Find the answer to your Linux question:
Results 1 to 5 of 5
Dear Linux Forum members, I'm trying to set up a Samba PDC, I have read the Using Samba book 3rd edition published by O'Reilly. I have skipped the chapters 6,7 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2012
    Posts
    18

    Samba PDC Access Denied


    Dear Linux Forum members,

    I'm trying to set up a Samba PDC, I have read the Using Samba book 3rd edition published by O'Reilly.
    I have skipped the chapters 6,7 and 8 since I already have been reading them from the HTML format book
    that comes with the Samba package of Ubuntu Server, version 10.04.
    I am a newbie Linux user and maybe it's a bit odd to start with installing server software.
    Anyway, I have followed the directions of the book but can't figure out how to get the rights
    to add a machine to the Windows Domain on Windows XP as well as Windows 7.
    Here's the output of the most important commands I have tried and the configuration file:

    root#UbuntuServer:/etc/samba# testparm
    Load smb config files from /etc/samba/smb.conf
    rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
    Processing section "[netlogon]"
    Processing section "[shared]"
    Loaded services file OK.
    Server role: ROLE_DOMAIN_PDC
    Press enter to see a dump of your service definitions

    [global]
    workgroup = VITRONIX
    netbios name = VSERVER
    domain logons = Yes
    os level = 65
    preferred master = Yes
    domain master = Yes
    enable privileges = Yes

    [netlogon]
    comment = Net Logon Service
    path = /etc/samba/netlogon
    write list = +ntadmin

    [shared]
    comment = Shared Data
    path = /var/shared
    read only = No

    root#UbuntuServer:/etc/samba# nmblookup 'VITRONIX#1b' 'VITRONIX#1c'
    querying VITRONIX on 192.168.10.255
    192.168.10.25 VITRONIX<1b>
    querying VITRONIX on 192.168.10.255
    192.168.10.25 VITRONIX<1c>
    root#UbuntuServer:/etc/samba# net getlocalsid VITRONIX
    SID for domain VITRONIX is: S-1-5-21-2669874443-2501209563-3797644618
    root#UbuntuServer:/etc/samba# groupadd ntadmin
    root#UbuntuServer:/etc/samba# net groupmap add sid=S-1-5-21-2669874443-2501209563-3797644618-512
    ntgroup="Domain Admins" unixgroup=ntadmin
    Successfully added group Domain Admins to the mapping db as a domain group
    root#UbuntuServer:/etc/samba# smbpasswd -a janv
    New SMB password:
    Retype new SMB password:
    startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created.
    Added user janv.
    root#UbuntuServer:/etc/samba# net groupmap add unixgroup=srvadmin ntgroup="Server Admins"
    No rid or sid specified, choosing a RID
    Got RID 3005
    Successfully added group Server Admins to the mapping db as a domain group
    root#UbuntuServer:/etc/samba# net rpc rights
    grant 'VITRONIX\Server Admins'
    SeMachineAccountPrivilege -S vserver -U janv
    Enter janv's password:
    Failed to grant privileges for VITRONIX\Server Admins (NT_STATUS_ACCESS_DENIED)
    root#UbuntuServer:/etc/samba# net rpc rights grant
    SeMachineAccountPrivilege 'VITRONIX\Domain Admins'
    SeMachineAccountPrivilege -S vserver -U janv
    Enter janv's password:
    Failed to grant privileges for SeMachineAccountPrivilege (NT_STATUS_NO_SUCH_USER)
    root#UbuntuServer:/etc/samba# useradd -g ntadmin janv
    useradd: user 'janv' already exists
    root#UbuntuServer:/etc/samba# useradd -g ntadmin admin
    root#UbuntuServer:/etc/samba# net rpc rights grant
    SeMachineAccountPrivilege 'VITRONIX\Domain Admins'
    SeMachineAccountPrivilege -S vserver -U admin
    Enter admin's password:
    Could not connect to server vserver
    The username or password was not correct.
    Connection failed: NT_STATUS_LOGON_FAILURE
    root#UbuntuServer:/etc/samba# smbpasswd -a admin
    New SMB password:
    Retype new SMB password:
    Added user admin.
    root#UbuntuServer:/etc/samba# net rpc rights grant SeMachineAccountPrivilege 'VITRONIX\Domain Admins'
    SeMachineAccountPrivilege -S vserver -U admin
    Enter admin's password:
    Could not connect to server vserver
    The username or password was not correct.
    Connection failed: NT_STATUS_LOGON_FAILURE
    root#UbuntuServer:/etc/samba# net rpc rights grant SeMachineAccountPrivilege 'VITRONIX\Domain Admins'
    SeMachineAccountPrivilege -S VSERVER -U admin
    Enter admin's password:
    Could not connect to server VSERVER
    The username or password was not correct.
    Connection failed: NT_STATUS_LOGON_FAILURE
    root#UbuntuServer:/etc/samba#

    I have left out the commands that where unsuccessfull due to my inexperiance.
    Hope somebody can help me out.

    Thanks in advance,

    Best Regards,

    Jan Visser

  2. #2
    Just Joined!
    Join Date
    Aug 2007
    Location
    Fairfax, VA
    Posts
    22
    Everything looks good, first thing comes to mind, I don't see that you enabled the user,

    smbpasswd -e $user

    are you trying to join a windows or linux machine to the domain? If you are doing a windows 7 machine you must do some registry edits to make it compatible.

  3. #3
    Just Joined!
    Join Date
    Jul 2012
    Posts
    18
    Quote Originally Posted by jawbrkr View Post
    Everything looks good, first thing comes to mind, I don't see that you enabled the user,

    smbpasswd -e $user

    are you trying to join a windows or linux machine to the domain? If you are doing a windows 7 machine you must do some registry edits to make it compatible.
    For Testing I use a WIndows XP virtual machine, I want to add Linux machines later, but I think NFS would be better for that purpose.
    One thing I haven't done done is to make a machine account. This was neccesary for Samba 2.2. Do these rules still apply?
    Will test the smbpasswd -e $user once I know more about it.
    Thanks!

  4. #4
    Just Joined!
    Join Date
    Aug 2007
    Location
    Fairfax, VA
    Posts
    22
    Weird, sometimes my post don't post. Anyways yes, adding a machine account is still very much necessary. Be mindful you must add the $ at the end of a machine name, windows automatically appends it.

    Also check out pdbedit, it allows you to query and search the samba directory.

  5. #5
    Just Joined!
    Join Date
    Jul 2012
    Posts
    18

    Red face Solved !

    Quote Originally Posted by jawbrkr View Post
    Weird, sometimes my post don't post. Anyways yes, adding a machine account is still very much necessary. Be mindful you must add the $ at the end of a machine name, windows automatically appends it.

    Also check out pdbedit, it allows you to query and search the samba directory.
    Yes it works ! Many thanks.
    The add machine procedure has changed, later I figured out that my question about adding a machine manually is stupid: thats where the privilege is for.

    anyway, here is the command:

    root#UbuntuServer:/etc/samba#smbpasswd -e admin
    Enabled user admin.
    root#UbuntuServer:~# net rpc rights grant 'VITRONIX\Domain Admins' SeMachineAccountPrivilege -S vserver -U admin
    Enter admin's password:
    Successfully granted rights.

    Now I'm going to try to add a user with all privileges enabaled.
    (The Administrator).

    Again, thanks for helping me out!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •