LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-21-2008, 05:12 PM   #1
beaker15
LQ Newbie
 
Registered: Feb 2008
Posts: 3

Rep: Reputation: 0
XP clients won't login to samba domain


Hi,

I have a small network with several Windows XP clients and an Ubuntu server (7.10) running Samba (3.0.26) as a Domain Controller but can't get the clients to login to the domain. Here's my smb.conf:

[global]
name resolve order = wins lmhosts host bcast
idmap gid = 10000-20000
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = yes
admin users = test frc @Admin
passwd program = /usr/bin/passwd %u
dns proxy = no
netbios name = SRV-01
writeable = yes
printing = cups
idmap uid = 10000-20000
local master = yes
workgroup = CYSOL
os level = 65
printcap name = cups
security = user
max log size = 1000
delete user script = /user/sbin/userdel -r %u
log level = 3
log file = /var/log/samba/log.%m
load printers = yes
add group script = /usr/sbin/groupadd %g
socket options = TCP_NODELAY
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
logon drive = L:
domain master = yes
interfaces = 127.0.0.0/8 eth0
encrypt passwords = yes
logon home = \\%N\%U
printer admin = test frc @Admin
passdb backend = tdbsam
template shell = /bin/bash
wins support = true
server string = %h server (Samba %v, Ubuntu)
path = /usr/network/
unix password sync = no
logon path = \\%N\%U\profile
add user script = /usr/sbin/useradd -m %u
valid users = test frc @Admin
syslog = 0
panic action = /usr/share/samba/panic-action %d
domain logons = yes
#winbind enable local accounts = no
#winbind trusted domains only = yes
#winbind enable local accounts = no

All the client machines have been added to samba as machine trust accounts and users have been added too. In Windows, I can join the domain with the user 'frc' which succeeds and brings up the message 'Welcome to the domain CYSOL'. Its only after restarting and trying to login at startup that it brings up the standard message saying the domain controller is unavailable or machine account not found. testparm shows the server as a PDC with no errors. Here's some lines I've picked out from a few of the logfiles:

smbd.log

[2008/02/21 15:55:37, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not exist.
[2008/02/21 15:55:37, 3] smbd/server.c:exit_server_common(768)

[2008/02/21 15:55:38, 3] passdb/lookup_sid.c:store_gid_sid_cache(1133)
store_gid_sid_cache: gid 10001 in cache -> S-1-5-32-545
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-21-2617085589-4112103509-674510089-1000]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2008/02/21 15:55:38, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-11]
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(250)
[2008/02/21 15:55:38, 3] lib/util_seaccess.c:se_access_check(251)
se_access_check: user sid is S-1-5-21-2617085589-4112103509-674510089-1000
se_access_check: also S-1-5-32-544
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11

SRV-01.log [server]

[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user [CYSOL]\[frc]@[SRV-01] with the new password interface
[2008/02/21 15:42:14, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [CYSOL]\[frc]@[SRV-01]

[2008/02/21 15:42:14, 2] auth/auth.c:check_ntlm_password(309)
check_ntlm_password: authentication for user [frc] -> [frc] -> [frc] succeeded
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
fetch gid from cache 10000 -> S-1-5-32-544
[2008/02/21 15:42:14, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1089)
fetch gid from cache 10001 -> S-1-5-32-545
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-5-21-2617085589-4112103509-674510089-3000]
[2008/02/21 15:42:14, 3] lib/privileges.c:get_privileges(261)
get_privileges: No privileges assigned to SID [S-1-22-2-0]
2008/02/21 15:42:14, 3] smbd/service.c:make_connection_snum(1033)
srv-01 (127.0.0.1) connect to service IPC$ initially as user frc (uid=0, gid=0) (pid 4197)


CYCLE-05.log [client]

[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid frc does not start with 'S-'.
[2008/02/21 15:58:04, 3] lib/util_sid.c:string_to_sid(223)
string_to_sid: Sid @Admin does not start with 'S-'.
[2008/02/21 15:58:04, 2] smbd/uid.c:change_to_user(193)
change_to_user: SMB user (unix user nobody, vuid 101) not permitted access to share IPC$.
[2008/02/21 15:58:04, 0] smbd/service.c:make_connection_snum(928)
Can't become connected user!



If this is a problem with SID/UID/GIDs how do i fix it or even test it?
I'm considering uninstalling samba and reinstalling because i'm running out of ideas on this so any suggestions are appreciated. Please ask if you need any more info or logfile stuff.
 
Old 02-22-2008, 09:16 AM   #2
blackfish
Member
 
Registered: May 2006
Location: England
Distribution: CentOS, Ubuntu Server, Untangle, pfSense
Posts: 78

Rep: Reputation: 15
try this document worked for a setup for a client

http://www.howtoforge.com/samba_setup_ubuntu_5.10

i warn you though, linux domain controller to windows xp client is slightly dodgey, (Microsoft's Fault)
 
Old 02-22-2008, 10:08 PM   #3
jman623
LQ Newbie
 
Registered: Aug 2006
Location: Western PA
Distribution: PCLinuxOS 2007
Posts: 16

Rep: Reputation: 0
see this thread, I had a similar problem with samba PDCs


http://www.linuxquestions.org/questi...84#post2669484
 
Old 02-22-2008, 10:48 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
Are the XP clients XP pro or XP home? XP home clients can't join a domain.

The samba package or a samba-doc package will the samba 3 books and Using Samba. The "Samba 3 by Example", "Samba 3 HOWTO & Reference" and "Using Samba" books will go through the process of mapping samba & windows accounts such as for the machines and the "Network Administrator" account. If set up properly, you can log in as a "Network Administrator" member and use the same tool to add a machine to the domain. The documentation gives a url to a Windows installation file for the NT based administration tools which work better with samba then the Active Directory based tools.

Also look in /usr/share/samba/, /usr/share/doc/samba-<version>/ or /usr/share/doc/packages/samba/ for a sample script like "smb.conf.default.
Code:
# These scripts are used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
;  add user script = /usr/sbin/useradd %u
;  add group script = /usr/sbin/groupadd %g
;  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null
 -s /bin/false %u
;  delete user script = /usr/sbin/userdel %u
;  delete user from group script = /usr/sbin/deluser %u %g
;  delete group script = /usr/sbin/groupdel %g


#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/samba/lib/netlogon
;   guest ok = yes
;   writable = no
;   share modes = no
You are missing the "add machine script" entry which is the command which adds an account when you add a client to the domain.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
need help for samba as domain controller for windows clients ARsenthil Linux - Server 3 02-18-2008 11:10 AM
Samba Domain Controler for windows clients thsot Linux - Server 2 12-25-2007 04:08 AM
Samba: Authenticate Linux-Clients in Samba Domain & Mount mule Linux - Software 0 12-10-2003 01:21 AM
XP clients as the member of the samba domain. bally Linux - General 7 08-27-2003 01:46 AM
Samba: W2k clients cannot login after joining domain Ajentsmith Linux - Networking 2 09-04-2002 12:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration