Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Samba Domain, Workstations can't connect to Domain
rayber2000
post Mar 2 2004, 09:36 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 10
Joined: 15-May 03
Member No.: 841



If anyone can help me out I would greatly appreciate it.
The short of it is that a once working group of client computers (Windows 98, NT, & XP) logged onto a Samba domain, now after the server crashed, they can't join the domain. I've tried joining them to a workgroup, then joining the domain and the error basicly says "can't find user or you do not have permission to join this domain". Strangly, if the XP machines join a workgroup, then log in using the Samba user name and password, they can get to their shares. The users are set up in Red Hat and in Samba. The share permissions are correct. The system is Red Hat ES running Samba 3.0. Here is the smb.conf:


#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = X

# server string is the equivalent of the NT Description field
server string = server

# This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page
hosts allow = 192.168.4.0/255.255.255.0 127.0.0.

# if you want to automatically load your printer list rather # than setting them up individually then you'll need this
# printcap name = lpstat
# load printers = yes

# It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = cups

# Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used

# this tells Samba to use a separate log file for each machine # that connects
log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
max log size = 500

# Security mode. Most people will want user level security. See # security_level.txt for details.
# Use password server option only with security = server
; password server = <NT-Server-Name>

# Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case.
; password level = 8
; username level = 8

# You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents ;
smb passwd file = /etc/samba/smbpasswd

# The following are needed to allow password changing from Windows to # update the Linux system password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the
Unix password
# to be kept in sync with the SMB password.
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %nn
*ReType*new*UNIX*password* %nn
*passwd:*all*authentication*tokens*updated*successfully*
admin users = root userX

# Unix users can map to different SMB User names ; username map = /etc/samba/smbusers

# Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting
; include = /etc/samba/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192

# Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details.
# interfaces = 192.168.12.2/24 192.168.13.2/24

# Configure remote browse list synchronisation here # request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see
below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
remote announce = 192.168.4.255

# Browser Control Options:
# set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply
local master = yes

# OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable
os level = 150
# log level = 2

# Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job
domain master = yes

# Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election
preferred master = yes

# Enable this if you want Samba to be a domain logon server for # Windows95 workstations.
domain logons = yes

# if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation
(machine)
logon script = login.bat
logon drive = h:
# run a specific logon batch file per username
# logon script = %U.bat

# Where to store roving profiles (only for Win95 and
WinNT)
# %L substitutes for this servers netbios name,
%U is username
# You must uncomment the [Profiles] share below
logon path = %LProfiles%U
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast".
"host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses.
Use with care!
# The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS.
name resolve order = wins bcast lmhosts

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS
Client, but NOT both
# wins server = 192.168.4.200

# WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default
is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions
1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
password server = None
guest ok = yes
username map = /etc/samba/smbusers
dns proxy = no

# Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things!
; case sensitive = no

#============================ Share Definitions ============================== #[homes]
# comment = Home Directories
# browseable = no
# writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons [netlogon]
comment = Network Logon Service
path = /home/netlogon
browseable = no
# guest ok = yes
# share modes = no


# Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles]
; path = /home/profiles
; browseable = no
; guest ok = yes
[Profiles]
comment = Windows-User-Profiles
path = /home/nt-profiles
browseable = yes
# guest ok = yes
guest ok = yes
profile acls = yes
nt acl support = yes
writeable = yes
create mask = 0600
directory mask = 0700
# root preexec = PROFILE=/home/nt-profiles/%u; if [ !
-e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u $PROFILE;fi

[Userhome]
comment = Users Home Work Directory
path = /home/%U/docs
browseable = no
writeable = yes
nt acl support = no
create mask = 0755

[Homes]
comment = Home Directories
browseable = yes
writeable = yes
nt acl support = no
path = /home
create mask = 0755

[Downloads]
comment = Downloads
path = /opt/Downloads
browseable = yes
writeable = yes
nt acl support = no
create mask = 0755
valid users = dthrock
write list = dthrock

[www]
comment = Sales Web Folder
path = /opt/www
browseable = yes
writeable = yes
create mask = 0775
valid users = lotoupal dthrock
write list = lotoupal dthrock


# NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = yes
printable = yes
create mask = 0700

# This one is useful for people to share files #[tmp]
# comment = Temporary file space
# path = /tmp
# read only = no
# public = yes

