adding pc's to samba domain fails

[robke1972]

Hi there I'm trying to get my samba server to work on a fedora core 1 box
I am currently running samba

It works fine but adding pc's (M$ w2k) to my domain is a pain.
I want to do that from the computer which I want to add , but instead I have to do it on the samba pdc on the cli.

I have added root to the smbusers ,but still that does not work

when I try to add the pc (using root) I get the following error:
The user name could not be found.

here's the output from testparm

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[data]"
Processing section "[mount]"
Processing section "[netlogon]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = MINE
server string = samba server %v
password server = None
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
time server = Yes
deadtime = 5
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
logon script = logon.bat
logon path = \\%L\profiles\%u
logon drive = M:
logon home = \\%L\%u\.win_profile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
guest ok = Yes
hosts allow = 10.0.0.
printing = cups

<skipping the directoryies and printers>

[netlogon]
path = /data/samba/netlogon
browseable = No

[profiles]
path = /data/samba/samba-ntprof
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[kpzani]

what user dbase are you using?
If you want to keep things really simple for a small lan then I would use a tdb.

anyway, you need root added to your user database - whatever one you are using.

then log onto the 2k box as a normal user (with a samba account ready) and join the pc to the domain. when available choose to create a pc account in the domain. and when prompted, use root to perform these actions.

The new samba is much more complex than previous versions. You have the html documentation installed with it. I think its somewhere like /usr/share/doc/samba-3.0.2/docs/htmldocs

If this is what you are doing then - clear you samba logs. try again. post the log files here.
and I'll have a look for you.

[robke1972]

I added the user root with
smbpasswd -a root
and gave in a password

but still the user is unknown as i try to add the pc to the domain

and the dbase i am using , do you mean do i authenticate using pam or the samba user database?

In that case its the samba user database in /etc/samba/smbpasswd
and the /etc/samba/smbusers
root is present in both

[robke1972]

oh before i forget

I checked the logs in /var/log/samba

but they show nothing regarding authentication
actually they show no warnings at alll

do you know how I can get samba to spill it's authentication errors into the samba logs?

[Mystic_Slayer]

First you need is this:

local master = yes
passdb backend = smbpasswd
security = user

Put a # before password server. You don't need it.

add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
; delete user script = /usr/sbin/userdle %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g

[netlogon]
comment = Network Logon Service
path = /data/samba/netlogon
guest ok = yes
writable = no
share modes = no

[Profiles]
path = /data/samba/samba-ntprof
browseable = no
guest ok = yes
writable = no
share modes = no

If you need an example of my smb.conf ask me. I've did tried everything. Ask anything you need for it

[kpzani]

Nice one mysticslayer - missed the password server bit.

Let me know if you've got this working.

ok. in the older versions of samba - you had to store user information in a special file. You then used the smbpasswd script to manage this file.

In the new samba - user accounts can be stored in a number of places including - smbpasswd, tdb, mySQL, LDAP. I recommend using a tdb - trivial database. this is then managed using the new tool pdbedit (must be run as root). If the smb.conf is correct (or samba has the options compiled in) then when you add a user to pdbedit it will auto check the linux user files and create the user if required. All in all, its very good. but it is much more complicated than earlier versions.

You should have all the html documentation on your box. try /usr/share/docs/samba.x.x/
and have a look around there. The html pages have been published as a book So they are top quality.

For debugging purposes - you set the log level paramter (log level = 2) don't set this higher than 2 or 3. and when everything's sorted put it back down to 1. your smb.conf file will create a separate log file per machine using either the machine name or ip address. Check both of these for error messages and also the smbd file.

Also, many options are set when samba is compiled. to see these options (basically the defaults for your distro) run testparm -v (for verbose).

Good luck. let me know what happens.

[Mystic_Slayer]

I gave him the smbpasswd as password backend, because it's the easiest way. I'm running allready a Linux Windows NT domain since Samba 3.x is released. I'm using it at my work and at home. Never want any microsoft domains anymore. They are to slow. etc.

[kpzani]

The smpasswd is fine for NT domains but for 2K and XP. You really want to move towards more of the Active directory functionality that can be achieved using one of the newer user dbs.

The documentation seems to lean towards using tdb for simple networks rather than smbpasswd. So just telling as I've been told.

[Mystic_Slayer]

no problem

[robke1972]

ok I think I see what I need in the post from mystic slayer
I didn't have a add machine script yet, it's the first time i see it mentioned anywhere.
Doesn't it need a $ behind the %u in the script , since the machine names get a $ behind them when you say smbpasswd -a -m <machinename>

I'l give it a shot tonight when I get home from work

About the password database
I think I'll stick with the samba password database while I'll try to figure this one out, just trying to nail one problem at the time.

regards
Rob