-
Samba PDC setup
I have been spending the day trying to configure samba to act as a PDC for my lan. Currently I have a samba file server set up, and I connect to it as a shared drive in a workgroup...this is named Vamosi_Domain (Its a workgroup not a domain, and no I am not the genious that named it ) I am not that familiar with Samba's PDC functions so I will post my configs
here is a copy of my smb.conf:
[global]
dns proxy = no
log level = 2
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
server string = Intertech Samba Server
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
obey pam restrictions = yes
unix password sync = Yes
remote announce = 192.168.0.255
workgroup = Vamosi_Domain
domain logins = yes
encrypted passwords = yes
security = user
os level = 64
local master = yes
preferred master = yes
domain master = yes
netbios name = Intertechserver
wins server = 192.168.0.2
hosts allow = 192.168.0.2
pam password change = yes
[homes]
create mask = 0700
directory mask = 0700
browseable = no
comment = Home Directories
writeable = yes
valid users = %S
[Shares]
printable = no
writable = yes
path = /Intertech_Files/shared
write list = @staff
force group = staff
create mask = 0775
directory mask = 0775
comment = Shared Files
public = yes
[idsutility]
writeable = yes
path = /Intertech_Files/idsutility
write list = @staff
force directory mode = 0775
force group = staff
force create mode = 0775
public = yes
create mode = 0775
directory mode = 0775
[accounting]
writeable = yes
path = /Intertech_Files/accounting
write list = @accounting
force directory mode = 0770
valid users = @accounting
force group = accounting
force create mode = 0770
public = yes
create mode = 0770
directory mode = 0770
[netlogon]
comment = The domain logon service
path = /Intertech_Files/shares/idsadmin
writable = no
browsable = no
This is just what I have found to configure bouncing around google searches and things of that nature. I have configured TCP/IP to use the servers ip "192.168.0.2" for WINS and when I try to specify the domain in windows it gives me this:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
The domain name Vamosi_Domain might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain Vamosi_Domain:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.Vamosi_Domain
Common causes of this error include the following:
- The DNS SRV record is not registered in DNS.
- One or more of the following zones do not include delegation to its child zone:
Vamosi_Domain
. (the root zone)
Like I said, I am very unexperienced with Samba for this use and would appreciate a good kick in the right direction.
Thanks as always,
Jason Self
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
Take a look at this post for help in setting up your PDC and joining XP machines to it:
http://www.justlinux.com/forum/showt...ight=samba+pdc
Also, remove these lines from your smb.conf file:
remote announce = 192.168.0.255
wins server = 192.168.0.2
hosts allow = 192.168.0.2
and restart your Samba server.
Be sure your Windows machines are set to enable NetBIOS over TCP/IP. This is set from the WINS Tab of the Advanced TCP/IP Settings dailog box.
If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.
-
That much has helped temendously, it seems that the workgroup and domain name being the same caused all of my problem in that department. I do have another problem now. I found that I have to set up samba root to be able to login "smbpasswd - a root" but when I try to login as root to my domain it tells me.
The following error occured attempting to join the the domain "MYDOMAIN";
Access Denied
Any ideas as to why it is doing this? Could have my blocking root from being able to connect remotely (via telnet, ssh etc.) have something to do with this?
Thanks again,
Jason
PS: 500th post whoooohoooo
Last edited by KarrottoP; 12-22-2004 at 11:55 AM.
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
Not sure, but you might want to check the netlogon path and
a) make sure it exists
b) might want to change it to something/netlogon
Other systems trying to join the domain might be looking for the netlogon directory as named. If you are using a directory named netlogon that is in path = /Intertech_Files/shares/idsadmin
you need to put path = /Intertech_Files/shares/idsadmin/netlogon
Here is my basic Samba PDC smb.conf file:
[global]
workgroup = TESTBFSOSD
server string = Samba PDC Server
passdb backend = tdbsam
passwd program = /usr/bin/smbpasswd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *password:*
unix password sync = Yes
log level = 5
log file = /var/log/samba/%m.log
max log size = 0
load printers = No
add user script = /usr/sbin/useradd -d /dev/null -g 103 -s /bin/bash -M
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap ssl = no
winbind trusted domains only = Yes
[netlogon]
comment = Network Logon Service
path = /opt/samba/netlogon
write list = ntadmin
"Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar
"Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov
-
I have taken your advice and relocated the netlogon path and have verified that it exists. When I try to log into the pdc I still get the access denied message...I am trying to login with root by changing the domain to the domain name specified in the system control panel in Windows XP SP2 if that helps any. I can navigate to shares still.