# A publicly accessible directory, but read only, except for people in # the "staff" group ;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write # access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user.
Another user could of course
# be specified, in which case all files would be owned by that user instead.
[public]
path = /opt/public
guest ok = yes
guest only = no
writeable = yes
printable = no
browseable = yes
comment = Public File Server
create mask = 0755

# The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required.
[ProgramSch]
comment = Program Scheduling
path = /opt/public/ProgramSch
valid users = dthrock dliggitt rdamron pheskett newstar ctitus
writeable = yes
printable = no
create mask = 0774
force create mode = 0774
force group = programming

[Accounting]
comment = Accounting Data Backup
path = /opt/accounting
valid users = dthrock ftillery ctitus
writeable = yes
printable = no
create mask = 0770
force create mode = 0770

There is no other domain controller on the network.
The Red Hat log is filling up with smb errors stating that each workstation is attempting to log on but "no computer account exists"

If someone could point me in the right direction on this I would be very greatful.
Go to the top of the page
 
+Quote Post
rayber2000
post Mar 10 2004, 10:52 PM
Post #2


Whats this Lie-nix Thing?
*

Group: Members
Posts: 10
Joined: 15-May 03
Member No.: 841



Ok, I was able to streamline the smb.conf file to look like this:
[global]
workgroup = x
netbios name = server
passdb backend = smbpasswd
printcap name = cups
add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/gruopdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = login.bat logon drive = h:
logon path = \%LProfiles%U
wins support = yes
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
dns proxy = no
remote announce = 192.168.4.255
hosts allow = 192.168.4. 127.0.0.

#============================ Share Definitions ==============================

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
# nt acl support = no
path = /home/%U
create mask = 0755

[netlogon]
comment = Network Logon Service
path = /home/netlogon
admin users = root
guest ok = Yes
browseable = No

It seems that the old "take your working smb.conf file with you" method does not apply to the newest releases of Samba. The more streamlined the file the better it works. There seem to be some additional lines that are needed also. smile.gif
Go to the top of the page
 
+Quote Post
Termina
post Mar 12 2004, 11:33 AM
Post #3


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



I had a problem kind of like this at home (only I used a XP and 2000 machine). smile.gif

So only the XP computer can join the domain?

Are you sure that you've allowed the other comptuers access?
---------
To allow a workstation access to the domain (computer name "MACHINE"):

useradd MACHINE$ -s /bin/bash
(if this doesn't work, try "userdel MACHINE$ && useradd MACHINE$ -s /bin/bash -m"
smbpasswd -a -m MACHINE

If the password is not automatically added, you must use the machine name - without $ - in small letters (useradd machine -s /bin/bash). Just like above, if it still doesn't work after you've added machine, try "userdel machine && useradd machine -s /bin/bash -m"

Then on the NT workstation, in the network properties, change the domain name and then you should receive the message "Welcome to the domain".

If you havn't already, here is what you change in the 95/98 or NT registry (thanks to the guides section, nifty stuff that)


For Windows 95/98
Using the registry editor (regedit), create the registry setting
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesVxDVNETSUP
Add a new DWORD value:
Value Name: EnablePlainTextPassword Data: 0x01. (just enter --> 01)

Windows NT

Using the registry editor (regedit), create the registry setting
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesRdrParameters
Add a new DWORD value:
Value Name: EnablePlainTextPassword Data: 0x01 (just enter --> 01)



Please tell me if this works, I'd love to acually help someone else for a change. XD Sorry, I've never used windows98 with this, so I don't know if the above would work for it. *shrugs*

----------
Found some sites that might help:
http://samba.linuxbe.org/en/samba/config/pdc-1.html
http://linuxquestions.org/questions/archiv...2003/05/2/58848

This post has been edited by Termina: Mar 12 2004, 11:41 AM


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post
rayber2000
post Mar 13 2004, 10:33 AM
Post #4


Whats this Lie-nix Thing?
*

Group: Members
Posts: 10
Joined: 15-May 03
Member No.: 841



With the changes in the smb.conf file I was able to get all users and machines connected (Win 9X, NT, 2000 & XP) I didnt have to add anything to the above file but I did have to configure Dynamic DNS along side the DHCP services for computer browsing functionality. That was an entirely new fight. The network is, however, up and running like a champ. Not a Microsoft server in sight smile.gif

Thanks for the input.

This site was an amazing help:
http://voidmain.kicks-ass.net/redhat/redha...ynamic_dns.html

Thanks again.
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 13 2004, 11:27 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



That is good news ....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 18th October 2017 - 09:01 PM