[TriLUG] Help with SAMBA acting as PDC for windows

John-David Henderson jd at savagegeek.com
Wed Oct 5 10:52:54 EDT 2005


Well I tried "administrator" as well but the same error happens.
 
attempting to join the domain WEBNET: Access is denied
 
But some other info as well.
 
If you have for instance this workstation on the domain before with a different workstation name, and then
remove it by using:
smbpasswd -x workstation$
and then remove it from the /etc/passwd file as well as the /etc/shadow file.... 
 
That does get rid of the account and the associated MAC address of the previous workstation's SID right?
 
Not sure if the SAMBA server uses SID's or not like NT does, but just wondering.
 
Thanks 
 
JD Henderson
<http://www.landemonium.com> 
email - jd at savagegeek.com
mobile - 919-649-5589
 

________________________________

From: trilug-bounces at trilug.org on behalf of Mark Fowle
Sent: Wed 10/5/2005 10:27 AM
To: Triangle Linux Users Group discussion list
Subject: RE: [TriLUG] Help with SAMBA acting as PDC for windows



the user that you use to to add a system to the domain must be in the
Admin group
root = admin administrator @it

Mark

> Yes, This is the contents of the smbusers file
>
> # Unix_name = SMB_name1 SMB_name2 ...
> root = admin administrator
> nobody = guest pcguest smbguest
> it = @it
> oranet = @oranet
> dmerkle = dmerkle
>
>
> I am a member of the "it" group.
>
> The it group is on a NIS server acting as a group that I am a member.
>
> BTW, I am coming into this postion with this already in place, but had
> something
> like this in place at another location.
>
> Thanks.
>
> JD Henderson
> <http://www.landemonium.com>
> email - jd at savagegeek.com
> mobile - 919-649-5589
>
>
> ________________________________
>
> From: trilug-bounces at trilug.org on behalf of Mark Fowle
> Sent: Wed 10/5/2005 10:00 AM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] Help with SAMBA acting as PDC for windows
>
>
>
> Just curious - is the user you are trying to use to add the machine to the
> domain in the smbusers file and associated with root?
>
> - Mark
>
>> Hello,
>>
>> I have a situation that is happening to one of my Windows XP
>> workstations
>> trying to connect
>> to a SAMBA server acting as a Primary Domain Controller.  So to begin
>> with, the server is
>> a RedHat Fedora Core 3 Running SAMBA version 3.0.10-1.fc3
>>
>> So what is happening is when I am trying to join the machine account to
>> our "WEBNET" domain,
>> the error on the Windows XP workstation is " The following error
>> occurred
>> attempting to join the domain WEBNET: Access is denied
>>
>> Now, I am using a valid username to authenticate the machine account,
>> and
>> the machine account exists
>> in the /etc/samba/smbpasswd file.  Also the machine account exists in
>> the
>> /etc/passwd and /etc/shadow file.
>>
>> entry in /etc/passwd file:
>> n-pace$:x:1105:105::Machine Account:/dev/null:/bin/false
>>
>> entry in /etc/shadow file:
>> n-pace$:!:13011:0:99999:7:::
>>
>> entry in /etc/samba/smbpasswd file
>> n-pace$:1105:498B3F3A1D654D56AAD3B435B51404EE:7C5D6F77A7C4A52F3F771BA178AD21D4:[W
>>          ]:LCT-4342E59A:
>>
>> Now I do know when getting the error above it means:
>> There isn't a machine account entered in smbpasswd for the computer
>> you're
>> attempting to have
>> join the domain, or the machine account is currently disabled. It's also
>> possible that you're
>> trying to join the domain using an account name other than "root", which
>> is required.
>>
>>
>> Also, this machine was on the domain as a different machine account, but
>> I
>> removed the account from the /etc/passwd file /etc/shadow file, and
>> /etc/samba/smbpasswd file.
>>
>> Can anybody help?
>>
>> Thank you very much
>>
>> JD Henderson
>> <http://www.landemonium.com>
>> email - jd at savagegeek.com
>> mobile - 919-649-5589
>>
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/




More information about the TriLUG mailing list