Ubuntu Servers :: Samba, PDC: Windows Xp Unable To Join The Domain?
Dec 18, 2010
I've been configuring a PDC using samba I used this tutorial url as reference. It seems all went well during the installation and configuration not until when I try to join a windows machine to the domain.
Scenario: When the authentication dialog box prompts the username and password of the domain administrator. I supply root as username and its corresponding password. Then I will prompt an error "The user name could not be found. But, I have noticed that when I supply a wrong password of root the it will prompt "Login failure: unknown user name or bad password. It seems that the windows machine was able to recognize the account somehow.
I am practising setting up a small network using UBUNTU as a PDC through SAMBA to service xp clients.
I have sucessfully setup DNS on the Ubuntu server using Bind9 and can nslookup from both the client and the server by FQDN and can also ping ipaddress.
I have setup a basic smb.conf file however when I try to add the xp client to the domain I get an error message saying a domain controller for the domain could not be contacted.
I have disabled the firewalls on both the server and the xp client and still get the same error message when trying to join the domain. I've checked my network settings on the client, its set to use a static IP address and the DNS server and WINS server are set as my Ubuntu Samba PDC address.
I haven't been able to see anything odd in the smb.conf file that might cause this issue. I can connect directly to the shares using the samba network account that I created by going to start run and typing in the unc path.
Not sure what the cause of this issue is, I thought it might be a DNS issue on the client. One odd thing I noticed is that when I do nslookup using just the server name and not the FQDN i get a message in dos saying that the default server cannot be found but says that the server name for the [ipadress] cannot be found. It does list the correct ip.
I'm not sure what is causing the problem of stopping my xp client from joining the Ubuntu Samba PDC. I'm using UBUNTU server 10.04.
We've been running samba on linux for a while and everything was fine. All of a sudden when you add new clients to the domain you get the error message :Logon Failure:unknown user name or bad password. This to me seems like a windows error message and not a samba error. When you remove an existing machine (ie on domain) and then try to rejoin it to the domain you fail.
I?m trying to change the Windows server to Linux. I?m using Ubuntu 8.04 LTS with Samba 3.02. Security is ads so the server is a domain server. The good thing is I had it working where as windows could see the share files and Ubuntu could see the windows files. I started downloading files into the share directory and started setting up permission. I rebooted the server and now I can not join the domain using net ads join.I can join using RPC but share don?t work.I can see my domain users and groups using wbinfo. I using Windows2k in native mode and Realm is pointing to the domain.
I was wondering if there is any way to enable an MS Windows client that is otherwise unable of joining a domain to join a domain controlled by (open)SUSE? Is that inability only for joining a Windows based domain but a client that runs XP Home Edition or similar domain- incapable version of Windows could join a domain if it was controlled by Linux?Pardon my newbie style, but answer doesn't have to be detailed step-by-step, just yes/no answer with some pointers would do. I am not new to linux but new to network services... search engines weren't friendly when asked this question at the search bar...
Im currently using an english book to setup my samba server, and im having problems understanding it.
I dont want to use root to join clients to the domain; i prefer creating a plain user.
Ok, so, the steps i follow are:
net groupmap add unixgroup=srvadmins ntgroup="Server Admins" net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d net rpc rights grant 'ORAServer Admins' seMachineAccountPrivilege
This way, i have a group called srvadmins with permissions to join clients, a group called dmnadmins with permissions to manage users and other permissions, and root.
Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from srvadmins group) can add machines to domain. Root because is root, srvadmin because i granted permissions, and dmnadmin because is admin
So i wonder, why srvadmins group is needed to be granted privileges?
I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked
net rpc rights revoke 'ORADomain Admins' seMachineAccountPrivilege
looks like its privileges comes from another group and it user managed to add a machine to the domain correctly.
Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain?
I've setup my samba pdc with ldap, and I can see my shared files (public), which i think is an indication that my samba is working. But I can't seems to get my win2k8 machine to join my domain.
