Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-11-2003, 12:45 AM
|
#1
|
Member
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Rep:
|
Samba PDC Error
I'm hoping that someone can help me out.
I have configured my Samba server to be my PDC, but when I try to get a windows box (Windoze ME) to logon to the domain, I get the following error:
No domain server was available to validate your password. You may not be able to gain access to some network resources.
Looking through my samba log files, I noticed the following...
smbd/password.c:domain_client_validate
domcin_client_validate could not fetch trust account password for domain HOME.
Help please!
|
|
|
01-11-2003, 01:01 PM
|
#2
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
what's the default user? make sure it exists, or that you have not specified a default user in the smb.conf file
|
|
|
01-11-2003, 07:17 PM
|
#4
|
Member
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Original Poster
Rep:
|
David,
I'm not sure I understand what you mean by default user. I've created the machine account, but I'm not sure what the default users is or where is would go in the smb.conf file.
|
|
|
01-11-2003, 07:52 PM
|
#5
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
ok, if it's not there then it's "nobody". Which should be ok
let's see your config file
|
|
|
01-11-2003, 07:53 PM
|
#6
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
Here's mine
Code:
[global]
workgroup = HOME
netbios name = SERVER
server string = Samba Server
interfaces = 192.168.0.1/32 192.168.1.1/32
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
password level = 8
username level = 3
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %U.bat
logon path = \\%L\Profiles\nt\%U
logon home = \\%L\Profiles\98\%U
domain logons = Yes
os level = 85
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
remote announce = 192.168.0.255 192.168.1.255
hosts allow = 192.168.0. 192.168.1. 127.
printing = lprng
printer admin = root
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
[netlogon]
path = /var/spool/samba/netlogon
browseable = No
root preexec = /var/spool/samba/bin/ntlogon.py -d /var/spool/samba/netlogon/ --user=%U --os=%m
root postexec = rm /var/spool/samba/netlogon/%U.bat
write list = root
[Profiles]
path = /var/spool/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
[public]
comment = Public
path = /var/spool/samba/public
write list = @users
read only = No
create mask = 0644
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No
[print$]
path = /var/spool/samba/printers
browseable = yes
read only = yes
write list = root
[lp0]
path = /var/spool/samba
read only = No
guest ok = Yes
printable = Yes
printer name = lp0
printer driver = "HP DeskJet 890C"
oplocks = No
Last edited by DavidPhillips; 01-11-2003 at 07:55 PM.
|
|
|
01-11-2003, 07:56 PM
|
#7
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
Also you should not need a machine account for ME. THe machine account is needed for NT
|
|
|
01-11-2003, 08:13 PM
|
#8
|
Member
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Original Poster
Rep:
|
ok
Here's my smb.conf.
# Samba config file created using SWAT
# from sporran (127.0.0.1)
# Date: 2003/01/11 14:41:03
# Global parameters
[global]
workgroup = HOME
netbios name = SPORRAN
server string = Samba Server
interfaces = eth0
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successf
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = Yes
domain master = Yes
wins server = 192.168.0.1
winbind uid = 10000-20000
winbind gid = 10000-20000
printing = lprng
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[Windows2000]
comment = Windows2000
path = /mnt/windoze2k
[WindowsXP]
comment = WindowsXP
path = /mnt/windozexp
|
|
|
01-11-2003, 08:49 PM
|
#9
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
I see you have winxp
is that the client with the problem?
nt requires a logon path
logon path = \\%L\Profiles\nt\%U
windows 98 requires a logon home
logon home = \\%L\Profiles\98\%U
I'm not so sure about the winbind uid and gid
something does not look right about it
|
|
|
01-11-2003, 09:52 PM
|
#10
|
Member
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Original Poster
Rep:
|
Ha! I've finally got it working!
I took David's smb.conf file and added bits that were missing from mine and it's now working like a treat!
Thanks to all who posted.
Rohan
|
|
|
01-12-2003, 12:08 AM
|
#11
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
great!
the print$ section is cool as well if you have a printer.
the way it's setup in the example file will allow clients to install the printer directly from the server without having install drivers and all that.
if your using nt/2k/xp you will also want the "ntlogon" script
the "add user script" will create your machine accounts for you
|
|
|
01-12-2003, 12:10 AM
|
#12
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
Has anyone figured out a way to get xp to work without modifying the clients security policy?
Last edited by DavidPhillips; 01-12-2003 at 12:18 AM.
|
|
|
01-12-2003, 04:05 AM
|
#13
|
Member
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177
Original Poster
Rep:
|
I haven't tried to log on with an XP box yet.... I'll give it a try soon and see if I can get it to work...
|
|
|
01-12-2003, 04:32 AM
|
#14
|
LQ Guru
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163
Rep:
|
ok,
Unless you have figured out something I don't know about you will need to run secpol.msc
There is a policy on the system that has domain client secure port encryption set to always. It needs to be disabled.
I believe the error is "cannot get permission to join the machine to the domain" or something like that. I can't remember the exact error.
|
|
|
All times are GMT -5. The time now is 06:34 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|