Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a small network with several Windows XP clients and an Ubuntu server (7.10) running Samba (3.0.26) as a Domain Controller but can't get the clients to login to the domain. Here's my smb.conf:
[global]
name resolve order = wins lmhosts host bcast
idmap gid = 10000-20000
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
admin users = test frc @Admin
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = SRV-01
writeable = yes
printing = cups
idmap uid = 10000-20000
local master = yes
workgroup = CYSOL
os level = 65
printcap name = cups
security = user
max log size = 1000
delete user script = /user/sbin/userdel -r %u
log level = 3
log file = /var/log/samba/log.%m
load printers = yes
add group script = /usr/sbin/groupadd %g
socket options = TCP_NODELAY
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
logon drive = L:
domain master = yes
interfaces = 127.0.0.0/8 eth0
encrypt passwords = yes
logon home = \\%N\%U
printer admin = test frc @Admin
passdb backend = tdbsam
template shell = /bin/bash
wins support = true
server string = %h server (Samba %v, Ubuntu)
path = /usr/network/
unix password sync = no
logon path = \\%N\%U\profile
add user script = /usr/sbin/useradd -m %u
valid users = test frc @Admin
syslog = 0
panic action = /usr/share/samba/panic-action %d
domain logons = yes
#winbind enable local accounts = no
#winbind trusted domains only = yes
#winbind enable local accounts = no
All the client machines have been added to samba as machine trust accounts and users have been added too. In Windows, I can join the domain with the user 'frc' which succeeds and brings up the message 'Welcome to the domain CYSOL'. Its only after restarting and trying to login at startup that it brings up the standard message saying the domain controller is unavailable or machine account not found. testparm shows the server as a PDC with no errors. Here's some lines I've picked out from a few of the logfiles:
smbd.log
[2008/02/21 15:55:37, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not exist.
[2008/02/21 15:55:37, 3] smbd/server.c:exit_server_common(768)
[2008/02/21 15:55:38, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-21-2617085589-4112103509-674510089-1000]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(250)
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2617085589-4112103509-674510089-1000
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
SRV-01.log [server]
[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [CYSOL]\[frc]@[SRV-01] with the new password interface
[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [CYSOL]\[frc]@[SRV-01]
[2008/02/21 15:42:14, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [frc] -> [frc] -> [frc] succeeded
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
fetch gid from cache 10000 -> S-1-5-32-544
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
fetch gid from cache 10001 -> S-1-5-32-545
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-21-2617085589-4112103509-674510089-3000]
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
2008/02/21 15:42:14, 3] smbd/service.c:make_connection_snum(1033)
srv-01 (127.0.0.1) connect to service IPC$ initially as user frc (uid=0, gid=0) (pid 4197)
CYCLE-05.log [client]
[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid frc does not start with 'S-'.
[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @Admin does not start with 'S-'.
[2008/02/21 15:58:04, 2] smbd/uid.c:change_to_user(193)
change_to_user: SMB user (unix user nobody, vuid 101) not permitted access to share IPC$.
[2008/02/21 15:58:04, 0] smbd/service.c:make_connection_snum(928)
Can't become connected user!
If this is a problem with SID/UID/GIDs how do i fix it or even test it?
I'm considering uninstalling samba and reinstalling because i'm running out of ideas on this so any suggestions are appreciated. Please ask if you need any more info or logfile stuff.
Are the XP clients XP pro or XP home? XP home clients can't join a domain.
The samba package or a samba-doc package will the samba 3 books and Using Samba. The "Samba 3 by Example", "Samba 3 HOWTO & Reference" and "Using Samba" books will go through the process of mapping samba & windows accounts such as for the machines and the "Network Administrator" account. If set up properly, you can log in as a "Network Administrator" member and use the same tool to add a machine to the domain. The documentation gives a url to a Windows installation file for the NT based administration tools which work better with samba then the Active Directory based tools.
Also look in /usr/share/samba/, /usr/share/doc/samba-<version>/ or /usr/share/doc/packages/samba/ for a sample script like "smb.conf.default.
Code:
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null
-s /bin/false %u
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
You are missing the "add machine script" entry which is the command which adds an account when you add a client to the domain.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.