Craig White wrote:
---- OK but I try to believe in the accuracy of the messages.
Is it possible that you joined this WinXP system to the domain with a different name? If so, can you delete the computer account in the unix passwd and samba passdb? Then rejoin with the current unique name.
If you have never joined the computer to the domain, check /etc/hosts and /etc/samba/lmhosts to make sure that things are adequately represented. You also might want to stop samba, delete wins.dat and restart samba.
Craig
I understand. I meant no disrespect in my previous respose. I understand the thouroughness that you want to achieve here. I just wanted to clear up what I had originally said. Anyways, following your latest advice and help from a linux howto I was able to finally join the domain. I was extremely happy when I saw the "Welcome to %domain" winpopup. I just have a few questions I'd like to clear up so that I know I'm able to recreate the procedure if I were to have to do this over from scratch. Firstly the steps I took to get where I now am. I had first double checked the /etc/hosts file and checked to find a lmhosts file. /etc/hosts was indeed correct and this lmhosts file is nowhere to be found, even now with a successful logon. Is this something I should worry about? Secondly I removed the computer name from /etc/passwd, it was advised to add in, in another howto I had read. It said to do so to create a "trust account" for the computer but that might be a more advanced security feature and I most likely confused it in with some of the steps I was using to get to a basic setup. Anyways, after removing the trust account I removed the user from both the unix passwd db and the samba passwd db. I then proceded to readd him with adduser and smbpasswd. After that I noticed the following in the howto I was currently reading...
12. Add the root user to the password backend as follows:
*smbpasswd -a root*
13. Create the Standard NT-Unix group mappings with the following commands:
*net groupmap modify ntgroup="Domain Admins" unixgroup=root net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody*
Add any aditional groups with the above command ... the Unix group needs to be added first via *groupadd*.
Check that the groups are setup with the command:
*net groupmap list | sort*
The output should look like this:
Account Operators (S-1-5-32-548) -> -1 Administrators (S-1-5-32-544) -> -1 Backup Operators (S-1-5-32-551) -> -1 Domain Admins (S-1-5-21-179504-2437109-488451-512) -> root Domain Guests (S-1-5-21-179504-2437109-488451-514) -> nobody Domain Users (S-1-5-21-179504-2437109-488451-513) -> users Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Replicators (S-1-5-32-552) -> -1 System Operators (S-1-5-32-549) -> -1 Users (S-1-5-32-545) -> -1
So I read through the step and decided to run the 'net groupmap list | sort' command and noticed the accounts weren't yet mapped. What exactly is the importance of this step? I understand what it does but I'm not exactly sure why. Forgive my blindness. Anyways, I proceeded through step 13. After a bit farther down I believe I found the mistake I've been making this whole time. The following is a snippet...
<snip, snip>
*Windows 2000*
1. *Right-click* on the *My Computer icon* on the desktop and select *Properties*.
2. Click the *Network Identification* tab.
3. Click the *Properties* button, as illustrated in this picture <http://www.hughesjr.com/images/netID.jpg>.
4. Your computer's "Computer name" must be unique.
5. Pick the *Domain* box and enter *NEWDOM* and press *OK* ... then enter a username (*Administrator*) and password (your *root* user's password on the linux server) that is a member of the Domain Administrators group. See this picture <http://www.hughesjr.com/images/netID2.jpg>
----------------------------------------------------------------------------------------------------
*Windows XP*
1. Go to the *Start menu* and *Right-click* on the *My Computer* icon. Select *Properties*.
2. Click the *Computer Name* tab.
3. Click the *Change* button.
Follow the instructions in steps *4* and *5* for *Windows 2000* above.
<snip>
Under the win 2k section number 5. enter the username "Administrator"?? And use the root password. Is this only for the initial connection to the domain? If so why isn't this done with a regular user? Previously I was attempting to use the username/user passwd that I created to match the account the client will be connecting from to connect to the domain, is there a link that someone can provide to clear up why this is done this way? And perhaps explain the pro's/con's. I've been all through the samba docs and on google for days now. Perhaps I've missed the parts that explain this. And to addon what I just said, rather than using Administrator OR administrator (thought to perhaps be case sensitive after first error msg) I then tried root and the root password I added with smbpasswd and sure enough that allowed access to the domain. After using net groupmap should Administrator point to root? My groupmap list has double entries as you can see by the following..
Account Operators (S-1-5-32-548) -> -1 Administrators (S-1-5-32-544) -> -1 Backup Operators (S-1-5-32-551) -> -1 Domain Admins (S-1-5-21-1287359100-808193645-1486204412-512) -> wheel Domain Admins (S-1-5-21-1808004326-3451706276-3289151943-512) -> -1 Domain Guests (S-1-5-21-1287359100-808193645-1486204412-514) -> nobody Domain Guests (S-1-5-21-1808004326-3451706276-3289151943-514) -> -1 Domain Users (S-1-5-21-1287359100-808193645-1486204412-513) -> nogroup Domain Users (S-1-5-21-1808004326-3451706276-3289151943-513) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Replicators (S-1-5-32-552) -> -1 System Operators (S-1-5-32-549) -> -1 Users (S-1-5-32-545) -> -1
So in short I'm asking, why did I have to use the root (administrator) user/password that was created using smbpasswd in order to logon the domain and why can't this be any user? Links are appreciated. Is this missing lmhosts file important for a particular aspect of using SAMBA? If so I assume most likely a security feature? And also, are these duplicate entries in the 'net groupmap list' going to have an adverse affect on the functions of the domain? I'd also just like to thank everyone again for their input and advice.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
