Samba
I have install samba on my machine and i intend to use it as a domain controller.
i've create user1 with pwd1 and user2 with pwd2 i go to my XP workstation and i try to connect to the samba server... user1 give me a 'unknown user or incorect pwd' user2 give me a 'Access denied' were can i start diag this thing? thks |
Hi,
man smbpasswd cu |
Double check to make sure that your computers have the same "workgroup" name and can ping eachother,
also, check directory permissions. Check out webmin (www.webmin.com), it will not only help to manage your samba quite nicely, but other aspects of linux too. |
-yes it does ping
-if i do a net view with my m$ box it doesn't see it... It seems normal since it coul'd join my samba domain home.local -i didn't get any error with testparm -it doesn't resolve it's own name, if i ping sbmserv, i've got an unknown host. - if i type hostname i have a dhcppc1 reply but my smb.conf as a line : netbios name = smbserver |
if you are using xp pro you need tu add a machine acount in your samba: smbpasswd -m <netbios name>
|
Yes, it is a XP Pro
No, it is there with a $ sign and no password I just try to overwrite it but it doesn't change anything... |
I am wondering if i need a bind server to resolve the dn or if it is not necessary?
|
you dont need a dns, samba resolve netbios names, you can read http://hr.uoregon.edu/davidrl/samba/samba-pdc.html if i found e better manual i post you
|
I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS. Can someone clarifies this for me please thks |
I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS. Can someone clarifies this for me please thks |
I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS. Can someone clarifies this for me please thks |
I am fallowing carefully an HOWTO and it seem that i have the isolated the problem a bit
Where it seems to be the problem is something in the fallowing lines that i don't get it... I didn't put anything in those directory, do i have to do anything in Win-profile? %U.bat? \netlogon? [GLOBAL] logon home = \\%L\%U\Win-profile logon drive = s: logon script = %U.bat logon path = \\%L\profiles\\%a\%U [NETLOGON] path = \home\netlogon create mask = 0644 directory mask = 0755 [PROFILES] path = /home/profiles read only =No create mask = 0600 directory mask = 0700 Samba is working because i do have a login window when i try to join the domain.local, it doesn't resolve the name and the password. This is there i stand so far |
logon home = \\%L\%U\Win-profile
shoud that line be: logon home = \\%L\home\%U\Win-profile also should i create that Win-profile directory or file under each user? If so, that does go in? |
what version of samba and distro are you using?
|
This is mi smb.conf and work fine like PDC, i hope this help you:
[global] #smbpasswd file smb passwd file = /etc/smbpasswd # domain workgroup = test # Description server string = Servidor de Acceso y de Aplicacion # like pdc domain logons = yes # user security level security = user # local master local master = yes # for make wins elections os level = 65 # prefered master preferred master = yes # works like pdc domain master = yes encrypt passwords = yes # only if you have more than one eth and only want trusted users # interfaces = <ip trusted> localhost hosts allow = 192.168.0. ;hosts deny = 10.25.0.1 ;add user script = /usr/sbin/useradd -g samba -d /dev/null -s /dev/null -M %u # path for save WinNT/Win2k profiles logon path = \\%L\profiles\%U # path for save Win95/98/ME profiles logon home = \\%L\%U\.profiles # unit letter for users directory logon drive = M: [homes] guest ok = no read only = no browsable = no [netlogon] comment = Domain Service path = /usr/local/samba/netlogon public = no writeable = no [profiles] path = /usr/local/samba/ntprofile writable = yes create mask = 0600 directory mask = 0700 |
I just tried your config file and it seems to go a little further... it did find the smbpasswd file
thks very much i now have a message stating that the account is not allowed to loggin from that workstation it is quite stranged because i did added a machine$ account ... is there a way to tell samba from witch machine the user can logon? |
If you don't have Webmin installed go here www.webmin.com and get it.
Then follow this http://www.webmin.it/webmin/samba-howto.html to the tee and you will have a "mapped" linux drive on your Linux pc in about 5 minutes FX |
EEEEEEK sorry that suppose to be mapped linux drive to your XP machine. (And I even previewed it too. LMAO)
FX |
i haven't winxp clients and works fine, but i find this for winxp clients, hope this help you: http://xp-samba.linuxgod.net/Samba.php
|
if you have redhat try to find the file: WinXP_SignOrSeal.reg in /usr/share/doc/samba-version/docs/Registry/ and fix your xp clients ;)
|
It seems that the problem is more basic than that aiguartua...
I did install webmin and i am reading the HOWTO link thks FXRS again i ended up bugging here: "22. Open up a virtual terminal if you're running X windows or log into your Samba Server if you're running Webmin remotely. Type in: “smbpasswd” username where username is a valid user on your samba server. You'll be prompted for a password and to re-authenticate the password by retyping it. It's recommended that you use the same password that you would to log into the server to keep things easier to manage, but it isn't necessary. Running “smbpasswd” will create an authentication file for Samba to check when you log in to the server from a Windows computer. " i try creating a brand new unix user and convert user into samba user: I see the users it looks ok but when i try smbpasswd (username) i get : Failed to find entry for user x Failed to modify password entry for user x |
By the way: i did changed that key previously, it is in one of the howto.
