Find the answer to your Linux question:
Results 1 to 8 of 8
I'm trying to configure Samba as PDC and I want to join the domain with a Windows machine. I'm adding the machine name like this: useradd -g machines -d /dev/null ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2007
    Posts
    10

    Exclamation Samba as PDC


    I'm trying to configure Samba as PDC and I want to join the domain with a Windows machine. I'm adding the machine name like this:

    useradd -g machines -d /dev/null -s /dev/null machine$

    I'm adding it to the samba accounts with:

    smbpasswd a m machine

    I'm also adding the system user usersamba

    useradd -g machines usersamba
    passwd usersamba

    And I'm adding the user also

    smbpasswd -a usersamba

    The main problem is when I'm trying to join the domain [BLUE] with the Windows machine, it gives me one of these errors:

    ACCESS IS DENIED or LOGON FAILURE: UNKNOWN USER NAME OR BAD PASSWORD

    I checked the samba logs and here are the results:

    [2007/07/06 14:12:53, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(250)
    startsmbfilepwent_internal: unable to open file /var/lib/samba/private/smbpasswd. Error was: Permission denied
    [2007/07/06 14:12:53, 0] passdb/pdb_smbpasswd.c:add_smbfilepwd_entry(654)
    add_smbfilepwd_entry: unable to open file.

    or

    [2007/07/06 12:48:03, 1] auth/auth_util.c:make_server_info_sam(566)
    User test1 in passdb, but getpwnam() fails!
    [2007/07/06 12:48:03, 0] auth/auth_sam.c:check_sam_security(352)
    check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
    [2007/07/06 12:48:04, 0] passdb/pdb_get_set.c: pdb_get_group_sid(211)
    pdb_get_group_sid: Failed to find Unix account for usersamba

    If I try to run vipw, the password file contains this:

    machine$: x:511:512::/dev/null:/dev/null

    So the machine has been added to the list...

    WHAT AM I DOING WRONG? I restarted the smb and nmb service several times and there is no change. If I want to change the security policy and run it just as a workgroup, I can do it, but as a domain, I cannot join it.

    My smb.conf file follows:

    [global]
    workgroup = BLUE
    server string = Samba Server Version %v

    netbios name = BLUEUNIVERSE

    interfaces = lo eth1
    hosts allow = 127. 192.168.0.
    bind interfaces only = yes

    log file = /var/log/samba/log.%m
    max log size = 50

    security = user
    passdb backend = tdbsam

    domain master = yes
    domain logons = yes

    encrypt passwords = yes

    logon script = %u.bat
    logon path =

    local master = yes
    os level = 65
    preferred master = yes

    wins support = yes
    wins server = 192.168.0.1

    load printers = yes
    cups options = raw

    printcap name = /etc/printcap

    printing = cups

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    public = yes
    writable = yes
    printable = yes
    use client driver = yes

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = yes
    writable = no
    share modes = no

    [Profiles]
    path = /var/lib/samba/profiles
    browseable = no
    guest ok = yes

    Thank you for any possible help!

    P.S. I'm running samba-3.0.25b-2.fc7 on a Fedora system as you can see...

  2. #2
    Just Joined!
    Join Date
    Sep 2007
    Posts
    6
    Hi,

    i got Samba configured too on a Fedora 7 system, and i configured it to use my LDAP server, now the thing is, i got another system with Centos 4.5, and the Samba server configured in the same away as in Fedora 7, and i log in ok with any user that i got on my LDAP server even if isn't a linux user.

    And on the Fedora 7 when i try to login with a user that exists on the LDAP but doesn't exists on the system it just gives this msg:

    [2007/09/18 18:35:49, 0] passdb/pdb_get_set.cdb_get_group_sid(211)
    pdb_get_group_sid: Failed to find Unix account for drocha

    So this must be some Fedora 7 issue... can any one help me out?

  3. #3
    Just Joined!
    Join Date
    Jul 2007
    Posts
    10
    I got my PDC working, so it's fine. I'm not using LDAP... Thank you for your interest!

  4. #4
    Just Joined!
    Join Date
    Apr 2008
    Posts
    6
    And thank you for telling us how you fixed it.

  5. #5
    Just Joined!
    Join Date
    Sep 2006
    Posts
    3
    Quote Originally Posted by desynced View Post
    And thank you for telling us how you fixed it.
    Yup, I am now having this trouble as well.

    Rob.

  6. #6
    Just Joined!
    Join Date
    Sep 2006
    Posts
    3
    From another forum:

    Robzy, you haven't set up a Domain Admin user who is responsible for adding machines to the domain.

    Come on mate!

    There's a giant howto on this right here: [BUMPED!] How to build a primary domain controller - Open Source OS - Forums - www.atomicmpc.com.au

    You need to add the admin users directive to your [global] section

    So (as an example using "root" do:


    [global]
    ...
    ..
    .
    admin users = root
    Samba as primary domain controller - Open Source OS - Forums - www.atomicmpc.com.au

    Rob.

