Results 1 to 6 of 6
Hi, having finally got all my Postfix problems sorted (thanks to all who helped,you know who you are), I have another thorny little problem. I have replaced my ageing Windows ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-30-2008 #1
Samba Domain Controller
I have replaced my ageing Windows NT4 PDC for my home network with a nice shiny Fedora 8 one! I have installed and set up Samba as a PDC but have one small problem.
When I log in as root, all works fine,it finds the server copy of my profile and everything is hunky dory. When I log in as my username or any of my family, it cannot find the server profile. When I scroll down to the bottom of the error message box it says "DETAILS - Network Access is denied". The weird thing is though, when my PC has finished booting, I CAN see the PDC and view and access the shares on it.
The problem only seems to manifest itself during the log-in authentication phase of the process!!
Any ideas please !!
- 12-01-2008 #2
- You need to add users and machines to samba, use 'smbpasswd -a <username>' for each user, this will ask for the password they'll use for windwos. Use 'smbpasswd -m <machinename>$' for each machine. This wont ask for a password but you must ensure each machine name is terminated with a '$'.
- Dont forget to add an administrator user in samba. Either stick to the 'root' username or use 'administrator' and make sure samba maps the user name to root. I use a different root password with Samba than I do for my Linux computers.
- When I changed by Linux-hosted PDC recently, I had to ask each windwos machine to leave the domain then added them again. You'll also need to log-on to the machine as local admin and add domain users to groups on that computer.
- 12-01-2008 #3
Thanks for that, I've set up all four family members in Samba,did that when I'd finished the inital build. Removed my PC from the domain and re-joined,it asked(as expected) for the username/password of user authorised to join machine to domain,did that.
But it won't let anyone other than root access the server copy of the profile. I have a Fedora 8 webserver set up with Samba and I can access all the shares on that so I think my basic samba set up is fine, it just seems to be the netlogon side on my PDC that's messed up.
Must admit I'm stuck on this one.I'll worry about ading everyone elses machine when I can get it working. I can put a copy of my smb.conf file up for people to peruse if you can let me know how to do it, or I can put it on my website for you to view.
Any help is greatly appreciated
- 12-01-2008 #4
I don't think we need your smb.conf just yet. Next thing to check, then, is the Linux permissions on your profiles directory. And check your samba permissions on the same directory. They can overlap badly and restrict access if care is not taken. It's one of the most frustrating things you can do.
Off the top of my head I cant recall what the permissions need to be, but there are plenty of howtos floating around cyberspace on this subject. While you're playing with permissions, also check that your groups are set up correctly too.
- 12-17-2008 #5
Sorry it took so long for me to reply, I can't seem to find enough hours in the day at the moment!!
when I cd to /home/samba , the profiles entry of a ls -al look like this:-
drwxrwx--- 3 root users 4096 2008-11-29 21:03 profiles
From the Advanced view in SWAT, the profiles share directory entries are:-
Create Mask 0600
Force create mode 00
Security mask 0600
Force Security mode 00
Directory mask 0770
Force Directory mode 00
Directory Security Mask 0770
Force Directory Security mode 00
Valid users %U
the howto I used to create the PDC can be found at:-
Samba Domaincontroller For Small Workgroups With SWAT On Fedora 8 | HowtoForge - Linux Howtos and Tutorials
I know I'm a pain but the help is GREATLY appreciated!
- 12-20-2008 #6
Thanks Roxoff, I went back and had a look at my setup and it turned out that not all of my users on the PDC were in group "users" which meant no access at all to the profiles share. Simple answer - vi /etc/group and add the relevant names and BINGO!! All now working!! Very Happy!!
Thanks again for all your help!
Super Kind Regards