HPE Community
Operating System - HP-UX
1833471 Members
2594 Online
110052 Solutions
New Discussion

Re: samba and nt domain.

 
SOLVED
Go to solution
SILO Storagetek
Frequent Advisor

‎09-21-2003 08:58 PM

‎09-21-2003 08:58 PM

samba and nt domain.

Hi everyone,
I'm in trouble with samba.. What I need is to use an NT PDC of domain DOM with my samba share running on hp-ux.
My version of samba in 2.2.3a.

I followed this procedure:

1. From Server Manager the nt sysadm add my server to domain.

2. run the following command from my system: smbpasswd -j DOM -r PDC (this action creates the secrets.tdb file)

3. in smb.conf :
security = domain
workgroup = DOM
encrypt password = yes
password server = PDC (I try also *)

4. restart samba.

Then, when I try to acces my share from a Win2k workstation, it fails and in logfile i found:
[2003/09/22 10:37:45, 0] smbd/password.c:(1335)
connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCIVREA. Error was : NT_STATUS_OK.
[2003/09/22 10:37:45, 0] smbd/password.c:(1554)
domain_client_validate: Domain password server not available.
[2003/09/22 10:37:45, 0] passdb/pdb_smbpasswd.c:(1367)
unable to open passdb database.

please, I'm out of ideas.

thanks.
p.
0 Kudos
Reply
14 REPLIES 14
RolandH
Honored Contributor

‎09-21-2003 09:05 PM

‎09-21-2003 09:05 PM

Solution

Re: samba and nt domain.

Use the IP instead of the name of the PDC server.

security = server
password server =
encrypt passwords = yes

Roland
Sometimes you lose and sometimes the others win
Reply
SILO Storagetek
Frequent Advisor

‎09-21-2003 09:15 PM

‎09-21-2003 09:15 PM

Re: samba and nt domain.

thanks, but doesn't works..
the error is the same.

p.
0 Kudos
Reply
Steve Lewis
Honored Contributor

‎09-21-2003 09:34 PM

‎09-21-2003 09:34 PM

Re: samba and nt domain.

Two things to try.

Add a trust relationship in the PDC for the server that runs samba.

Check your MS WINS resolution and LMHOSTS lookup.
Reply
RolandH
Honored Contributor

‎09-21-2003 09:37 PM

‎09-21-2003 09:37 PM

Re: samba and nt domain.

Is the User-ID you use at the W2K site also existant as a UNIX Account?
This is necessary authentication will work correctly. Otherwise you must use a "user map". This map assigns a UNIX user to a Domain User.
You can do it like this.

Put this in you smb.conf

domain user map = /usr/local/samba/lib/domain_user.map

In the file domain_user.map you can do a mapping from UNIX User to Domain User.

=
i.e.
root=Administrator

HTH
Roland
Sometimes you lose and sometimes the others win
0 Kudos
Reply
SILO Storagetek
Frequent Advisor

‎09-21-2003 09:38 PM

‎09-21-2003 09:38 PM

Re: samba and nt domain.

Add a trust relationship in the PDC for the server that runs samba.

ok, I'll ask that to NT adm

Check your MS WINS resolution and LMHOSTS lookup.

in my workstation? the resolution is ok.. and I tryed from others workstations..
0 Kudos
Reply
SILO Storagetek
Frequent Advisor

‎09-21-2003 09:44 PM

‎09-21-2003 09:44 PM

Re: samba and nt domain.

hei Roland,
I have to add every user in the domain that I want they can access to my share?
0 Kudos
Reply
SILO Storagetek
Frequent Advisor

‎09-21-2003 10:13 PM

‎09-21-2003 10:13 PM

Re: samba and nt domain.

Roland says:
"Is the User-ID you use at the W2K site also existant as a UNIX Account?
This is necessary authentication will work correctly"

how cai I do that?

thanx.
p.
0 Kudos
Reply
RolandH
Honored Contributor

‎09-21-2003 11:18 PM

‎09-21-2003 11:18 PM

Re: samba and nt domain.

Hello PROD,

sorry you must wait so long but I must check some things first.

I have saw you have set the parameter "security = domain" and not "security = server". This changes some things.
I think you will only authenticate to the PDC/BDC. Then you should change the parameter "security" to "security = server".

I'am right? Give me answer that I know what you must do next.

Roland
Sometimes you lose and sometimes the others win
0 Kudos
Reply
SILO Storagetek
Frequent Advisor

‎09-22-2003 08:47 PM

‎09-22-2003 08:47 PM

Re: samba and nt domain.

thanks, but doesn't works...
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎09-22-2003 09:17 PM

‎09-22-2003 09:17 PM

Re: samba and nt domain.

Why its better to set security=domain?

See here:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=209744

The only problem Samba has so far there is that whatever security parameter in smb.conf is you should map unix-to-windows users.Winbind solves that.

In your case I guess smbpasswd -j -r should be run... to join the domain.

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
Reply
RolandH
Honored Contributor

‎09-23-2003 06:07 AM

‎09-23-2003 06:07 AM

Re: samba and nt domain.

If you do a "smbpasswd -j -r". Be sure that nmbd and smbd is NOT running. Stop samba and look in the process table that these two processes not running. Otherwise kill them.

Roland
Sometimes you lose and sometimes the others win
0 Kudos
Reply
RolandH
Honored Contributor

‎09-23-2003 08:43 PM

‎09-23-2003 08:43 PM

Re: samba and nt domain.

Hi Prod,

Some more hints for your [Global] config.
It should look like this.


[Global]
netbios name =
workgroup =
password server =
encrypt passwords = yes
# Following parameters must be set, because the PDC must be the Domain-Master-Browser
os level = 0
domain master = no
local master = no
preferred master = no

# Two more parameters can be important
username level =
password level =

What does "username level"

Some clients transfer the username in capital letters. Per default Samba tries to find the username in lower case letters only with the first letter in capital. i.e
account name is "BobAcct" Samba will look by default for
bobacct
Bobacct

You see you will fail. But if you set now "username level = 4"
Samba will look for
bobacct
Bobacct
bObacct
boBacct
bobAcct
bobaCct
bobacCt
bobaccT
BObacct
BoBacct
BobAcct
...
The search will end if the name was found.
The same rule for "password level" with one exemption. A "password level = 8" means that samba does not differ between lower case and upper case letters.

HTH
Roland
Sometimes you lose and sometimes the others win
0 Kudos
Reply
SILO Storagetek
Frequent Advisor

‎09-23-2003 10:02 PM

‎09-23-2003 10:02 PM

Re: samba and nt domain.

all setting are correct except
username level =
password level =

I try to set 8.
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎09-23-2003 10:17 PM

‎09-23-2003 10:17 PM

Re: samba and nt domain.

Use winbind for unix-nt user mapping.
Ah,and provide points to the hard working
community :)

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.