I just double checked: requiresignorseal = 0 just as stated |
ok, for create machine trust accounts:
(note: you can add a group uf machines: groupadd something) 1.- /usr/sbin/useradd -g something -d /dev/null -c "machine nickname" -s /bin/false machine_name$ 2.- passwd -l machine_name$ (is lower case L not 1) 3.- smbpasswd -a -m machine_name for create user account: 1.- useradd -g some -c "user name" -s /sbin/nologin user 2.- passwd user 3.- smbpasswd user I hope you haven't problems with this |
the last line correct is :
3.- smbpasswd -a user |
Yes everything works fine, all commands are processed correctly.
but after, i try login in, i've got an access denied... |
did you apply the patch to winxp?
|
I am presently trying the /usr/share/doc/samba-version/docs/textdocs/DIAGNOSIS.txt and fallowing the steps, i should be able to do smbclient -L (server name) from the server and get a list of shares...
i might have a clue here... i have a reply after it did asked for a password: session setup failed: NT_STATUS_LOGON_FAILURE |
some new versions of samba use smbadduser to add the user account, try it after adduser
useradd linuxuser:winuser |
sorry, is smbadduser linuxuser:sambauser you can use the same username
|
i tried it with an existing account and i've got :
ERROR: userx is already in /etc/samba/smbpasswd SKIPPING... and i have a user denied message when trying to connect from the workstation. :-( i tried by creating a brend new user useradd usery passwd usery password: yyyyy smbadduser usery:usery New SMB password: yyyyy Password changed for usery -it added fine... i have a user denied message when trying to connect from the workstation. :-( |
Now i have something, this diag howto is excellent: /usr/share/doc/samba-version/docs/textdocs/DIAGNOSIS.txt
Here is what's working: 1. testparm smb.conf give me no error 2. I can ping smbservername from my workstation 3. I can get a list of available shares from my unix box with: smbclient -L smbservername 4. My nmbd demon is correctly installed, i can get back the ip of my server when i issue: nmblookup -B smbservername 5. I can communicate from the server to the client cause i get the ip address back when i issue: nmblookup -B clientname '*' 6. Broadcast from server works cause i get ip from surrounding stations when i issue: nmblookup -d 2 '*' 7a. i have proper share setup because i can access it from the server itself with smbclient //smbservername/sharedfolder 7b. i can even access it from a username i was suspecting problems with: smbclient //smbservername/sharedfolder -U username 8. PROBLEM: i can't view the shares from the workstation i use i open a cmd window from my XP box and i try: net view \\smbservername i get system error 5, access denied witch is not explained in DIAGNOSIS.txt |
add this to the [global] section and make the test 8:
nt acl support = no remember restart samba |
same problem: 'access denied'
i believe that the denied access is oriented towards the PC itself not the user because step 7b did work fine. Going back in our discussion, i focus on create machine trust accounts (this is to give trusts to a PC isn't it?) A) /usr/sbin useradd -g is_the_group_in_witch_users_belong -d /dev/null -c is_the_PC_name_of_the_workstation -s /bin/false PC_name_of_that_workstation$ this replies with: useradd : gui 100 unknown useradd : user x already exist B) passwd -l workstation_PCname$ passwd: Success C) smbpasswd -a -m workstation_PCname Password chanded for workstation_PCname$ |
sorry in step A, instead of:
useradd : gui 100 unknown you shoud read: useradd : gid 100 unknown |
use: groupadd -g 100 name_of_the_group
|
groupadd : the group workstations already exists
|
I installed a new redhat 8 with samba like PDC, using the smb.conf file that posted you and works fine, i just must to change the pass for the root user in samba with smbpasswd.
when I try to join the domain from the clients (win2k) I use the account root with its new password in samba. I can't make probes with winxp because I don't have xp clients. Try the patch for winxp, I think is all you problem |
what is the difference between machine nickname and machine_name$ ???
can i type: /usr/sbin/useradd -g 100 -d /dev/null -c xpws1 -s /bin/false xpws1$ |
/usr/bin/useradd -g 100 -d /dev/null -c "description" account$
-g 100 <- gruop id 100 to add the account -d /dev/null <- work directory, null in this case -c "description of the account" <- only a description account$ <- username to add, in this case account$ is for a machine account |
IT WORKS...
believe it or not, it works... and it might have been working since a while. If i use network neibourhood i see two workgroups: workgroup (xp) and domain.local (samba), by clicing on it i can browse and access files on the samba server. What is strange is that i never join the domain neither can i joint it by using the My Computer Icon > Properties > Computer Name > Change > Domain i always get an denied access i used net use and i got in i went back to network neighborhood and i can browse. well i didn't change anything from that patch since it was correct from higher in the post. I am very curious to find out why i can't join the domain, it seems like it concidered it as a workgroup and not a domain. |
great, at last, try changind the root pass with smbpasswd, and joint the domain with user root an your new pass, reboot xp and enjoy
|
well, it doesn't want to do it...
i convert the user root but it still doesn't want to login in My Computer Icon > Properties > Computer Name > Change > Domain I have an unknown user or incorrect password in gui or cmd line it's the same. :-( |
are you adding the winxp netbios name like machine account plus $ in your linux box?
|
Yes i do
|
sorry, but I don't know what more to do
|
All times are GMT -5. The time now is 12:37 AM. |