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
Originally posted by KarrottoP
I have taken your advice and relocated the netlogon path and have verified that it exists. When I try to log into the pdc I still get the access denied message...I am trying to login with root by changing the domain to the domain name specified in the system control panel in Windows XP SP2 if that helps any. I can navigate to shares still.
You might need to add the line: passwd backend = smbpasswd
It should use this by default, but work a try. Also add in the line for add machine script otherwise it might not allow the computer to be added to the domain.
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
-d designates a home directory, since you don't want computer accounts having a hd /dev/null is used. -g designates the default group id (102 is the computer group i created). -s /bin/false set the shell for the computer. since a computer won't have actual login capability use /bin/false.
"Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar
"Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov
-
I have done everything you said and for some reason I ham still getting access denied....I am trying to read the logs to figure out what it is exactly that is causing this problem but I am finding little to go on, I have set my log level to 3. This seems to be my only lead.
Dec 27 11:21:45 mail samba(pam_unix)[10650]: authentication failure; logname= uid=0 euid=0 tty=samba ruser= rhost=192.168.0.103
user=root
I have noticed in the log that a lot of users have a uid=0 comment, not just root. Not sure if that means anything.
I am now guessing that pam is playing into this problem?
Thanks,
Jason
Last edited by KarrottoP; 12-27-2004 at 12:37 PM.
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
You might want to check you passwd file and see what other users have the uid=0 shouldn't be anyone but root. This could be your problem.
"Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar
"Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov
-
I have checked my passwd file and each user has a unique uid. I have also checked my smbpasswd file and the same is true......I only have two users in my smbpasswd file root and my user that I added with smbadduser (I don't actually know why there is a seperate smbuser section or what that entails but the uid's are unique) I am not sure if samba or pam are forcing the (uid=0) but that is what /var/log/message is telling me for each user as they log into the server.
Thanks.
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
I figured out what the problem was....I needed to set up a machine user for the computer...I completely failed to realize that, once I did I was able to log into the domain as root fine...I have another delima but I will post that in another thread because it is off topic a bit. Thanks everyone for your help.
OS: Suse 9.1 Pro
CPU: AMD Athlon XP 1700 (overclocked)
GPU: Geforce 2 ti
Soundcard: Soundblaster Audigy Gamer
Ram: 512mb ram
Mobo: LanParty NFIIULTRAB
Storage: 2x 40mb IDE 1x80mb SATA
Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
Case: Heavily modded Kingwin Aluminum
CPU Cooling: Zalman Flower (fanless)
-
Originally Posted by KarrottoP
I figured out what the problem was....I needed to set up a machine user for the computer...I completely failed to realize that, once I did I was able to log into the domain as root fine...I have another delima but I will post that in another thread because it is off topic a bit. Thanks everyone for your help.
What do you mean by having to add a Machine User for the computer?
Do u mean an account on the XP machine?
I also can not connect to a samba Server
I was having the same issue.
I had to turn off my firewall in order to get around the first error you had.
But now i try to connect from my XP box and i get the following.
I log in with
<domainname>\root
I get
The following error occurred attempting to join domain "<domainname>"
The user name could not be found.
However i did do
smbpasswd -a root
I have also tried
<domainname>\administrator
and
<domainname>\admin
Give me the same error.
If i try
<domainname>\dsanchez
i get
The following error occurred attempting to join domain "<domainname>"
Access denied
I also looked in the
/var/log/samba
and i found 2 new log files, one has the IP address of the
XP box and the other has the name of the same XP box.
I have also added
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
to my smb.conf file
i also added passwd backend = smbpasswd
I am running RHEL4 with Samba version 3.0.10.4E
Thanks
D.Sanchez
Last edited by DirtySanchez; 07-28-2005 at 01:32 PM.
-
can you post your smb.conf file?
"Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar
"Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov
-
Sorry,
I forgot to add that.
# Global parameters
[global]
workgroup = HART
server string = Samba PDC Server
password server = None
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd .d /dev/null .g 100 .s /bin/false .M %u
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 10.78., 127.
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /opt/samba/netlogon
-
First thought:
Add the line "security = user" under global settings.
Still looking for other possibilities.
"Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar
"Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov
-
Funny, i have added it but it doesnt show up in testparm.
but i just double checked and i now do have security = user
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|