Solved

Samba PDC Problems

Posted on 2004-10-06
2
346 Views
Last Modified: 2010-03-17
I have a Linux Fedora Core 2 machine setup running Samba.  Samba is currently running great, if user log onto the Netware 3.12 server or thier local machine they can access the shares I have setup.  However if I try to log onto the Samba PDC I get an error that states "No domain server was available to validate your password.  You may not be able to gain access to some network resources"  If I click "OK" at this point the shares still work.
If I set the domain to the IP address of the Linux machine I get the following error "The domain password you supplied is not correct, or acess to your logon server has been denied."
I have Windows 95, Windows 98, and Windows XP Pro machine on my network.  I really want to have my uses log onto the Samba PDC instead of thier local machines of the existing Netware server. I have looked a tons of confugurations and I don't understand why this does not work.  

I have all included my smb.conf file below.

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
        log file = /var/log/samba/smbd.log
        dns proxy = no
        smb passwd file = /etc/samba/smbpasswd
        netbios name = FS00
        server string = FS00
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        remote announce = 192.168.100.0/FS00
        local master = yes
        workgroup = CORP
        os level = 255
        domain master = yes
        username map = /etc/samba/smbusers
        domain logons = yes

[homes]
        comment = Home Directories
        browseable = no
        writeable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
;   comment = Network Logon Service
        path = /home/netlogon
        share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
[Profiles]
        path = /home/profiles
        browseable = no


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
;[printers]
;       comment = All Printers
;       path = /var/spool/samba
;       browseable = no
# Set public = yes to allow user 'guest account' to print
;       printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   read only = yes
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765


[accumed]
        comment = Accumed Directory
        path = /data/accumed
        guest ok = no
        writeable = yes
        browseable = yes

[upload]
        comment = Upload Directory
        path = /data/upload
        guest ok = no
        writeable = yes
        browseable = yes
[shared]
        comment = Shared Directory
        path = /data/shared
        guest ok = no
        writeable = yes
        browseable = yes
[backup]
        comment = Backup Directory
        path = /backup
        guest ok = no
        writeable = yes
        browseable = yes
[globalfiles]
        comment = Global Shared Directory
        path = /data/global
        guest ok = no
        writeable = yes
        browseable = yes
[restore]
        comment = Restore Directory
        path = /data
        guest ok = no
        writeable = yes
        browseable = yes

0
Comment
Question by:rshooper76
2 Comments
 
LVL 6

Accepted Solution

by:
blkline earned 125 total points
ID: 12242281
Have you joined the local PC to the Samba domain?  You need to do that before a user can authenticate against your server.   Manually you create a machine account on the pdc:  

useradd -d /dev/null -s /bin/nologin  yourmachinename$    (machine account needs a Unix account)
smbpasswd -a -m yourmachinename                                          (adds machine account to SMB)

Then, on the client, join it to the domain.  Once you reboot you should be able to authenticate, but the user must be added to smb, too:

smbpasswd -a yourusersname

For comparison, here's the relevant section of my smb.conf:

[global]
   netbios name = MYPDC
   workgroup = MYSMBGRP
   passdb backend = tdbsam
   os level = 33
   preferred master = yes
   domain master = yes
   local master = yes
   security = user
   domain logons = yes
   logon path = \\%L\profiles\%U
   logon drive = Z:
   logon home = \\QHOMES\%U
   logon script = %U.cmd
   remote announce = 192.168.2.255 192.168.3.255
#  wins server = 192.168.1.243
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins support = yes


0
 
LVL 9

Author Comment

by:rshooper76
ID: 12253611
Adding the manchine as a user seems to have fixed the problem.  I was under the impression you only had to do that for NT machines, but my windows 95 machines are now able to log on.  Thanks alot.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now