  7. #7
    Just Joined!
    Join Date
    Jul 2007
    Posts
    10
    Hi guys,

    My mistake with Samba was that I didn't set a root password. First time when a machine wants to join the domain, you have to join it with the samba root user, so you have to add one to samba. Samba 3 is good, but I'm looking forward to get Samba 3 running.

    In order to get it working all you have to do is

    $ smbpasswd -a -m <machine-name>$
    $ smbpasswd -a <user-name>

    and add a root user to the samba. Besides that, you have to change your mains samba.conf file to be a domain controller:

    [global]
    netbios name = <your-machine-name>
    server string = Samba %v on %L
    workgroup = <your-domain-name>

    ; domain & local master browser
    ; coz we're dealing with Win2k
    os level = 65 [or 99 if you want to be sure]
    prefered master = yes
    domain master = yes
    local master = yes
    domain logons = yes

    encrypt passwords = yes [DO NOT FORGET THIS]

    and add the logon scripting stuff!

    A good tutorial about this, you can find at Samba PDC mini-HOWTO.

    Other tutorials at:

    HOWTO Implement Samba as your PDC - Gentoo Linux Wiki
    samba setup and configuration
    http://ploug.eu.org/doc/samba-a4.pdf

    It would be also a good idea to select the interfaces and ip subnets and do the bind interfaces stuff for more securty, otherwise, samba will bind even on the external interfaces and if you don't firewall, you can be vulnerable.

    Have fun!

  8. #8
    Just Joined!
    Join Date
    Aug 2008
    Posts
    3
    Quote Originally Posted by bogdan_bartos View Post
    I'm trying to configure Samba as PDC and I want to join the domain with a Windows machine. I'm adding the machine name like this:

    useradd -g machines -d /dev/null -s /dev/null machine$

    I'm adding it to the samba accounts with:

    smbpasswd a m machine

    I'm also adding the system user usersamba

    useradd -g machines usersamba
    passwd usersamba

    And I'm adding the user also

    smbpasswd -a usersamba

    The main problem is when I'm trying to join the domain [BLUE] with the Windows machine, it gives me one of these errors:

    ACCESS IS DENIED or LOGON FAILURE: UNKNOWN USER NAME OR BAD PASSWORD

    I checked the samba logs and here are the results:

    [2007/07/06 14:12:53, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(250)
    startsmbfilepwent_internal: unable to open file /var/lib/samba/private/smbpasswd. Error was: Permission denied
    [2007/07/06 14:12:53, 0] passdb/pdb_smbpasswd.c:add_smbfilepwd_entry(654)
    add_smbfilepwd_entry: unable to open file.

    or

    [2007/07/06 12:48:03, 1] auth/auth_util.c:make_server_info_sam(566)
    User test1 in passdb, but getpwnam() fails!
    [2007/07/06 12:48:03, 0] auth/auth_sam.c:check_sam_security(352)
    check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'
    [2007/07/06 12:48:04, 0] passdb/pdb_get_set.c: pdb_get_group_sid(211)
    pdb_get_group_sid: Failed to find Unix account for usersamba

    If I try to run vipw, the password file contains this:

    machine$: x:511:512::/dev/null:/dev/null

    So the machine has been added to the list...

    WHAT AM I DOING WRONG? I restarted the smb and nmb service several times and there is no change. If I want to change the security policy and run it just as a workgroup, I can do it, but as a domain, I cannot join it.

    My smb.conf file follows:

    [global]
    workgroup = BLUE
    server string = Samba Server Version %v

    netbios name = BLUEUNIVERSE

    interfaces = lo eth1
    hosts allow = 127. 192.168.0.
    bind interfaces only = yes

    log file = /var/log/samba/log.%m
    max log size = 50

    security = user
    passdb backend = tdbsam

    domain master = yes
    domain logons = yes

    encrypt passwords = yes

    logon script = %u.bat
    logon path =

    local master = yes
    os level = 65
    preferred master = yes

    wins support = yes
    wins server = 192.168.0.1

    load printers = yes
    cups options = raw

    printcap name = /etc/printcap

    printing = cups

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    public = yes
    writable = yes
    printable = yes
    use client driver = yes

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = yes
    writable = no
    share modes = no

    [Profiles]
    path = /var/lib/samba/profiles
    browseable = no
    guest ok = yes

    Thank you for any possible help!

    P.S. I'm running samba-3.0.25b-2.fc7 on a Fedora system as you can see...
    Set oWsh = CreateObject("Wscript.Shell")
    oWsh.RegWrite "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Netlogon\Parameters\requiresignorseal",0,"REG_ DWORD"
    oWsh.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\System\CompatibleRUPSecurity",1,"REG_DWORD"




    make the vb scrpt file with this content and execute it in windiws system then tyr to add the system in to the domain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •