Samba PDC setup


Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Samba PDC setup

  1. #1
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550

    Samba PDC setup

    I have been spending the day trying to configure samba to act as a PDC for my lan. Currently I have a samba file server set up, and I connect to it as a shared drive in a workgroup...this is named Vamosi_Domain (Its a workgroup not a domain, and no I am not the genious that named it ) I am not that familiar with Samba's PDC functions so I will post my configs

    here is a copy of my smb.conf:



    [global]
    dns proxy = no
    log level = 2
    log file = /var/log/samba/%m.log
    smb passwd file = /etc/samba/smbpasswd
    server string = Intertech Samba Server
    socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    obey pam restrictions = yes
    unix password sync = Yes
    remote announce = 192.168.0.255
    workgroup = Vamosi_Domain
    domain logins = yes
    encrypted passwords = yes
    security = user
    os level = 64
    local master = yes
    preferred master = yes
    domain master = yes
    netbios name = Intertechserver
    wins server = 192.168.0.2
    hosts allow = 192.168.0.2
    pam password change = yes

    [homes]
    create mask = 0700
    directory mask = 0700
    browseable = no
    comment = Home Directories
    writeable = yes
    valid users = %S

    [Shares]
    printable = no
    writable = yes
    path = /Intertech_Files/shared
    write list = @staff
    force group = staff
    create mask = 0775
    directory mask = 0775
    comment = Shared Files
    public = yes

    [idsutility]
    writeable = yes
    path = /Intertech_Files/idsutility
    write list = @staff
    force directory mode = 0775
    force group = staff
    force create mode = 0775
    public = yes
    create mode = 0775
    directory mode = 0775

    [accounting]
    writeable = yes
    path = /Intertech_Files/accounting
    write list = @accounting
    force directory mode = 0770
    valid users = @accounting
    force group = accounting
    force create mode = 0770
    public = yes
    create mode = 0770
    directory mode = 0770

    [netlogon]
    comment = The domain logon service
    path = /Intertech_Files/shares/idsadmin
    writable = no
    browsable = no



    This is just what I have found to configure bouncing around google searches and things of that nature. I have configured TCP/IP to use the servers ip "192.168.0.2" for WINS and when I try to specify the domain in windows it gives me this:


    Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

    The domain name Vamosi_Domain might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS.

    If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain Vamosi_Domain:

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.Vamosi_Domain

    Common causes of this error include the following:

    - The DNS SRV record is not registered in DNS.

    - One or more of the following zones do not include delegation to its child zone:

    Vamosi_Domain
    . (the root zone)



    Like I said, I am very unexperienced with Samba for this use and would appreciate a good kick in the right direction.

    Thanks as always,
    Jason Self
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  2. #2
    Join Date
    Mar 2002
    Location
    Pennsylvania, USA
    Posts
    1,713
    Take a look at this post for help in setting up your PDC and joining XP machines to it:

    http://www.justlinux.com/forum/showt...ight=samba+pdc

    Also, remove these lines from your smb.conf file:

    remote announce = 192.168.0.255
    wins server = 192.168.0.2
    hosts allow = 192.168.0.2

    and restart your Samba server.

    Be sure your Windows machines are set to enable NetBIOS over TCP/IP. This is set from the WINS Tab of the Advanced TCP/IP Settings dailog box.
    If God hadn't meant for us to use GUI tools, there wouldn't have been a Xerox PARC.

  3. #3
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550
    That much has helped temendously, it seems that the workgroup and domain name being the same caused all of my problem in that department. I do have another problem now. I found that I have to set up samba root to be able to login "smbpasswd - a root" but when I try to login as root to my domain it tells me.

    The following error occured attempting to join the the domain "MYDOMAIN";
    Access Denied


    Any ideas as to why it is doing this? Could have my blocking root from being able to connect remotely (via telnet, ssh etc.) have something to do with this?

    Thanks again,
    Jason

    PS: 500th post whoooohoooo
    Last edited by KarrottoP; 12-22-2004 at 11:55 AM.
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  4. #4
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    470
    Not sure, but you might want to check the netlogon path and
    a) make sure it exists
    b) might want to change it to something/netlogon

    Other systems trying to join the domain might be looking for the netlogon directory as named. If you are using a directory named netlogon that is in path = /Intertech_Files/shares/idsadmin

    you need to put path = /Intertech_Files/shares/idsadmin/netlogon

    Here is my basic Samba PDC smb.conf file:

    [global]
    workgroup = TESTBFSOSD
    server string = Samba PDC Server
    passdb backend = tdbsam
    passwd program = /usr/bin/smbpasswd %u
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *password:*
    unix password sync = Yes
    log level = 5
    log file = /var/log/samba/%m.log
    max log size = 0
    load printers = No
    add user script = /usr/sbin/useradd -d /dev/null -g 103 -s /bin/bash -M
    add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
    domain logons = Yes
    os level = 33
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    wins support = Yes
    ldap ssl = no
    winbind trusted domains only = Yes

    [netlogon]
    comment = Network Logon Service
    path = /opt/samba/netlogon
    write list = ntadmin
    "Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar

    "Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov

  5. #5
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550
    I have taken your advice and relocated the netlogon path and have verified that it exists. When I try to log into the pdc I still get the access denied message...I am trying to login with root by changing the domain to the domain name specified in the system control panel in Windows XP SP2 if that helps any. I can navigate to shares still.
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  6. #6
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    470
    Originally posted by KarrottoP
    I have taken your advice and relocated the netlogon path and have verified that it exists. When I try to log into the pdc I still get the access denied message...I am trying to login with root by changing the domain to the domain name specified in the system control panel in Windows XP SP2 if that helps any. I can navigate to shares still.
    You might need to add the line: passwd backend = smbpasswd

    It should use this by default, but work a try. Also add in the line for add machine script otherwise it might not allow the computer to be added to the domain.

    add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false

    -d designates a home directory, since you don't want computer accounts having a hd /dev/null is used. -g designates the default group id (102 is the computer group i created). -s /bin/false set the shell for the computer. since a computer won't have actual login capability use /bin/false.
    "Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar

    "Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov

  7. #7
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550
    I have done everything you said and for some reason I ham still getting access denied....I am trying to read the logs to figure out what it is exactly that is causing this problem but I am finding little to go on, I have set my log level to 3. This seems to be my only lead.

    Dec 27 11:21:45 mail samba(pam_unix)[10650]: authentication failure; logname= uid=0 euid=0 tty=samba ruser= rhost=192.168.0.103
    user=root

    I have noticed in the log that a lot of users have a uid=0 comment, not just root. Not sure if that means anything.

    I am now guessing that pam is playing into this problem?

    Thanks,
    Jason
    Last edited by KarrottoP; 12-27-2004 at 12:37 PM.
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  8. #8
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    470
    You might want to check you passwd file and see what other users have the uid=0 shouldn't be anyone but root. This could be your problem.
    "Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar

    "Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov

  9. #9
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550
    I have checked my passwd file and each user has a unique uid. I have also checked my smbpasswd file and the same is true......I only have two users in my smbpasswd file root and my user that I added with smbadduser (I don't actually know why there is a seperate smbuser section or what that entails but the uid's are unique) I am not sure if samba or pam are forcing the (uid=0) but that is what /var/log/message is telling me for each user as they log into the server.

    Thanks.
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  10. #10
    Join Date
    Jul 2002
    Location
    Cincinnati
    Posts
    550
    I figured out what the problem was....I needed to set up a machine user for the computer...I completely failed to realize that, once I did I was able to log into the domain as root fine...I have another delima but I will post that in another thread because it is off topic a bit. Thanks everyone for your help.
    OS: Suse 9.1 Pro
    CPU: AMD Athlon XP 1700 (overclocked)
    GPU: Geforce 2 ti
    Soundcard: Soundblaster Audigy Gamer
    Ram: 512mb ram
    Mobo: LanParty NFIIULTRAB
    Storage: 2x 40mb IDE 1x80mb SATA
    Drives: HP dvd100i (dvd+RW/cdr/cdrw-writer)
    Case: Heavily modded Kingwin Aluminum
    CPU Cooling: Zalman Flower (fanless)

  11. #11
    Join Date
    Jul 2005
    Location
    Los Angeles, CA
    Posts
    35
    Quote Originally Posted by KarrottoP
    I figured out what the problem was....I needed to set up a machine user for the computer...I completely failed to realize that, once I did I was able to log into the domain as root fine...I have another delima but I will post that in another thread because it is off topic a bit. Thanks everyone for your help.

    What do you mean by having to add a Machine User for the computer?
    Do u mean an account on the XP machine?

    I also can not connect to a samba Server
    I was having the same issue.
    I had to turn off my firewall in order to get around the first error you had.
    But now i try to connect from my XP box and i get the following.

    I log in with

    <domainname>\root

    I get

    The following error occurred attempting to join domain "<domainname>"

    The user name could not be found.


    However i did do

    smbpasswd -a root

    I have also tried

    <domainname>\administrator
    and
    <domainname>\admin

    Give me the same error.

    If i try
    <domainname>\dsanchez
    i get
    The following error occurred attempting to join domain "<domainname>"
    Access denied


    I also looked in the
    /var/log/samba
    and i found 2 new log files, one has the IP address of the
    XP box and the other has the name of the same XP box.

    I have also added
    add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
    to my smb.conf file

    i also added passwd backend = smbpasswd



    I am running RHEL4 with Samba version 3.0.10.4E

    Thanks
    D.Sanchez
    Last edited by DirtySanchez; 07-28-2005 at 01:32 PM.

  12. #12
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    470
    can you post your smb.conf file?
    "Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar

    "Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov

  13. #13
    Join Date
    Jul 2005
    Location
    Los Angeles, CA
    Posts
    35
    Sorry,
    I forgot to add that.




    # Global parameters
    [global]
    workgroup = HART
    server string = Samba PDC Server
    password server = None
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
    username map = /etc/samba/smbusers
    unix password sync = Yes
    log file = /var/log/samba/%m.log
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = /etc/printcap
    add user script = /usr/sbin/useradd .d /dev/null .g 100 .s /bin/false .M %u
    add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
    domain logons = Yes
    os level = 64
    preferred master = Yes
    domain master = Yes
    dns proxy = No
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    hosts allow = 10.78., 127.
    cups options = raw

    [homes]
    comment = Home Directories
    read only = No
    browseable = No

    [netlogon]
    comment = Network Logon Service
    path = /opt/samba/netlogon

  14. #14
    Join Date
    Mar 2003
    Location
    Southern California
    Posts
    470
    First thought:

    Add the line "security = user" under global settings.

    Still looking for other possibilities.
    "Cluelessness - There are no stupid questions, but there are a LOT of inquisitive idiots." -- Despair 2005 Calendar

    "Life is pleasant. Death is Peaceful. It is the transition that's troublesome." --Isaac Asimov

  15. #15
    Join Date
    Jul 2005
    Location
    Los Angeles, CA
    Posts
    35
    Funny, i have added it but it doesnt show up in testparm.

    but i just double checked and i now do have security = user

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •