Andreas Braun wrote:
Hello!
I'm kind of stuck here. I'd like to set up a Samba PDC server using a MySQL database backend, so that me and my colleges can easily administer the users with a PHP based web interface. I've already installed and configured Samba 3.0.11 and MySQL 4.0 on FreeBSD. Everything seems to work great, except I can't login. I always get a message that says the domain controller is not availabe or the computer account is not existing. The log file says: "rpc_server/srv_netlog_nt.c:get_md4pw(261) md4pw: Workstation PC1$: no account in domain". What did I do wrong? :(
This is the workstation account:
Unix username: pc1$
NT username: pc1$
Account Flags: [W ]
User SID: S-1-5-21-3555237956-4202347196-2499260156-3008
Primary Group SID: S-1-5-21-3555237956-4202347196-2499260156-515
Full Name: User &
Home Directory: HomeDir Drive: Logon Script: Profile Path: Domain: test
Account desc: Workstations: Munged dial: Logon time: 0
Logoff time: 0
Kickoff time: 0
Password last set: Sun, 06 Mar 2005 19:25:40 UTC
Password can change: Sun, 06 Mar 2005 19:25:40 UTC
Password must change: Wed, 18 May 2033 05:33:19 UTC
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
That's what I already did:
- I've created the user accounts in FreeBSD (user1)
- I've created the machine accounts in FreeBSD (pc1$)
- I've added the users in Samba: "pdbedit -a -u user1"
- I've added the workstation accunts in Samba: "pdbedit -a -m -u pc1"
- I've checked that the accounts are correctly inserted in the database
- I can change the computer's domain to the Samba PDC's one
- I can open home shares using samba accounts
I have searched around the Internet, but I could not find a solution. :( I hope somebody can give me a hint! Thank you!
Kind regards,
camouflageX
I went through this recently and I'm not sure I'll have _your_ answer, but some things that were gotcha's on my install :
1. Make sure "net getlocalsid" matches the sids in "net groupmap list".
2. Make sure the userid and machine id's also share this correct SID parts. Actually now that I think of it, that was the problem I had.
3. Make sure you have an admin account to work with. For me, I did something like :
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
and add admin userids to the ntadmin group.
4. Create a userid that has the UID of 500 (according to the HowTo.)
5. 3.0.11 has the very usefull perms to not need to be root options, so I also did something like :
net rpc rights grant DOMAIN\\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege -U "administrator"
6. Added some stuff to smb.conf:
enable privileges = yes
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "machine account" -s /bin/false -M %u
7. Go ahead a join a computer to the domain.
JES
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
