Re: [Samba] PDC Problems (read this the first one is incomplete)
Sorry, I just want to clarify, does it fail when adding a computer account in the domain? No... it fails after that... when the system ask to create a local profile for a Domain user... it happens with all the users, normal ones and admins... In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest When you were trying to do what? When I try to create a local profile for a Domain user... I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. You cannot join a windows 2000 machine to a domain if you have set it to use clear text passwords, and you smb.conf is set for encrypted passwords. U're right it seemed strage to me too but I found notes about setting encryption in the smb.conf file in the samba PDC faq howto and also hints about unsetting the encryption for third party PDCs in similar documentation... and anyway this fix another problem: when u try to add a Domain user in a local machine u can specify it manually or u can browse it from the PDC... if don't enable the password encryption for third parties server the user list browsing fails... Can you be more clear on exactly which procedure you are using? About what? bye by(t)e[S]...TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Problems (read this the first one is incomplete)
Sorry but I've posted an incomplete message before that: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: --- SMB.CONF - # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2002/10/31 10:15:15 # Global parameters [global] coding system = client code page = 850 code page directory = /var/lib/samba/codepages workgroup = CCGM-DOM netbios name = SERVER-CCGM netbios aliases = netbios scope = server string = CCGM Samba Server interfaces = eth0 bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = ccgm-admin domain guest group = guest machine password timeout = 604800 add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = Yes wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba pid directory = /var/run/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes comment = path = alternate permissions = No username = guest account = guest invalid users = valid users = ccgm-admin, ccgm, satya admin users = ccgm-admin read list = write list = printer admin = force user =
Re: [Samba] PDC Problems (read this the first one is incomplete)
Michele Santucci wrote: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. man smb.conf Search for add user script for details. -- Mike Rambo [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. I don't know what man page u're reading but mine says that the only security option not useable for the adduser script is 'SHARE' anyway the 'USER' option is compulsory since I have got to set the samba server to act as a PDC. Anyone else listening c'ya ... TUX -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
Michele Santucci wrote: The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). security = USER add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ According to the smb.conf man page security has to be DOMAIN or SERVER to use the add user script option. I don't know what man page u're reading but mine says that the only security option not useable for the adduser script is 'SHARE' anyway the 'USER' option is compulsory since I have got to set the samba server to act as a PDC. Anyone else listening c'ya ... TUX Sorry - only tried to help... SMB.CONF(5) SMB.CONF(5) NAME smb.conf - The configuration file for the Samba suite SYNOPSIS The smb.conf file is a configuration file for the Samba suite. smb.conf contains runtime configĀ uration information for the Samba programs. The smb.conf file is designed to be configured and administered by the swat(8) program. The complete description of the file format and possible parameters held within are here for reference purposes. SNIP add user script (G) This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users ON DEMAND when a user accesses the Samba server. In order to use this option, smbd must be set to security = server or security = domain and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create. When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbdcontacts the password server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and add user script is set then smbd will call the specified script AS ROOT, expanding any %u argument to be the user name to create. If this script successfully creates the user then smbd will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts. See also security, password server, delete user script. Default: add user script = empty string Example: add user script = /usr/local/samba/bin/add_user %u This box has samba 2.2.2 - has it changed with newer/older versions? -- Mike Rambo [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Problems (read this the first one is incomplete)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 3 From: Michele Santucci [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 31 Oct 2002 10:25:34 +0100 Subject: [Samba] PDC Problems (read this the first one is incomplete) Sorry but I've posted an incomplete message before that: I've got a big problem with my PDC (Mandrake 8.2 with samba 2.2.5): when I try to join the domain from a W2KPRO (sp3) workstation the procedure goes on well until it require to create a local account for a Domain user ... the system let me browse all the user account on the domain controller but when I try to add it reports this error: Sorry, I just want to clarify, does it fail when adding a computer account in the domain? The trust relationship between this workstation and the primary domain is failed (probably the english text is different but this should be the meaning since I'm traslating it from italian). In the machine specific log file if found this: [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest [2002/10/31 10:14:32, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user guest When you were trying to do what? I already set the w2k workstations to send non encrypted password to third parties smb server. I checked /etc/passwd, group and /etc/samba/smbpasswd file and they're correcly updated with machine and user accounts. You cannot join a windows 2000 machine to a domain if you have set it to use clear text passwords, and you smb.conf is set for encrypted passwords. Anyway these are smb.conf, group,passwd and smbpasswd interested rows: Which show that you have successfully added machines with the name video and gfx to the domain. FYI, if you have any pre-sp3 machines, please test with those first ... And, with the default smb.conf (such as http://ranger.dnsalias.com/mandrake/samba/smb.conf), you only have to uncomment about 10 lines to get a working smb.conf for a domain controller (such as this file http://ranger.dnsalias.com/mandrake/samba/smb-domain-controller.conf) on any recent version of Mandrake linux. Can you be more clear on exactly which procedure you are using? And to answer Mike Rambo's replies, when samba runs in 'security = user', add user script is used when samba creates a new machine account. Mandrake ships with the following example for a domain controller not using LDAP backend: # Script for domain controller for adding machines: ; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u Regards, Buchan (PDC runs Mandrake 8.2 / samba-2.2.6). - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9wVCnrJK6UGDSBKcRAkCVAKDG2nBdlKZa2fgDyYlmwgM1eGow1gCfRCfp fNQBqm1r6+AMhgk25iRwy7g= =YKzg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
