Hello,
I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E
I have 2 users on this server right now: Root, Dsanchez.

I have also issued this command to set up these 2 users on the Samba Server as well.
smbpasswd -a root
smbpasswd -a dsanchez
and i set up the password to match the linux account.

I have created a group called "ntadmins" and linked that group with "domain admin"

now, i go to my XP Pro machine and try to 'Join' the domain.
so i right click on My Computer -> Proporites -> Computer Name tab -> Change. I then go to the section that says Member of and i change it to Domain and add the domain name.
I then add the root account info. hart\root
and the password for root. I then get this error.
The following error occurred attempting to join the domain "hart".
logon failure: unknown username or bad password.

I have also tried to user 'admin' and 'administrator' with the same error.
I have added the User dsanchez to the ntadmins group and when i try to login
using this account I get the same error.

It seems that i have missed something, the user accounts dont seem to be talking between the Linux accounts and the samba account.
\But i have read all the posts i could find as well as 2 books and i still can't find what i have wrong.

Here is my smb.conf file.


[global]
log file = /var/log/samba/%m.log
load printers = yes
smb passwd file = /etc/samba/smbpasswd %u
; domain administrators
domain admin group = @ntadmins
domain admin users = root
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
idmap gid = 16777216-33554431
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /etc/samba/smbusers
domain master = yes
hosts allow = 10.78. 127.
encrypt passwords = yes
winbind use default domain = no
passwd program = /usr/bin/passwd %u
template shell = /bin/false
dns proxy = no
netbios name = Zeus
cups options = raw
server string = Samba PDC Server
idmap uid = 16777216-33554431
password server = None
unix password sync = yes
local master = yes
workgroup = hart
os level = 64
add user script = /usr/sbin/useradd .d /dev/null .g 100 .s /bin/false .M %u
printcap name = /etc/printcap
security = user
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false
max log size = 50
domain logons = yes

[homes]
comment = Home Directories
browseable = no
writeable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
write list = @ntadmins
path = /opt/samba/netlogon

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
printable = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; read only = yes
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765

Have you looked at this forum?
http://www.linuxquestions.org/questi...hreadid=345734

Cool thanks, i'll give it a shot.

Well i read that thread and it still doesnt help.

I still can't join the domain.

When i try to join the domain using the user name
root, admin, administrator i still get the error:
Your computer could not be joined to the domain because the following error occurred:
The username could not be found.

However i did do this:
#smbpasswd -a root

So i do have the root user setup, I just can't figure out why it won't
connect.
I've been working on this for 2 weeks with no change.

Have you created a machine account on the Samba server??

No i didn't do it that way cause i am adding quite a few machines to this Domain.

So i added this scripts to my smb.conf file

add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false

add user script = /usr/sbin/useradd .d /dev/null .g 100 .s /bin/false .M %u

Don't these do the same thing?

The problem has to be with the root user account.
This just doesn't make sense. All error point to the user name root not being able to access the server.
But i have added root to smb by issueing the following command.

smbpasswd -a root

however when i am on the windows machine and i try to connect i get the following error when i try and use the root account to join the domain.

Your computer could not be joined to the domain because the following error occurred:

The user name could not be found.

What else can i do?
I'm running out of time.

By the way i even tried that

[root@Zeus samba]# smbpasswd -a -m $win2kbox
Failed to initialise SAM_ACCOUNT for user root$. Does this user exist in the UNIX password database ?
Failed to modify password entry for user root$

I can't belive that i have been at this same point for a week and nothing works.
I'm really getting upset with this.

Ok, so this is were i am. Well its really the same excate place i have been for over a week now.


The problem is that i can't join using the root login from the Windows machine when i try to login.

