Samba
 

I have install samba on my machine and i intend to use it as a domain controller.
i've create user1 with pwd1 and user2 with pwd2
i go to my XP workstation and i try to connect to the samba server...
user1 give me a 'unknown user or incorect pwd'
user2 give me a 'Access denied'

were can i start diag this thing?
thks

Hi,

man smbpasswd

cu

Double check to make sure that your computers have the same "workgroup" name and can ping eachother,
also, check directory permissions.

Check out webmin (www.webmin.com),

it will not only help to manage your samba quite nicely, but other aspects of linux too.

-yes it does ping

-if i do a net view with my m$ box it doesn't see it... It seems normal since it coul'd join my samba domain home.local

-i didn't get any error with testparm

-it doesn't resolve it's own name, if i ping sbmserv, i've got an unknown host.

- if i type hostname i have a dhcppc1 reply but my smb.conf as a line :
netbios name = smbserver

if you are using xp pro you need tu add a machine acount in your samba: smbpasswd -m <netbios name>

Yes, it is a XP Pro
No, it is there with a $ sign and no password

I just try to overwrite it but it doesn't change anything...

I am wondering if i need a bind server to resolve the dn or if it is not necessary?

you dont need a dns, samba resolve netbios names, you can read http://hr.uoregon.edu/davidrl/samba/samba-pdc.html if i found e better manual i post you

I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS.

Can someone clarifies this for me please
thks

I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS.

Can someone clarifies this for me please
thks

I don't get it!
I tought that a PDC was a domain controller controling a 'domain...' I tought i could get it to resolve domain name and get away from WINS.

Can someone clarifies this for me please
thks

I am fallowing carefully an HOWTO and it seem that i have the isolated the problem a bit
Where it seems to be the problem is something in the fallowing lines that i don't get it... I didn't put anything in those directory, do i have to do anything in Win-profile? %U.bat? \netlogon?

[GLOBAL]
logon home = \\%L\%U\Win-profile
logon drive = s:

logon script = %U.bat
logon path = \\%L\profiles\\%a\%U

[NETLOGON]
path = \home\netlogon
create mask = 0644
directory mask = 0755

[PROFILES]
path = /home/profiles
read only =No
create mask = 0600
directory mask = 0700

Samba is working because i do have a login window when i try to join the domain.local, it doesn't resolve the name and the password. This is there i stand so far

logon home = \\%L\%U\Win-profile
shoud that line be:
logon home = \\%L\home\%U\Win-profile

also should i create that Win-profile directory or file under each user?

If so, that does go in?

what version of samba and distro are you using?

This is mi smb.conf and work fine like PDC, i hope this help you:

[global]

#smbpasswd file
smb passwd file = /etc/smbpasswd

# domain
workgroup = test

# Description
server string = Servidor de Acceso y de Aplicacion

# like pdc
domain logons = yes

# user security level
security = user

# local master
local master = yes

# for make wins elections
os level = 65

# prefered master
preferred master = yes

# works like pdc
domain master = yes
encrypt passwords = yes

# only if you have more than one eth and only want trusted users
# interfaces = <ip trusted> localhost
hosts allow = 192.168.0.
;hosts deny = 10.25.0.1
;add user script = /usr/sbin/useradd -g samba -d /dev/null -s /dev/null -M %u

# path for save WinNT/Win2k profiles
logon path = \\%L\profiles\%U

# path for save Win95/98/ME profiles
logon home = \\%L\%U\.profiles

# unit letter for users directory
logon drive = M:

[homes]
guest ok = no
read only = no
browsable = no

[netlogon]
comment = Domain Service
path = /usr/local/samba/netlogon
public = no
writeable = no

[profiles]
path = /usr/local/samba/ntprofile
writable = yes
create mask = 0600
directory mask = 0700

I just tried your config file and it seems to go a little further... it did find the smbpasswd file
thks very much

i now have a message stating that the account is not allowed to loggin from that workstation
it is quite stranged because i did added a machine$ account ...

is there a way to tell samba from witch machine the user can logon?

If you don't have Webmin installed go here www.webmin.com and get it.

Then follow this http://www.webmin.it/webmin/samba-howto.html to the tee and you will have a "mapped" linux drive on your Linux pc in about 5 minutes

FX

EEEEEEK sorry that suppose to be mapped linux drive to your XP machine. (And I even previewed it too. LMAO)

FX

i haven't winxp clients and works fine, but i find this for winxp clients, hope this help you: http://xp-samba.linuxgod.net/Samba.php

if you have redhat try to find the file: WinXP_SignOrSeal.reg in /usr/share/doc/samba-version/docs/Registry/ and fix your xp clients ;)

It seems that the problem is more basic than that aiguartua...

