
>>> ________________________________
>>>
>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>> Sent: Wed 10/5/2005 10:55 AM
>>> To: Triangle Linux Users Group discussion list
>>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>>
>>>
>>>
>>> Hmmmm....   is the workstation being added in uppercase?  It should
>>> show
>>> up in both your /etc/passwd and smbpasswd  -   another thing to check -
>>> is
>>> the user you are using added in smbpasswd as well?
>>>
>>>
>>>> Well I tried "administrator" as well but the same error happens.
>>>>
>>>> attempting to join the domain WEBNET: Access is denied
>>>>
>>>> But some other info as well.
>>>>
>>>> If you have for instance this workstation on the domain before with a
>>>> different workstation name, and then
>>>> remove it by using:
>>>> smbpasswd -x workstation$
>>>> and then remove it from the /etc/passwd file as well as the
>>>> /etc/shadow
>>>> file....
>>>>
>>>> That does get rid of the account and the associated MAC address of the
>>>> previous workstation's SID right?
>>>>
>>>> Not sure if the SAMBA server uses SID's or not like NT does, but just
>>>> wondering.
>>>>
>>>> Thanks
>>>>
>>>> JD Henderson
>>>> <http://www.landemonium.com>
>>>> email - jd at savagegeek.com
>>>> mobile - 919-649-5589
>>>>
>>>>
>>>> ________________________________
>>>>
>>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>>> Sent: Wed 10/5/2005 10:27 AM
>>>> To: Triangle Linux Users Group discussion list
>>>> Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows
>>>>
>>>>
>>>>
>>>> the user that you use to to add a system to the domain must be in the
>>>> Admin group
>>>> root = admin administrator @it
>>>>
>>>> Mark
>>>>
>>>>> Yes, This is the contents of the smbusers file
>>>>>
>>>>> # Unix_name = SMB_name1 SMB_name2 ...
>>>>> root = admin administrator
>>>>> nobody = guest pcguest smbguest
>>>>> it = @it
>>>>> oranet = @oranet
>>>>> dmerkle = dmerkle
>>>>>
>>>>>
>>>>> I am a member of the "it" group.
>>>>>
>>>>> The it group is on a NIS server acting as a group that I am a member.
>>>>>
>>>>> BTW, I am coming into this postion with this already in place, but
>>>>> had
>>>>> something
>>>>> like this in place at another location.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> JD Henderson
>>>>> <http://www.landemonium.com>
>>>>> email - jd at savagegeek.com
>>>>> mobile - 919-649-5589
>>>>>
>>>>>
>>>>> ________________________________
>>>>>
>>>>> From: trilug-bounces at trilug.org on behalf of Mark Fowle
>>>>> Sent: Wed 10/5/2005 10:00 AM
>>>>> To: Triangle Linux Users Group discussion list
>>>>> Subject: Re: [TriLUG] Help with SAMBA acting as PDC for windows
>>>>>
>>>>>
>>>>>
>>>>> Just curious - is the user you are trying to use to add the machine
>>>>> to
>>>>> the
>>>>> domain in the smbusers file and associated with root?
>>>>>
>>>>> - Mark
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have a situation that is happening to one of my Windows XP
>>>>>> workstations
>>>>>> trying to connect
>>>>>> to a SAMBA server acting as a Primary Domain Controller.  So to
>>>>>> begin
>>>>>> with, the server is
>>>>>> a RedHat Fedora Core 3 Running SAMBA version 3.0.10-1.fc3
>>>>>>
>>>>>> So what is happening is when I am trying to join the machine account
>>>>>> to
>>>>>> our "WEBNET" domain,
>>>>>> the error on the Windows XP workstation is " The following error
>>>>>> occurred
>>>>>> attempting to join the domain WEBNET: Access is denied
>>>>>>
>>>>>> Now, I am using a valid username to authenticate the machine
>>>>>> account,
>>>>>> and
>>>>>> the machine account exists
>>>>>> in the /etc/samba/smbpasswd file.  Also the machine account exists
>>>>>> in
>>>>>> the
>>>>>> /etc/passwd and /etc/shadow file.
>>>>>>
>>>>>> entry in /etc/passwd file:
>>>>>> n-pace$:x:1105:105::Machine Account:/dev/null:/bin/false
>>>>>>
>>>>>> entry in /etc/shadow file:
>>>>>> n-pace$:!:13011:0:99999:7:::
>>>>>>
>>>>>> entry in /etc/samba/smbpasswd file
>>>>>> n-pace$:1105:498B3F3A1D654D56AAD3B435B51404EE:7C5D6F77A7C4A52F3F771BA178AD21D4:[W
>>>>>>          ]:LCT-4342E59A:
>>>>>>
>>>>>> Now I do know when getting the error above it means:
>>>>>> There isn't a machine account entered in smbpasswd for the computer
>>>>>> you're
>>>>>> attempting to have
>>>>>> join the domain, or the machine account is currently disabled. It's
>>>>>> also
>>>>>> possible that you're
>>>>>> trying to join the domain using an account name other than "root",
>>>>>> which
>>>>>> is required.
>>>>>>
>>>>>>
>>>>>> Also, this machine was on the domain as a different machine account,
>>>>>> but
>>>>>> I
>>>>>> removed the account from the /etc/passwd file /etc/shadow file, and
>>>>>> /etc/samba/smbpasswd file.
>>>>>>
>>>>>> Can anybody help?
>>>>>>
>>>>>> Thank you very much
>>>>>>
>>>>>> JD Henderson
>>>>>> <http://www.landemonium.com>
>>>>>> email - jd at savagegeek.com
>>>>>> mobile - 919-649-5589
>>>>>>
>>>>>> --
>>>>>> TriLUG mailing list        :
>>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>>>
>>>>>> --
>>>>>> This message has been scanned for viruses and
>>>>>> dangerous content by MailScanner, and is
>>>>>> believed to be clean.
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> TriLUG mailing list        :
>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>>
>>>>> --
>>>>> TriLUG mailing list        :
>>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>>
>>>>
>>>>
>>>> --
>>>> This message has been scanned for viruses and
>>>> dangerous content by MailScanner, and is
>>>> believed to be clean.
>>>>
>>>> --
>>>> TriLUG mailing list        :
>>>> http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>>
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>> --
>>> TriLUG mailing list        :
>>> http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>




More information about the TriLUG mailing list