Samba PDC (username not found error)
 

Hi all,

I have just installed and configured samba on FC5 as a PDC and created a root password using smbpasswd. But when I tried to join WinXP to the domain, when I type in the username root and the password that was created using smbpasswd, I get the error message: "username not found"

Here is the output from testparm:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[myshare]"
Processing section "[cdrom]"
Loaded services file OK.
WARNING: passdb expand explicit = yes is deprecated
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
server string = Adonai
passwd program = /usr/bin/passwd %u
username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
add user script = /usr/bin/useradd -d /dev/null -g 100 -s /bin/false -M %u
logon script = %U.bat
logon path = \\%L\Profiles\%U
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
cups options = raw

[homes]
comment = Home Directories
read only = No
browseable = No

[netlogon]
path = /home/netlogon
browseable = No

[Profiles]
path = /home/samba-ntprof
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[myshare]
comment = Mary's and Fred's stuff
path = /home
read only = No
create mask = 0765
guest ok = Yes

[cdrom]
comment = Samba server's CD-ROM
path = /media
locking = No
root preexec = /bin/mount /dev/hdc /media
root postexec = /bin/umount /media
Please, what am I doing wrong?

Thanks

what's the name of your domain?
[global]
workgroup=yourdomainname

did you create the machine accounts (MachineName$)?

getting rid of that deprecated parameter (expand explicit) is also worth a shot.

I'll give you the global part of my smb.conf, which works fine with WindowsXP clients:

[global]
workgroup = imnottelling
server string = nottellingthateither
encrypt passwords = true
update encrypted = Yes
hosts allow = 192.168.9.0/24
hosts deny = 0.0.0.0/0

log level = 1
deadtime = 15
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
unix charset = iso8859-15
display charset = iso8859-15
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
logon script = scripts\%U.bat
domain logons = Yes
os level = 33
preferred master = True
domain master = True
kernel oplocks = No

Maybe there's something here to help you....
 

On your Samba server, try:
pdbedit -Lv username
...to see if the user shows up in Samba (omit the username to see all users).
(substitute your username, i.e. "ronald" for the example below)

If it says "Username not found!" you have a problem. It should say:

Unix username: ronald
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3994888730-2450523879-3362949512-3002
Primary Group SID: S-1-5-21-3994888730-2450523879-3362949512-3005
Full Name: Ronald McDonald
Home Directory: \\not-gonna-tell\ronald
HomeDir Drive: H:
Logon Script: logon.cmd
Profile Path:
Domain: MCDONALDS
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Mon, 18 Jan 2038 20:14:07 MST
Kickoff time: Mon, 18 Jan 2038 20:14:07 MST
Password last set: Tue, 13 Jun 2006 00:22:54 MST
Password can change: Tue, 13 Jun 2006 00:22:54 MST
Password must change: Mon, 18 Jan 2038 20:14:07 MST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

A very good resource for initially configuring a Samba PDC set up is here:
http://www.howtoforge.com/samba_setup_ubuntu_5.10_p3 (I started you at the part where the config starts).


And here's my (very nicely working) smb.conf:

[global]
workgroup = NOT-TELLING
netbios name = NOT-GONNA-TELL
server string = Ubuntu Dapper Samba Server
passdb backend = tdbsam

security = user
username map = /etc/samba/smbusers
name resolve order = wins bcast hosts
domain logons = yes
preferred master = yes
os level = 65
wins support = yes

# Set CUPS for printing
printcap name = CUPS
printing = CUPS

# Default logon
logon drive = H:
logon script = logon.cmd
# logon path = \\server1\profile\%U
### Note from me: the following line means no roaming profiles:
logon path =


# Useradd scripts
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u
idmap uid = 15000-20000
idmap gid = 15000-20000


# sync smb passwords with linux passwords
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
passwd chat debug = yes
unix password sync = yes

# set the loglevel
log level = 3


[homes]
comment = Home
valid users = %S root
read only = no
browsable = no
inherit permissions = yes
inherit owner = yes

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
admin users = root
valid users = %U
read only = no


[allusers]
comment = Non-admins can put files here to be accessible by others
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0770
directory mask = 0771
writable = yes


[storage]
comment = Programs accessible to all domain users
path = /home/shares/storage
admin users = @share-write
inherit permissions = yes
writable = yes


[media]
comment = Music and videos accessible to all domain users
path = /home/shares/media
admin users = @share-write
inherit permissions = yes
writable = yes


[photos]
comment = Photos accessible to all domain users
path = /home/shares/photos
admin users = @share-write
inherit permissions = yes
writable = yes

I have the same problem. Perhaps I have a few more clues.

In the samba log /var/log/samba it says that access to the password file is denied. The log files are worth investigating and the level of detail in the logs can be altered in the smb.conf.

I tried making the password file read write execute to everyone just to get a login and after trying to log in again the permissions were changed back to restricted

S/he's right-you're going to need this for starters:
You'll also need to make sure that your passwords are encrypted:
Ultimately I would like to see the output from I would also at the least alias the root user to the windows default of Administrator in the smbusers file:

Hi all,

I still get the same error after following the configuration posted herein, and also tried the
pdbedit command and here is the output:

[root@ADONAI ~]# pdbedit -z root
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3508971718-3262276311-2618561440-1000
Primary Group SID: S-1-5-21-3508971718-3262276311-2618561440-1001
Full Name: root
Home Directory: \\adonai\root
HomeDir Drive: H:
Logon Script: root.bat
Profile Path: \\adonai\Profiles\root
Domain: YAHWEH
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 04:14:07 WAT
Kickoff time: Tue, 19 Jan 2038 04:14:07 WAT
Password last set: Thu, 14 Dec 2006 06:38:32 WAT
Password can change: Thu, 14 Dec 2006 06:38:32 WAT
Password must change: Tue, 19 Jan 2038 04:14:07 WAT
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


Adonai is the name of the PDC. Also I checked the /etc/samba/smbpasswd and there's an entry for both the Administrator and root.

Also here's my /etc/samba/smbusers file

# Unix_name = SMB_name1 SMB_name2 ...
root = root Administrator

nobody = guest pcguest smbguest homepage

what seems to be the problem, can anyone help me point out what i'm doing wrong?
thanks.