LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   access is denied : samba PDC, win2k client (https://www.linuxquestions.org/questions/linux-networking-3/access-is-denied-samba-pdc-win2k-client-38236/)

dkodegwc 12-13-2002 10:37 AM
access is denied : samba PDC, win2k client
 
I got it so my logfile no longer complains about invalid user. I was creating a machine trust account but not an actual user account. I am still having 2 problems.

When i attempt to log onto the domain at bootup I put in my username and password and select DARCSTAR for the domain to log onto and it tells me almost instantly:

"The Domain DARCSTAR is not available."

So i just log in on the local machine and type \\FILESERVER in a command prompt. a username/password box appears, i put in my username and password and it tells me:

\\FILESERVER is no accessible. Access is Denied

in the log file it doesnt give me an error it just says:

Allowed connection from 192.168.1.100 (which is my win2k box).

I'm sorta stumped as to what is the problem. I read through the samba-collection pdf file that someone gave me yesterday but it didn't explain about the error message I am receiving.

joeca12 12-13-2002 01:24 PM
have you created a samba user and a unix user. Am I understanding this right that you have added this machine to the PDC? I would look at your smbpasswd file and make sure the machine is showing up there.

dkodegwc 12-13-2002 01:57 PM
machine Netbios name is: sean
first i added a machine trust account:
useradd sean$
passwd -l sean$
smbpasswd -m -a sean

then i added a user account:
useradd sean
passwd sean (set the password)
smbpasswd -a sean


and when i attempt to log onto the domain it tells me:
The domain DARCSTAR is not available

when i type \\FILESERVER in a command prompt it asks me for username and password i put in sean and the password,
it comes back and tells me:

\\FILESERVER is not accessible
Access is Denied.

in the /var/log/samba.log it says:
Accepted connection from 192.168.1.100 (the win2k machine i am attempting to log in from)

and the log file says no other errors.

any ideas?

server: rh7.2, samba 2.2.7
client: win2k

joeca12 12-13-2002 03:06 PM
Post your smb.conf file. I just did this so it is fresh in my mind. What is the IP of the PDC? Do you have a group called machines under user and groups. There is an script you can run to automatically have your machine added without running those commands. Let me see if I can find the thread I read on that. Post your smb.conf in the meantime.

joeca12 12-13-2002 03:11 PM
I used this and it helped


OK
if you want a "samba domain"
here is my advice.
1 set the smb.conf
I see tat you have almost all set up. but you forgot this
netbios name = XXXwhateveryouwanthereXXX
domain logons = yes

after this is done restart samba by this command ( as root)

/etc/rc.d/init.d/smb restart

then
open you user manager and create a group called machines
remember a group not a user

after issue this command, is very important to be login as root (ex. logoff and log in the system as root, other wise the comand will not run and you get a error messages)

/usr/sbin/useradd -g machines -d /dev/null -c "here-a -pc-description-your-call" -s /bin/false here-netbios name of pc-to-join$

is very importat to add the dollar sing at the end ex. laptop$

so it will look something like this

/usr/sbin/useradd -g machines -d /dev/null -c "machines descriptions " -s /bin/false machine-name$

this command tell the system to create a user on the machines groups, that will not have a home sience we do not need a home for the machines just for user accounts

the issues this command

passwd -l machine-name$

again change the machine-name to the name of the pc ( netbios name)
after that
create a account on the samba server for the machines using this command

smbpasswd -a m machine-name

then create user accojnts on the samba server
with this command

smbpasswd -a here-a-user-that-exist-on-the-linux-server

type the same password as the linux box


ok

to join a client to a domain here more info


with pictures on how to

http://www.mandrakeuser.org/docs/connect/csamba6.html


please perdon my english is my second lenguaje.

keep us up to date

dkodegwc 12-14-2002 10:25 AM
I did exactly what you said....

here is what the log file says after i open a run window in win2k and type \\FILESERVER:

[2002/12/14 11:30:56, 2] smbd/reply.c:reply_special(91)
netbios connect: name1=FILESERVER name2=SEAN
[2002/12/14 11:30:56, 2] smbd/reply.c:reply_special(110)
netbios connect: local=fileserver remote=sean
[2002/12/14 11:30:56, 2] smbd/reply.c:reply_sesssetup_and_X(985)
Defaulting to Lanman password for sean


and it pops up that same box saying:
\\FILESERVER is not accessible
Access is Denied.


IP of the samba server is: 192.168.1.101
Win2k Machine IP is: 192.168.1.100

one other thing is i also tried to login as root, and it tells me the same thing, that access is denied?

here is smb.conf:

[global]
; valid users = root sean
admin users = root
nt pipe support = no
nt smb support = no
obey pam restrictions = no
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
password level = 8
username level = 8
; unix password sync = Yes
; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = yes
domain master = Yes
preferred master = Yes
local master = Yes
logon drive = U:
logon home = \\FILESERVER\%u
logon path = \\%N\profiles\%u
logon script = websuers.bat
os level = 64
dns proxy = no
security = user
; hosts allow = 192.168.1. 127.
netbios name = FILESERVER
workgroup = darcstar
log level = 2
log file = /var/log/samba.log
smb passwd file = /etc/samba/smbpasswd
wins support = Yes
add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u

[UserDir]
create mode = 0600
directory mode = 0700
path = %H
read only = no
; valid users = %S

[Sites]
create mode = 0600
directory mode = 0700
path = /home/sites
browseable = yes
writeable = yes
guest ok = no
read only = no

[netlogon]
comment = Network Logon Service
path = /home/netlogon/
root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /home/netlogon/ && chmod 644 /home/netlogon/%U.bat;
root postexec = rm -f /home/netlogon/%U.bat
read only = yes
write list = root
; browseable = no

[profiles]
path = /home/profiles/
read only = no
create mask = 0600
directory mask = 0700


i cant figure out the problem..driving me nuts!!!

dkodegwc 12-14-2002 11:02 AM
i have an update:

I commented out the three lines at the top of the smb.conf:
nt pipe support = no
nt smb support = no
obey pam restrictions = no

and now i can login by going to \\FILESERVER through the run window....

the only problem i am having now is when i attempt to logon at the first screen when i boot up it tells me:

the system cannot log you on to this domain because the systems computer account in its primary domain is missing or the password on that account is incorrect???

thanks


All times are GMT -5. The time now is 05:58 PM.