LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-10-2003, 11:45 PM   #1
rohang
Member
 
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Rep: Reputation: 30
Unhappy Samba PDC Error


I'm hoping that someone can help me out.

I have configured my Samba server to be my PDC, but when I try to get a windows box (Windoze ME) to logon to the domain, I get the following error:

No domain server was available to validate your password. You may not be able to gain access to some network resources.

Looking through my samba log files, I noticed the following...

smbd/password.c:domain_client_validate
domcin_client_validate could not fetch trust account password for domain HOME.

Help please!
 
Old 01-11-2003, 12:01 PM   #2
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
what's the default user? make sure it exists, or that you have not specified a default user in the smb.conf file
 
Old 01-11-2003, 12:18 PM   #3
wdingus
Member
 
Registered: Aug 2001
Location: Kingsport, TN
Distribution: RHEL & FC
Posts: 267

Rep: Reputation: 30
Someone recently posted this link... It might help:

http://www-1.ibm.com/servers/esdd/tutorials/samba/
 
Old 01-11-2003, 06:17 PM   #4
rohang
Member
 
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Original Poster
Rep: Reputation: 30
David,

I'm not sure I understand what you mean by default user. I've created the machine account, but I'm not sure what the default users is or where is would go in the smb.conf file.
 
Old 01-11-2003, 06:52 PM   #5
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
ok, if it's not there then it's "nobody". Which should be ok


let's see your config file
 
Old 01-11-2003, 06:53 PM   #6
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
Here's mine

Code:
[global]
   workgroup = HOME
   netbios name = SERVER
   server string = Samba Server
   interfaces = 192.168.0.1/32 192.168.1.1/32
   encrypt passwords = Yes
   obey pam restrictions = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
   password level = 8
   username level = 3
   unix password sync = Yes
   log file = /var/log/samba/%m.log
   max log size = 0
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   logon script = %U.bat
   logon path = \\%L\Profiles\nt\%U
   logon home = \\%L\Profiles\98\%U
   domain logons = Yes
   os level = 85
   preferred master = Yes
   domain master = Yes
   wins proxy = Yes
   wins support = Yes
   remote announce = 192.168.0.255 192.168.1.255
   hosts allow = 192.168.0. 192.168.1. 127.
   printing = lprng
   printer admin = root
   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

[netlogon]
   path = /var/spool/samba/netlogon
   browseable = No
   root preexec = /var/spool/samba/bin/ntlogon.py -d /var/spool/samba/netlogon/ --user=%U  --os=%m
   root postexec = rm /var/spool/samba/netlogon/%U.bat
   write list = root

[Profiles]
   path = /var/spool/samba/profiles
   read only = No
   create mask = 0600
   directory mask = 0700
   browseable = No

[public]
   comment = Public
   path = /var/spool/samba/public
   write list = @users
   read only = No
   create mask = 0644
   guest ok = Yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   guest ok = Yes
   printable = Yes
   browseable = No

[print$]
   path = /var/spool/samba/printers
   browseable = yes
   read only = yes
   write list = root

[lp0]
   path = /var/spool/samba
   read only = No
   guest ok = Yes
   printable = Yes
   printer name = lp0
   printer driver = "HP DeskJet 890C"
   oplocks = No

Last edited by DavidPhillips; 01-11-2003 at 06:55 PM.
 
Old 01-11-2003, 06:56 PM   #7
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
Also you should not need a machine account for ME. THe machine account is needed for NT
 
Old 01-11-2003, 07:13 PM   #8
rohang
Member
 
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Original Poster
Rep: Reputation: 30
ok

Here's my smb.conf.

# Samba config file created using SWAT
# from sporran (127.0.0.1)
# Date: 2003/01/11 14:41:03

# Global parameters
[global]
workgroup = HOME
netbios name = SPORRAN
server string = Samba Server
interfaces = eth0
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successf
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 0
name resolve order = wins lmhosts host bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = Yes
domain master = Yes
wins server = 192.168.0.1
winbind uid = 10000-20000
winbind gid = 10000-20000
printing = lprng


[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[Windows2000]
comment = Windows2000
path = /mnt/windoze2k

[WindowsXP]
comment = WindowsXP
path = /mnt/windozexp
 
Old 01-11-2003, 07:49 PM   #9
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
I see you have winxp

is that the client with the problem?

nt requires a logon path

logon path = \\%L\Profiles\nt\%U

windows 98 requires a logon home

logon home = \\%L\Profiles\98\%U


I'm not so sure about the winbind uid and gid
something does not look right about it
 
Old 01-11-2003, 08:52 PM   #10
rohang
Member
 
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Original Poster
Rep: Reputation: 30
Ha! I've finally got it working!

I took David's smb.conf file and added bits that were missing from mine and it's now working like a treat!

Thanks to all who posted.

Rohan
 
Old 01-11-2003, 11:08 PM   #11
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
great!

the print$ section is cool as well if you have a printer.

the way it's setup in the example file will allow clients to install the printer directly from the server without having install drivers and all that.

if your using nt/2k/xp you will also want the "ntlogon" script

the "add user script" will create your machine accounts for you
 
Old 01-11-2003, 11:10 PM   #12
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
Has anyone figured out a way to get xp to work without modifying the clients security policy?

Last edited by DavidPhillips; 01-11-2003 at 11:18 PM.
 
Old 01-12-2003, 03:05 AM   #13
rohang
Member
 
Registered: Aug 2002
Location: Sydney, Australia
Distribution: Redhat, Open BSD, SuSe, Debian, CentOS
Posts: 177

Original Poster
Rep: Reputation: 30
I haven't tried to log on with an XP box yet.... I'll give it a try soon and see if I can get it to work...
 
Old 01-12-2003, 03:32 AM   #14
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
ok,

Unless you have figured out something I don't know about you will need to run secpol.msc

There is a policy on the system that has domain client secure port encryption set to always. It needs to be disabled.

I believe the error is "cannot get permission to join the machine to the domain" or something like that. I can't remember the exact error.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba 3 problem - samba PDC can not join to the domain ananthak Linux - Networking 1 05-21-2006 10:39 AM
SAMBA PDC add user script error hitotito Linux - Networking 1 04-22-2005 09:45 PM
Intermittant error using Samba as PDC cstelter Linux - Newbie 0 02-03-2005 02:32 PM
samba PDC (trust relationship error) egyptian Linux - Networking 1 09-07-2004 01:00 PM
Samba PDC needamiracle Linux - Software 0 09-04-2002 10:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration