access is denied : samba PDC, win2k client
I got it so my logfile no longer complains about invalid user. I was creating a machine trust account but not an actual user account. I am still having 2 problems.
When i attempt to log onto the domain at bootup I put in my username and password and select DARCSTAR for the domain to log onto and it tells me almost instantly: "The Domain DARCSTAR is not available." So i just log in on the local machine and type \\FILESERVER in a command prompt. a username/password box appears, i put in my username and password and it tells me: \\FILESERVER is no accessible. Access is Denied in the log file it doesnt give me an error it just says: Allowed connection from 192.168.1.100 (which is my win2k box). I'm sorta stumped as to what is the problem. I read through the samba-collection pdf file that someone gave me yesterday but it didn't explain about the error message I am receiving. |
have you created a samba user and a unix user. Am I understanding this right that you have added this machine to the PDC? I would look at your smbpasswd file and make sure the machine is showing up there.
|
machine Netbios name is: sean
first i added a machine trust account: useradd sean$ passwd -l sean$ smbpasswd -m -a sean then i added a user account: useradd sean passwd sean (set the password) smbpasswd -a sean and when i attempt to log onto the domain it tells me: The domain DARCSTAR is not available when i type \\FILESERVER in a command prompt it asks me for username and password i put in sean and the password, it comes back and tells me: \\FILESERVER is not accessible Access is Denied. in the /var/log/samba.log it says: Accepted connection from 192.168.1.100 (the win2k machine i am attempting to log in from) and the log file says no other errors. any ideas? server: rh7.2, samba 2.2.7 client: win2k |
Post your smb.conf file. I just did this so it is fresh in my mind. What is the IP of the PDC? Do you have a group called machines under user and groups. There is an script you can run to automatically have your machine added without running those commands. Let me see if I can find the thread I read on that. Post your smb.conf in the meantime.
|
I used this and it helped
OK if you want a "samba domain" here is my advice. 1 set the smb.conf I see tat you have almost all set up. but you forgot this netbios name = XXXwhateveryouwanthereXXX domain logons = yes after this is done restart samba by this command ( as root) /etc/rc.d/init.d/smb restart then open you user manager and create a group called machines remember a group not a user after issue this command, is very important to be login as root (ex. logoff and log in the system as root, other wise the comand will not run and you get a error messages) /usr/sbin/useradd -g machines -d /dev/null -c "here-a -pc-description-your-call" -s /bin/false here-netbios name of pc-to-join$ is very importat to add the dollar sing at the end ex. laptop$ so it will look something like this /usr/sbin/useradd -g machines -d /dev/null -c "machines descriptions " -s /bin/false machine-name$ this command tell the system to create a user on the machines groups, that will not have a home sience we do not need a home for the machines just for user accounts the issues this command passwd -l machine-name$ again change the machine-name to the name of the pc ( netbios name) after that create a account on the samba server for the machines using this command smbpasswd -a m machine-name then create user accojnts on the samba server with this command smbpasswd -a here-a-user-that-exist-on-the-linux-server type the same password as the linux box ok to join a client to a domain here more info with pictures on how to http://www.mandrakeuser.org/docs/connect/csamba6.html please perdon my english is my second lenguaje. keep us up to date |
I did exactly what you said....
here is what the log file says after i open a run window in win2k and type \\FILESERVER: [2002/12/14 11:30:56, 2] smbd/reply.c:reply_special(91) netbios connect: name1=FILESERVER name2=SEAN [2002/12/14 11:30:56, 2] smbd/reply.c:reply_special(110) netbios connect: local=fileserver remote=sean [2002/12/14 11:30:56, 2] smbd/reply.c:reply_sesssetup_and_X(985) Defaulting to Lanman password for sean and it pops up that same box saying: \\FILESERVER is not accessible Access is Denied. IP of the samba server is: 192.168.1.101 Win2k Machine IP is: 192.168.1.100 one other thing is i also tried to login as root, and it tells me the same thing, that access is denied? here is smb.conf: [global] ; valid users = root sean admin users = root nt pipe support = no nt smb support = no obey pam restrictions = no pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* password level = 8 username level = 8 ; unix password sync = Yes ; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = yes domain master = Yes preferred master = Yes local master = Yes logon drive = U: logon home = \\FILESERVER\%u logon path = \\%N\profiles\%u logon script = websuers.bat os level = 64 dns proxy = no security = user ; hosts allow = 192.168.1. 127. netbios name = FILESERVER workgroup = darcstar log level = 2 log file = /var/log/samba.log smb passwd file = /etc/samba/smbpasswd wins support = Yes add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u [UserDir] create mode = 0600 directory mode = 0700 path = %H read only = no ; valid users = %S [Sites] create mode = 0600 directory mode = 0700 path = /home/sites browseable = yes writeable = yes guest ok = no read only = no [netlogon] comment = Network Logon Service path = /home/netlogon/ root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /home/netlogon/ && chmod 644 /home/netlogon/%U.bat; root postexec = rm -f /home/netlogon/%U.bat read only = yes write list = root ; browseable = no [profiles] path = /home/profiles/ read only = no create mask = 0600 directory mask = 0700 i cant figure out the problem..driving me nuts!!! |
i have an update:
I commented out the three lines at the top of the smb.conf: nt pipe support = no nt smb support = no obey pam restrictions = no and now i can login by going to \\FILESERVER through the run window.... the only problem i am having now is when i attempt to logon at the first screen when i boot up it tells me: the system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect??? thanks |
All times are GMT -5. The time now is 05:58 PM. |