[SOLVED] Samba PDC does not work (very long)
Posted by mariusz on 2012/3/27 6:07:56
Hello
For a few days trying to solve the problem with the configuration of samba. I wanted to run a domain server PDC but I have a problem with that. Smb.conf created as follows:
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = PDC
netbios name = BP
server string = Samba
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
add user script = /usr/sbin/useradd "%u" -n -g pdcusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Computer (%u)" -d /dev/null -g computerspdc -s /bin/false "%u"
logon script = %u.bat
logon drive = H:
domain logons = Yes
os level = 233
preferred master = Yes
domain master = Yes
wins support = Yes
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
[Profiles]
path = /home/samba/profiles
guest ok = Yes
browseable = No
I added the root user to samba:
# smbpasswd -a root
# smbpasswd -e root
I created a group for users and computers:
# groupadd -g 600 pdcusers
# groupadd -g 700 computerspdc
I added a domain user:
# useradd -c "User One" -s /bin/false -g pdcusers -d /bin/false/ user1
# smbpasswd -a user1
# smbpasswd -e user1
I added a machine trust account:
# useradd -c "Computer05" -s /bin/false -d /bin/false -g computerspdc Computer05$
[root@ns2 ~]# pdbedit -a -m -u Computer05
...
_samr_create_user: Running the command `/usr/sbin/useradd -n -c "Computer (computer05$)" -d /dev/null -g kpdc -s /bin/false "computer05$"' gave 0
Unix username: computer05$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-715444112-3985360940-2913167734-1007
Primary Group SID: S-1-5-21-715444112-3985360940-2913167734-513
Full Name: Computer (computer05$)
Home Directory: \\bp\computer05_
HomeDir Drive: H:
Logon Script: %u.bat
Profile Path: \\bp\computer05_\profile
Domain: PDC
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: wto, 27 mar 2012 07:46:23 CEST
Password can change: wto, 27 mar 2012 07:46:23 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
The networks have computers with Windows XP prof. When I try to add a machine called Computer05 I have a message from Windows:
You can not contact a domain controller for domain PDC...
The samba log there is nothing you try adding a computer to a domain...
# net rpc getsid -S PDC -I 192.168.0.200 -U root%password
Storing SID S-1-5-21-2802699506-3323186421-314900012 for Domain PDC in secrets.tdb
# net rpc join -S ns2 -U root%password
Joined domain PDC.
# net rpc testjoin
Unable to find a suitable server for domain PDC
Join to domain 'PDC' is not valid: NT_STATUS_UNSUCCESSFUL
I do not know if it matters but I prefer to write about it ... NS2 is replaced by a static IP address through a DHCP server running on NS1. On the server ns1 where I is the DNS entry pointing to ns2:
ns2 IN A 192.168.0.200
Ping from Computer5 to NS2 works ... and yet .... For several days I can not find a solution as it can be. Maybe some of you met with this problem and solved it?
Best regards
Mariusz
For a few days trying to solve the problem with the configuration of samba. I wanted to run a domain server PDC but I have a problem with that. Smb.conf created as follows:
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = PDC
netbios name = BP
server string = Samba
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
add user script = /usr/sbin/useradd "%u" -n -g pdcusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Computer (%u)" -d /dev/null -g computerspdc -s /bin/false "%u"
logon script = %u.bat
logon drive = H:
domain logons = Yes
os level = 233
preferred master = Yes
domain master = Yes
wins support = Yes
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
[Profiles]
path = /home/samba/profiles
guest ok = Yes
browseable = No
I added the root user to samba:
# smbpasswd -a root
# smbpasswd -e root
I created a group for users and computers:
# groupadd -g 600 pdcusers
# groupadd -g 700 computerspdc
I added a domain user:
# useradd -c "User One" -s /bin/false -g pdcusers -d /bin/false/ user1
# smbpasswd -a user1
# smbpasswd -e user1
I added a machine trust account:
# useradd -c "Computer05" -s /bin/false -d /bin/false -g computerspdc Computer05$
[root@ns2 ~]# pdbedit -a -m -u Computer05
...
_samr_create_user: Running the command `/usr/sbin/useradd -n -c "Computer (computer05$)" -d /dev/null -g kpdc -s /bin/false "computer05$"' gave 0
Unix username: computer05$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-715444112-3985360940-2913167734-1007
Primary Group SID: S-1-5-21-715444112-3985360940-2913167734-513
Full Name: Computer (computer05$)
Home Directory: \\bp\computer05_
HomeDir Drive: H:
Logon Script: %u.bat
Profile Path: \\bp\computer05_\profile
Domain: PDC
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: wto, 27 mar 2012 07:46:23 CEST
Password can change: wto, 27 mar 2012 07:46:23 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
The networks have computers with Windows XP prof. When I try to add a machine called Computer05 I have a message from Windows:
You can not contact a domain controller for domain PDC...
The samba log there is nothing you try adding a computer to a domain...
# net rpc getsid -S PDC -I 192.168.0.200 -U root%password
Storing SID S-1-5-21-2802699506-3323186421-314900012 for Domain PDC in secrets.tdb
# net rpc join -S ns2 -U root%password
Joined domain PDC.
# net rpc testjoin
Unable to find a suitable server for domain PDC
Join to domain 'PDC' is not valid: NT_STATUS_UNSUCCESSFUL
I do not know if it matters but I prefer to write about it ... NS2 is replaced by a static IP address through a DHCP server running on NS1. On the server ns1 where I is the DNS entry pointing to ns2:
ns2 IN A 192.168.0.200
Ping from Computer5 to NS2 works ... and yet .... For several days I can not find a solution as it can be. Maybe some of you met with this problem and solved it?
Best regards
Mariusz
This Post was from: https://www.centos.org/newbb/viewtopic.php?forum=58&topic_id=36612&post_id=158691