Solved

Samba PDC Problems

Posted on 2004-10-06
2
347 Views
Last Modified: 2010-03-17
I have a Linux Fedora Core 2 machine setup running Samba.  Samba is currently running great, if user log onto the Netware 3.12 server or thier local machine they can access the shares I have setup.  However if I try to log onto the Samba PDC I get an error that states "No domain server was available to validate your password.  You may not be able to gain access to some network resources"  If I click "OK" at this point the shares still work.
If I set the domain to the IP address of the Linux machine I get the following error "The domain password you supplied is not correct, or acess to your logon server has been denied."
I have Windows 95, Windows 98, and Windows XP Pro machine on my network.  I really want to have my uses log onto the Samba PDC instead of thier local machines of the existing Netware server. I have looked a tons of confugurations and I don't understand why this does not work.  

I have all included my smb.conf file below.

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
        log file = /var/log/samba/smbd.log
        dns proxy = no
        smb passwd file = /etc/samba/smbpasswd
        netbios name = FS00
        server string = FS00
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        remote announce = 192.168.100.0/FS00
        local master = yes
        workgroup = CORP
        os level = 255
        domain master = yes
        username map = /etc/samba/smbusers
        domain logons = yes

[homes]
        comment = Home Directories
        browseable = no
        writeable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
;   comment = Network Logon Service
        path = /home/netlogon
        share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
[Profiles]
        path = /home/profiles
        browseable = no


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
;[printers]
;       comment = All Printers
;       path = /var/spool/samba
;       browseable = no
# Set public = yes to allow user 'guest account' to print
;       printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   read only = yes
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765


[accumed]
        comment = Accumed Directory
        path = /data/accumed
        guest ok = no
        writeable = yes
        browseable = yes

[upload]
        comment = Upload Directory
        path = /data/upload
        guest ok = no
        writeable = yes
        browseable = yes
[shared]
        comment = Shared Directory
        path = /data/shared
        guest ok = no
        writeable = yes
        browseable = yes
[backup]
        comment = Backup Directory
        path = /backup
        guest ok = no
        writeable = yes
        browseable = yes
[globalfiles]
        comment = Global Shared Directory
        path = /data/global
        guest ok = no
        writeable = yes
        browseable = yes
[restore]
        comment = Restore Directory
        path = /data
        guest ok = no
        writeable = yes
        browseable = yes

0
Comment
Question by:rshooper76
2 Comments
 
LVL 6

Accepted Solution

by:
blkline earned 125 total points
ID: 12242281
Have you joined the local PC to the Samba domain?  You need to do that before a user can authenticate against your server.   Manually you create a machine account on the pdc:  

useradd -d /dev/null -s /bin/nologin  yourmachinename$    (machine account needs a Unix account)
smbpasswd -a -m yourmachinename                                          (adds machine account to SMB)

Then, on the client, join it to the domain.  Once you reboot you should be able to authenticate, but the user must be added to smb, too:

smbpasswd -a yourusersname

For comparison, here's the relevant section of my smb.conf:

[global]
   netbios name = MYPDC
   workgroup = MYSMBGRP
   passdb backend = tdbsam
   os level = 33
   preferred master = yes
   domain master = yes
   local master = yes
   security = user
   domain logons = yes
   logon path = \\%L\profiles\%U
   logon drive = Z:
   logon home = \\QHOMES\%U
   logon script = %U.cmd
   remote announce = 192.168.2.255 192.168.3.255
#  wins server = 192.168.1.243
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins support = yes


0
 
LVL 9

Author Comment

by:rshooper76
ID: 12253611
Adding the manchine as a user seems to have fixed the problem.  I was under the impression you only had to do that for NT machines, but my windows 95 machines are now able to log on.  Thanks alot.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now