I did find that this script
add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false

has a group of 102

and the machine log file that was in /var/log/samba/<machinename>.log
had this error in it.

useradd: unknown group 102

however i do have this script in the smb.conf file.

add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u


So do i need both of these lines?
do i need to make a group with the Gid of 102?
Please Does anyone have anything to add?
PLEASE! I really need to get this done this week.


smb.conf:

# Global parameters
[global]
workgroup = ETNET
server string = Samba PDC Server %v
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*success fully*
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
hosts allow = 10.78., 127.
cups options = raw

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
share modes = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

This is the smbd.log

[2005/08/09 10:53:29, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/09 10:53:29, 2] smbd/server.c:main(764)
uid=0 gid=0 euid=0 egid=0
[2005/08/09 10:53:29, 2] param/loadparm.c:do_section(3421)
Processing section "[homes]"
[2005/08/09 10:53:29, 2] param/loadparm.c:do_section(3421)
Processing section "[netlogon]"
[2005/08/09 10:53:29, 2] param/loadparm.c:do_section(3421)
Processing section "[printers]"
[2005/08/09 10:53:29, 2] lib/interface.c:add_interface(79)
added interface ip=10.78.2.55 bcast=10.78.255.255 nmask=255.255.0.0
[2005/08/09 10:53:29, 0] smbd/server.c:main(794)
standard input is not a socket, assuming -D option
[2005/08/09 10:53:29, 0] lib/pidfile.cidfile_create(91)
ERROR: smbd is already running. File /var/run/smbd.pid exists and process id 3823 is running.
[2005/08/09 10:53:45, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/09 11:02:07, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/09 11:44:43, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/09 11:45:59, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2005/08/09 11:57:57, 0] smbd/server.c:main(760)
smbd version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1992-2004

This is the nmbd.log

*****
[2005/08/09 11:57:57, 0] nmbd/nmbd.c:terminate(56)
Got SIGTERM: going down...
[2005/08/09 11:57:57, 0] nmbd/nmbd.c:main(669)
Netbios nameserver version 3.0.10-1.4E started.
Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/08/09 11:57:57, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
add_domain_logon_names:
Attempting to become logon server for workgroup ETNET on subnet 10.78.2.55
[2005/08/09 11:57:57, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bca st(282)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup ETNET on subnet 10.78.2.55
[2005/08/09 11:57:57, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bca st(295)
become_domain_master_browser_bcast: querying subnet 10.78.2.55 for domain master browser on workgroup ETNET
[2005/08/09 11:58:01, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for workgroup ETNET on subnet 10.78.2.55
[2005/08/09 11:58:05, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
*****

Samba server ZEUS is now a domain master browser for workgroup ETNET on subnet 10.78.2.55

*****
[2005/08/09 11:58:20, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
*****

Samba name server ZEUS is now a local master browser for workgroup ETNET on subnet 10.78.2.55

*****

smbusers:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest

Thanks.

I have also made the following changes to the XP box.

Registry changes:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal

Which i set to '0' from '1'

I have made sure the following in Local Security Policy is set:
I edited or checked the following entries:
"Domain member: Digitally encrypt or sign secure channel(Disabled)"
"Domain member: Disable machine account password changes(Disabled)."
"Domain member: Require strong (Windows 2000 or later) session key(Disabled)"


Then i go to the Systems Properties/computer name change/

I change from workgroup: workgroup to Domain:ETINET

Then i click the 'ok' button, and a login window pops up.

I then use the following usernames to 'Join'

root
admin
administrator
dsanchez
etinet\root
etinet\admin
etinet\administrator
etinet\dsanchez

I get the following error when i try to join as:
administrator
admin
etinet\admin
etinet\administrator

The following error occurred attempting to join the domain "ETINET": Logon Failure: Unknown Username or bad password.

When i try using the following this is what i get:
root
etinet\root

The following error occurred attempting to join the domain "ETINET": The username could not be found.

Then, if i try and use my account, whcih i added to the root group.
Dsanchez
etinet\Dsanchez

The following error occurred attempting to join the domain "ETINET": Access is Denied.


Note, this is an XP SP2 Machine and i only have 1 user on this machine (Dsanchez)

Thanks,

Would it be too annoying if we set the SAMBA server to a workgroup with a freely available folder just to rule out any networking/firewalling issues?

Sure, by that do you mean like a public type folder ?

Yes. Exactly.

Hey, I was "out sick" for a tad. Did you resolve this?

try to check your machine group if it is existing or not.

i got the same problem with you but i found that the machine group i am using is existing.

after i added the group machine everything works fine.