Re: [Samba] Creating domain users - how?
Paul, That is correct. There is no setup at all required *for the user* on the win2k machine. Once it is part of the domain, assuming that it is setup properly and can communicate with the domain server at login time (machine passwords are correct, etc.) then a user does not have to exist on the local machine in order to login. The error message that you are getting refers to the computer account, and not the user account as causing the problem, so it indicates a problem with the machine account. Please respond to my email address (and CC the list if you want) if you have further questions as I don't always have time to keep up with the mailing list. Louis [EMAIL PROTECTED] Louis, Thanks for your response. I thought I'd done what you said, but armed with your experience I'll get out of the domain, undo the server side changes and start again being more careful this time. Sorry to seem dim, but can you just confirm that (once I've done the rest properly) all I have to do to add a domain user to the domain is to add it on the PDC as both a linux and an smb user? (i.e. nothing to do from a Win2K client m/c) Paul The problem is - how do I do it? It seems to be such an easy question but I've failed to find it in the documentation. (I'm trying to follow How to Configure Samba 2.2 as a Primary Domain Controller which I was pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I hope somebody can help easily. I've used samba for a few years (so I'm not a complete newbie), but now I'm trying to use it as a PDC for the first time. It's a simple network consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and a Win2K workstation. It's samba version 2.2.7. The samba configuration seems OK so far as SWAT is concerned and I've tried using a share successfully. The config includes the netlogon share as documented. I've successfully persuaded a Windoze m/c to join the domain. The Windoze m/c's name is in both /etc/passwd and /etc/samba/smbpasswd. The dollar sign is at the end of the name in both cases. I've also added root in /etc/samba/smbpasswd. I've created a user (which I intend will be a domain user) in /etc/passwd and in /etc/samba/smbpassed. Now what? I don't know what to do next. What worries me is that there doesn't seem to be a way of telling the Windoze m/c what password you've entered for it on the PDC. Anyway... If I try to add the user in Win2K using Control Panel/Users and Passwords/Add/Browse and tell it to use the root user and password, it successfully returns a list of users on the linux m/c, including the one I want to be a domain user. However, when I select my domain user and proceed in the wizard I get the following error message: The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed. I've also tried ignoring the fact that I haven't told Windoze anything about this domain user. When I just try logging in as this user, it says: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I can post the smb.conf file if necessary. Thanks for any help... Paul = LK,Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating domain users - how?
Paul, I had similar problems, and this is a problem with the machine account, not the user account. The machine trust account should be setup similar to the following, assuming a machine name of win2kname. useradd -r -g trust -d /dev/null -s /dev/null win2kname$ smbpasswd -a -m win2kname Note that the $ is not required on the second command. This can also be caused if the win2k machine and the samba server passwords are different on the machine trust account. Note that you should not normally change these, as when you join the domain, they will be set automatically. If this is the problem, you will need to leave the domain on the win2k machine, and the delete the samba trust account (i.e. smbpasswd -d -m win2kname). Then re-create it (with smbpasswd -a -m win2kname) and re-join the domain. If all goes well, you should be able to login! Louis The problem is - how do I do it? It seems to be such an easy question but I've failed to find it in the documentation. (I'm trying to follow How to Configure Samba 2.2 as a Primary Domain Controller which I was pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I hope somebody can help easily. I've used samba for a few years (so I'm not a complete newbie), but now I'm trying to use it as a PDC for the first time. It's a simple network consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and a Win2K workstation. It's samba version 2.2.7. The samba configuration seems OK so far as SWAT is concerned and I've tried using a share successfully. The config includes the netlogon share as documented. I've successfully persuaded a Windoze m/c to join the domain. The Windoze m/c's name is in both /etc/passwd and /etc/samba/smbpasswd. The dollar sign is at the end of the name in both cases. I've also added root in /etc/samba/smbpasswd. I've created a user (which I intend will be a domain user) in /etc/passwd and in /etc/samba/smbpassed. Now what? I don't know what to do next. What worries me is that there doesn't seem to be a way of telling the Windoze m/c what password you've entered for it on the PDC. Anyway... If I try to add the user in Win2K using Control Panel/Users and Passwords/Add/Browse and tell it to use the root user and password, it successfully returns a list of users on the linux m/c, including the one I want to be a domain user. However, when I select my domain user and proceed in the wizard I get the following error message: The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed. I've also tried ignoring the fact that I haven't told Windoze anything about this domain user. When I just try logging in as this user, it says: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I can post the smb.conf file if necessary. Thanks for any help... Paul = LK,Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating domain users - how?
Louis, Thanks for your response. I thought I'd done what you said, but armed with your experience I'll get out of the domain, undo the server side changes and start again being more careful this time. Sorry to seem dim, but can you just confirm that (once I've done the rest properly) all I have to do to add a domain user to the domain is to add it on the PDC as both a linux and an smb user? (i.e. nothing to do from a Win2K client m/c) Paul --- Louis Nafziger [EMAIL PROTECTED] wrote: Paul, I had similar problems, and this is a problem with the machine account, not the user account. The machine trust account should be setup similar to the following, assuming a machine name of win2kname. useradd -r -g trust -d /dev/null -s /dev/null win2kname$ smbpasswd -a -m win2kname Note that the $ is not required on the second command. This can also be caused if the win2k machine and the samba server passwords are different on the machine trust account. Note that you should not normally change these, as when you join the domain, they will be set automatically. If this is the problem, you will need to leave the domain on the win2k machine, and the delete the samba trust account (i.e. smbpasswd -d -m win2kname). Then re-create it (with smbpasswd -a -m win2kname) and re-join the domain. If all goes well, you should be able to login! Louis = LK,Paul Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Creating domain users - how?
The problem is - how do I do it? It seems to be such an easy question but I've failed to find it in the documentation. (I'm trying to follow How to Configure Samba 2.2 as a Primary Domain Controller which I was pointed to by SWAT.) I'm guessing the solution's obvious, but if so, I hope somebody can help easily. I've used samba for a few years (so I'm not a complete newbie), but now I'm trying to use it as a PDC for the first time. It's a simple network consisting of a Mandrake Linux 9.1 m/c acting as the DNS and PDC, and a Win2K workstation. It's samba version 2.2.7. The samba configuration seems OK so far as SWAT is concerned and I've tried using a share successfully. The config includes the netlogon share as documented. I've successfully persuaded a Windoze m/c to join the domain. The Windoze m/c's name is in both /etc/passwd and /etc/samba/smbpasswd. The dollar sign is at the end of the name in both cases. I've also added root in /etc/samba/smbpasswd. I've created a user (which I intend will be a domain user) in /etc/passwd and in /etc/samba/smbpassed. Now what? I don't know what to do next. What worries me is that there doesn't seem to be a way of telling the Windoze m/c what password you've entered for it on the PDC. Anyway... If I try to add the user in Win2K using Control Panel/Users and Passwords/Add/Browse and tell it to use the root user and password, it successfully returns a list of users on the linux m/c, including the one I want to be a domain user. However, when I select my domain user and proceed in the wizard I get the following error message: The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed. I've also tried ignoring the fact that I haven't told Windoze anything about this domain user. When I just try logging in as this user, it says: The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect. I can post the smb.conf file if necessary. Thanks for any help... Paul = LK,Paul Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
