Samba automatically adding XP Pro client to PDC not working

Robert Hausler · ‎01-11-2006

HI,

You no doubt get a lot of this.

I have set up a rh-es4 with samba 3 as pdc
the prob i have is if I manually adduser pc_machine and vipw the pc_machine to pc_machine$
I can then join XP Pro Client pc_machine to pdc - works fine. and the pc_machine$ entry is automatically added to smbpasswd file.

However If I try to add XP Pro pc_machine to pdc without manually adding the machine name it reports "the user name could not found"

I have also found I cannot adduser pc_machine$ I have to adduser pc_machine and then vipw to manually put the $ at the end of the machine name.

Manually is ok for one or two machines but 20 :)

your help invaluable.

Steven E. Protter · ‎01-12-2006

Shalom Robert,

This may be a problem with the Windows client.

Is the networking setup match the domain name of the Samba PDC?

Is the machine patched sufficiently to work with Samba?

Putting a machine account into the PDC under Samba is not such a onerous requirement. To make a Samba server join a network, its sometimes requires to make a machine account on the Windows PDC.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Ivan Ferreira · ‎01-12-2006

I think that you don't configured the add machine script parameter. You must configure that. See also:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=947647

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Robert Hausler · ‎01-12-2006

I have set the typical signorseal registry edits on the client.

I also have an add machine script which is the same as what I used when manually creating the account.

I can't help but keep thinking that it might have something to do with the fact that I cannot add a user with a $ on the end even manually without using vipw to append the $ manually.

should I includ my smb.conf - would that be helpful.?

Ivan Ferreira · ‎01-12-2006

I don't know why you can't add a user with $. With useradd "username$" (double quoted) it works on my system.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Stuart Browne · ‎01-12-2006

Hey Rob!

I'm shocked, you didn't call first :P

Anyway, some details if you could.

I've got a RHES4U2 system here (go VMWare), and I, like the others here, can add user$ no problems.

So, what are the SELinux settings currently set to? (/etc/selinux/config). Enforcing/Targeted? Or [Permissive|Disabled]/Targeted?

What versions of the packages 'samba' and 'selinux-policy-targeted' do you have?

I'm running samba-3.0.10-1.4E.2 and se-policy-targeted-1.17.30-2.110.

I thought PAM might have some control over the user-adding stuff, but it doesn't, so there goes one whole line of thinking.. And I'm pretty sure with what you've said thus far, it's not 'cause you're storing the users in an LDap or other database.

.. Anyway, try the SELinux path first .. I'll think some more ..

One long-haired git at your service...

Robert Hausler · ‎01-18-2006

Selinux = permissive
Selinuxtype = targeted

here is my smb.conf - Global section

---------

# Global parameters
[global]
;general name / domain settings
workgroup = openplains
realm = openplains.com.au
netbios name = openfs02
server string = Fileserver

;domain server settings
domain logons = Yes
domain master = Yes
preferred master = yes
os level = 60
logon script = logon.bat
logon path = %Lprofiles%U

;other Domain server settings
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
unix password sync = Yes
pam password change = Yes

;custom domain security settings
min passwd length = 5
map acl inherit = yes
null passwords = no
utmp = yes

add user to group script = /usr/sbin/adduser %u %g
delete user from group script = /usr/sbin/deluser %u %g
add machine script = /usr/sbin/useradd -d /dev/null -g 501 -s /bin/false -M %u

;security settings
interfaces = 192.168.0.0/24
bind interfaces only = Yes

;log file settings
max log size = 1000
;logs all machine connections in a separate file
log file = /var/log/samba/%m.log

;generally accepted good performance socket options
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY

wins support = Yes
name resolve order = wins lmhosts bcast
disable netbios = yes
use client driver = Yes
time server = yes

preserve case = yes
strict locking = no

;Winbind settings - not 100% sure on them yet
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

;
;Below here are the share mappings

Ivan Ferreira · ‎01-18-2006

I think that winbind is only needed if you want to authenticate services with a Windows Domain Controller.

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Ivan Ferreira · ‎01-18-2006

Also, i'm not sure about using the same ID for all machines, use instead:

add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Robert Hausler · ‎01-18-2006

The biggest problem I have is that I cannot adduser ... pcname$ from the command line. I have to adduser .. pcname and then add the $ by manually adding it using vipw. i have also tried using "pcname$"

Ivan Ferreira · ‎01-18-2006

What if you use

useradd machine\$

That works on my system too.

Also, when you run net groupmap list, do you see Domain Admins (RID 512), Domain Users (RID 513) and Domain Guests (RID 514)?

Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?

Robert Hausler · ‎01-19-2006

If i try useradd pcname\$ i get 'invalid user name' and yes i have the Domain Admin,Guest and user in the net groupmap list.

Stuart Browne · ‎01-19-2006

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150770

Shadow-utils package update fixes this.

One long-haired git at your service...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Samba automatically adding XP Pro client to PDC not working

Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working

Re: Samba automatically adding XP Pro client to PDC not working