I did install webmin and i am reading the HOWTO link
thks FXRS

again i ended up bugging here:
"22. Open up a virtual terminal if you're running X windows or log into your Samba Server if you're running Webmin remotely. Type in: “smbpasswd” username where username is a valid user on your samba server. You'll be prompted for a password and to re-authenticate the password by retyping it. It's recommended that you use the same password that you would to log into the server to keep things easier to manage, but it isn't necessary. Running “smbpasswd” will create an authentication file for Samba to check when you log in to the server from a Windows computer. "

i try creating a brand new unix user and convert user into samba user: I see the users it looks ok but when i try smbpasswd (username) i get :
Failed to find entry for user x
Failed to modify password entry for user x

By the way: i did changed that key previously, it is in one of the howto.
I just double checked: requiresignorseal = 0 just as stated

ok, for create machine trust accounts:
(note: you can add a group uf machines: groupadd something)
1.- /usr/sbin/useradd -g something -d /dev/null -c "machine nickname" -s /bin/false machine_name$
2.- passwd -l machine_name$ (is lower case L not 1)
3.- smbpasswd -a -m machine_name

for create user account:
1.- useradd -g some -c "user name" -s /sbin/nologin user
2.- passwd user
3.- smbpasswd user

I hope you haven't problems with this

the last line correct is :
3.- smbpasswd -a user

Yes everything works fine, all commands are processed correctly.
but after, i try login in, i've got an access denied...

did you apply the patch to winxp?

I am presently trying the /usr/share/doc/samba-version/docs/textdocs/DIAGNOSIS.txt and fallowing the steps, i should be able to do smbclient -L (server name) from the server and get a list of shares...

i might have a clue here...
i have a reply after it did asked for a password:
session setup failed: NT_STATUS_LOGON_FAILURE

some new versions of samba use smbadduser to add the user account, try it after adduser

useradd linuxuser:winuser

sorry, is smbadduser linuxuser:sambauser you can use the same username

i tried it with an existing account and i've got :
ERROR: userx is already in /etc/samba/smbpasswd SKIPPING...
and i have a user denied message when trying to connect from the workstation. :-(

i tried by creating a brend new user
useradd usery
passwd usery
password: yyyyy
smbadduser usery:usery
New SMB password: yyyyy
Password changed for usery
-it added fine...

i have a user denied message when trying to connect from the workstation. :-(

Now i have something, this diag howto is excellent: /usr/share/doc/samba-version/docs/textdocs/DIAGNOSIS.txt

Here is what's working:
1. testparm smb.conf give me no error
2. I can ping smbservername from my workstation
3. I can get a list of available shares from my unix box with:
smbclient -L smbservername
4. My nmbd demon is correctly installed, i can get back the ip of my server when i issue:
nmblookup -B smbservername
5. I can communicate from the server to the client cause i get the ip address back when i issue:
nmblookup -B clientname '*'
6. Broadcast from server works cause i get ip from surrounding stations when i issue:
nmblookup -d 2 '*'
7a. i have proper share setup because i can access it from the server itself with
smbclient //smbservername/sharedfolder

7b. i can even access it from a username i was suspecting problems with:
smbclient //smbservername/sharedfolder -U username

8. PROBLEM: i can't view the shares from the workstation i use
i open a cmd window from my XP box and i try:
net view \\smbservername
i get system error 5, access denied
witch is not explained in DIAGNOSIS.txt

add this to the [global] section and make the test 8:

nt acl support = no

remember restart samba

same problem: 'access denied'

i believe that the denied access is oriented towards the PC itself not the user because step 7b did work fine.

Going back in our discussion, i focus on create machine trust accounts (this is to give trusts to a PC isn't it?)

A) /usr/sbin useradd -g is_the_group_in_witch_users_belong -d /dev/null -c is_the_PC_name_of_the_workstation -s /bin/false PC_name_of_that_workstation$

this replies with:
useradd : gui 100 unknown
useradd : user x already exist

B) passwd -l workstation_PCname$
passwd: Success

C) smbpasswd -a -m workstation_PCname
Password chanded for workstation_PCname$

sorry in step A, instead of:
useradd : gui 100 unknown

you shoud read:
useradd : gid 100 unknown

use: groupadd -g 100 name_of_the_group

groupadd : the group workstations already exists

I installed a new redhat 8 with samba like PDC, using the smb.conf file that posted you and works fine, i just must to change the pass for the root user in samba with smbpasswd.

when I try to join the domain from the clients (win2k) I use the account root with its new password in samba.

I can't make probes with winxp because I don't have xp clients.

Try the patch for winxp, I think is all you problem

what is the difference between machine nickname and machine_name$ ???

can i type:
/usr/sbin/useradd -g 100 -d /dev/null -c xpws1 -s /bin/false xpws1$

/usr/bin/useradd -g 100 -d /dev/null -c "description" account$

-g 100 <- gruop id 100 to add the account
-d /dev/null <- work directory, null in this case
-c "description of the account" <- only a description
account$ <- username to add, in this case account$ is for a machine account

IT WORKS...
believe it or not, it works... and it might have been working since a while.
If i use network neibourhood i see two workgroups: workgroup (xp) and domain.local (samba), by clicing on it i can browse and access files on the samba server.
What is strange is that i never join the domain neither can i joint it by using the My Computer Icon > Properties > Computer Name > Change > Domain
i always get an denied access
i used net use and i got in
i went back to network neighborhood and i can browse.
well i didn't change anything from that patch since it was correct from higher in the post.

I am very curious to find out why i can't join the domain, it seems like it concidered it as a workgroup and not a domain.

great, at last, try changind the root pass with smbpasswd, and joint the domain with user root an your new pass, reboot xp and enjoy

well, it doesn't want to do it...
i convert the user root but it still doesn't want to login in My Computer Icon > Properties > Computer Name > Change > Domain
I have an unknown user or incorrect password
in gui or cmd line it's the same. :-(

are you adding the winxp netbios name like machine account plus $ in your linux box?

Yes i do

sorry, but I don't know what more to do