problem connecting to my domain in windows 2k

Snerkel · 10-26-2004, 12:39 PM

hi, im sorry this is actually might be a windows question but i didnt know where else to go and it might be linux problem. im trying to connect to my domain from my windows 2000pro box (right click on my computer > properties > network identification then in "member of") click on domain and i enter "HOME" then click ok. it asks me for

Quote:

"Enter a name and password of an account with permission to join the domain".

i added root smbpasswd -a root but when i enter root into the popup u/p box it come up with an error saying

Quote:

"error occured attempting to join the domain "HOME": The crendentials supplied conflict with an existing set of credentials"

can anyone offer any advice ? thanks in advance

Ben

Finlay · 10-26-2004, 01:23 PM

before you try to join the domain goto a command prompt on the windows machine and type:

net use * /delete

if this doesn't work please post your smb.conf

Snerkel · 10-26-2004, 03:08 PM

Im not sure if it worked or not because im not sure what it was ment to do!

Quote:

C:\>net use * /delete
You have these remote connections:

\\Oasis\IPC$
Continuing will cancel the connections.

Do you want to continue this operation? (Y/N) [N]: y
The command completed successfully.

C:\>

so heres my smb.conf aswell

, its bit

Thanks for the help

Ben

Code:

# Global parameters
#
# this file: /etc/samba/smb.conf (SERVER CONFIG)
# by F.Hagethorn <f.hagethorn@precompiled.org>
#
[global]
	coding system = ISO-8859-1
	client code page = 437
	code page directory = /usr/share/samba/codepages
	workgroup = HOME
	netbios name = OASIS
	server string = Welcome to the Nebulae (running: %v)
	bind interfaces only = No
	security = USER
	encrypt passwords = Yes
	update encrypted = Yes
	allow trusted domains = Yes
	min passwd length = 5
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	smb passwd file = /etc/samba/smbpasswd
	root directory = /
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *new*password* %n\n *new*password* %n\n *changed*
	passwd chat debug = No
	password level = 0
	username level = 0
	unix password sync = Yes
	restrict anonymous = No
	lanman auth = Yes
	use rhosts = No
	log level = 1
	syslog = 1
	syslog only = No
	max log size = 5000
	timestamp logs = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	protocol = NT1
	large readwrite = No
	max protocol = NT1
	min protocol = CORE
	read bmpx = No
	read raw = Yes
	write raw = Yes
	nt smb support = Yes
	nt pipe support = Yes
	announce version = 4.5
	announce as = NT
	max mux = 50
	max xmit = 65535
	name resolve order = lmhosts host wins bcast
	max packet = 65535
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = No
	unix extensions = No
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	lpq cache time = 10
	max smbd processes = 0
	max disk size = 0
	max open files = 10000
	read size = 16384
	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
	stat cache size = 50
	use mmap = Yes
	total print jobs = 0
	load printers = Yes
	printcap name = /etc/printcap
	disable spoolss = No
	show add printer wizard = Yes
	strip dot = No
	mangled stack = 50
	stat cache = Yes
	machine password timeout = 604800
	add user script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %m$ ; /usr/bin/smbpasswd -a -m %m
	delete user script = /usr/sbin/userdel %m$ ; /usr/bin/smbpasswd -x %m
	logon script = %U.bat
	logon path = \\%N\profile
	logon drive = X:
	logon home = \\%N\profile
	domain logons = Yes
	os level = 255
	lm announce = Auto
	lm interval = 60
	preferred master = True
	local master = Yes
	domain master = True
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = Yes
	wins proxy = No
	wins support = Yes
	kernel oplocks = Yes
	oplock break wait time = 0
	lock dir = /var/run/samba
	utmp = No
	socket address = 0.0.0.0
	time offset = 0
	NIS homedir = No
	hide local users = No
	host msdfs = No
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = 	winbind cache time = 15
	winbind cache time = 15
	winbind enum users = Yes
	winbind enum groups = Yes
	guest account = nobody
	admin users = root
	read only = Yes
	create mask = 0755
	force create mode = 00
	security mask = -1
	force security mode = -1
	directory mask = 0755
	force directory mode = 00
	directory security mask = -1
	force directory security mode = -1
	inherit permissions = No
	guest only = No
	guest ok = No
	only user = No
	status = Yes
	nt acl support = Yes
	max connections = 0
	min print space = 0
	strict allocate = No
	strict sync = No
	sync always = No
	write cache size = 0
	max print jobs = 1000
	printable = No
	postscript = No
	printing = bsd
	print command = lp -d%p %s
	lpq command = lpq -d%p
	lprm command = lprm -d%p %j
	use client driver = No
	default devmode = No
	printer driver file = /etc/samba/printers.def
	default case = lower
	case sensitive = No
	preserve case = Yes
	short preserve case = Yes
	mangle case = No
	mangling char = ~
	hide dot files = Yes
	hide unreadable = No
	delete veto files = No
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	browseable = Yes
	blocking locks = No
	fake oplocks = Yes
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = No
	share modes = Yes
	preexec close = No
	root preexec close = No
	available = Yes
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	delete readonly = No
	dos filemode = No
	dos filetimes = No
	dos filetime resolution = No
	fake directory create times = No
	msdfs root = No

[Printers]
	comment = All Printers
	path = /tmp
	create mask = 0700
	printable = Yes
	browseable = No

[Netlogon]
	path = /etc/samba/netlogon
	locking = No
	public = No
	browseable = No
	root preexec = /etc/samba/scripts/logon.sh %N %u
	root postexec = /etc/samba/scripts/logout.sh %N %u

[Profile]
	comment = %u's roaming profile
	path = /home/profiles/%u
	locking = No
	public = No
	read only = No
	browseable = No
	root preexec = /etc/samba/scripts/profilecheck.sh %N %u

[Homes]
	comment = %u's homedirectory
	read only = No
	create mask = 0600
	browseable = No

[Cdrom]
	comment = CDROM drive on %N
	path = /cdrom
	root preexec = /etc/samba/scripts/mountcd
	root postexec = /etc/samba/scripts/umountcd

## Use the next two as template for your own shares
#[usershare1]
#	comment = Stuph
#	path = /share1
#	create mask = 0664
#	directory mask = 3775
#	writeable = yes
#	public = no

#[usershare2]
#	comment = More stuph
#	path = /share2   
#	create mask = 0644  
#	directory mask = 3775
#	writeable = yes
#	public = no

[Shared]
	comment = Shared Documents
	path = /home/shared
	create mask = 0644
	directory mask = 3775
	writeable = yes
	public = no

### -------------------------------------------------------------------------
#############################################################################
# Preliminary printer support entries, examples
#
# NOTES:
# place your printers.def file in /etc/samba
#
# To find out more read:
# http://www.jsanten.demon.nl/samba/au...nterdriver.htm
# there are a few items missing on that page
# like the printer queue, if you have multiple.
#
# (before you continue, comment the [Printers] entry above
#
# Continue at your own risk, this configuration is in the testing stage!
# 
#############################################################################

### Where win9x clients can get their driver files from
#[printer$]
#        path = /etc/samba/printer  # place the files that make_printerdef 
#                                   # lists in here
#        public = No      # we only want users that logged in to have acces
#        writable = No    # nope, we only have access from the unix prompt
#        browseable = No  # this share doesnt show up on the browselist 


### The printer definition
#[dj2000c]
#   comment = HP DeskJet 2000c  # A nice comment
#   path = /tmp 		  # where samba places temporary files for this share
#   printable = Yes     # Yes, this is a printer
#   create mask = 0700  # only rwx for owner, rest dont need access
#   browseable = Yes    # Yes, we can see it when browsing the shares on SERVER
#   public = No         # No, we only want users that logged in to have acces
#   printer name = dj2000c            # This is the lpr printer queue
#   printer driver = HP 2000C Printer # This is the windows printer driver name
#   printer driver location = \\%h\printer$  # and here are the driver files
                                             # note; %h will be replaced by
                                             # the netbios name of this
                                             # server by samba, no need to edit

Finlay · 10-26-2004, 04:37 PM

did you try to join the domain after running that command?

Snerkel · 10-26-2004, 05:45 PM

yes i did

should i have created the root smb account in any special way?

Finlay · 10-26-2004, 06:49 PM

the problem was pretty much what the error says.
you had typed \\oasis at the command prompt at some point and that session is remembered for X amount of time, it is known as the IPC$ share. using the net use * /delete command ends all sessions from that computer to any other computer.

The user that was logged into windows is the user for the IPC share. when you tried to contact the same server, oasis, with a different user name it gave you that error.

bottom line is you can not connect to or map a drive to A server with seperate usernames.

Snerkel · 10-26-2004, 06:55 PM

ok, so if i rebooted my comp. logged in as admin, and tried the domain thing straight away would that sort it out? also do i need to input a special user when it asks me for a user/password (im talking about when i goto "mycomp > network id" etc) or does the user need any special prlivages to be able to make my computer join the domain ?

thanks alot

Ben

Finlay · 10-26-2004, 07:07 PM

yes to your question, most likely

windows keeps what they call MRUs in its registry, they remember UNC connections and for reasons only known to hackers and MS employees, it may access one from time to time.

in your smb.conf file you have
admin users = root
that means only root can join machines.

Snerkel · 10-26-2004, 07:10 PM

well i just rebooted, logged as administrator. the first thing i did was right click my comp > properties > network id > properies > member of domain HOME entered root/***** and i get the same error as after i did net use * /delete

Quote:

The following error occured attempting to join the domain "HOME"
Logon failure: unknown user name or bad password.

i dont know whats going on! thanks, Ben

Finlay · 10-26-2004, 09:21 PM

i'm assuming you have added machine accounts for the windows machines?

Snerkel · 10-27-2004, 08:38 AM

no, i dont know how to do that! i created a group in linux called "machines" and i tried to create root like "smbpasswd -m -a root"

Quote:

Failed to initialise SAM_ACCOUNT fo the user root$. Does the user exist in the UNIX password database?
Failed to modify password entry for user root$.

who do i create machine accounts ?

Finlay · 10-27-2004, 01:45 PM

you can't make a machine account out of root

see if this site helps:
http://us3.samba.org/samba/docs/man/...trust-accounts

Snerkel · 10-27-2004, 01:57 PM

sorry im not being pushy but can anyone help me? i have done my bit, ive googled & googled to find the answer but i really cant im sorry

. do you have any ideas? thanks in advance

Ben

Finlay · 10-27-2004, 02:00 PM

i just posted a link that shows you how to create machine accounts.

you can't join the samba domain unless there are machine trust accounts.

i am helping you here, you just need to listen/read

Snerkel · 10-27-2004, 02:01 PM

sorry, when i posted that post yours hadnt showed up :|. thanks.