My domain admin is : root system admin: root password for both domain admin and system admin are the same The message that I get from Win2k8 when I try to join a domain is "The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot, and rejoin the domain"
I've got a home server running Ubuntu Server 9.04 and several machines running Ubuntu Desktop (9.04 and 8.04) and Windows (XP, Vista and 7). Now what I want to do is to create a domain and directory server similar in function to Windows Server w/ AD and join my other machines to the domain, but am not sure where to start. I already have file shares with Samba but now I want to setup a domain.
First of all I am new user on fedora forum and I love Linux (special Redhat flavours) and want to replace windows into Linux Everywhere. I am having some issue in configuring PDC on Fedora,I want to replace my company Windows Domain controller and file server into fedora file and PDC, I tried from web and through 389-directory server but didn't succeed even once, how to configure PDC with Samba 4 + 389-directory Server, I have heard samba 4 is having awesome support and its better then windows DC, configuring Complete PDC. (Whatever need to configure PDC i.e. DNS, SAMBA 4, SWAT, WEBMIN, 389-Directory Server, Windows sync,).
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID) wbinfo -s SID (returns proper text group name) wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux lsb_release -a No LSB modules are available.
I feel ashamed for even asking this, since it seems like there's about 3 samba questions here every day. However after an hour of searching, I keep finding strange variants that aren't what I need.
My Goal: Create a single file share on an Ubuntu Server - share it via samba to Windows clients that are on a domain with active directory. It sure would be nice if AD authentication would work - so users don't have to type in a linux user/passsword each time they want to access the share.
In my adventures, I've found the following items (which may overlap)
1. Joining the server to a Windows Domain
2. Turning the server into a Windows Domain Controller
3. Authentication with LDAP (still not quite sure how/what this would do)
4. Stuff with Kerberos
5. Lots of people bickering about Samba 3/4 & how it's impossible to make Samba a PDC.
I'm not sure if I need to make the ubuntu server a domain controller or not...all I want to do is create a file share and share it on the domain...I don't need to make the ubuntu server a domain controller for that, right? Maybe just a member? Maybe nothing at all?
I guess if I want to authenticate stuff correctly (or forward authentication requests? Not sure), I probably need to join the ubuntu server to the domain...I think.
But let's say I do join it to the domain...then how to I create a file share that is authenticated via active directory rather than a local ubuntu server account? I see a dozen guides on joining the server to the domain, but nobody ever mentions sharing the folder over the domain.
The lines are also blurred between joining Ubuntu to the domain and making it a domain controller. What should I keep an eye out to avoid in these tutorials?
I get lost between the Kerberos/LDAP/Samba/WinBind etc...and I have a feeling I don't need all of these for something this simple.
I've installed Ubuntu 9.10 in my office desktop. as a newbie in the world of linux, i really do not know much about it. I want to join my desktop in our domain. i already have the ip addresses of the DNS servers but i dunno where to put it. i've installed likewise open and try to join the domain but it displays the following errors: Manual Configuration Required:
The configuration stage 'open ports to DC' cannot be completed automatically. Please manually perform the following steps and rerun the domain join: Some required ports on the domain controller could not be contacted. Please update your firewall settings to ensure that the following ports are open to 'MARVEL2.LBPNET':
I have 15 or so debian lenny machines, and a xen server that I would like to join to the windows 2003 AD domain controller. The main goal is I would like the windows / linux user names and passwords to be the same on each system. Only 10 or so users need access to the machines but the passwords sometimes are different. How should I go about accomplishing this ?
I was told that openldap may be a solution. But from what I've read about it sounds like its just a mimic or window AD and doesnt sync with it, at least natively ?
I'm having a problem getting likewise to connect to a Windows 2008 R2 server on our network.
Error: Lsass Error [code 0x00080047] 9502 (0x251E) DNS_ERROR_BAD_PACKET - A bad packet was received from a DNS server. Potentially the requested address does not exist. I have already read up on this a little bit. Both servers are within a minute of each other, so I am not concerned about server timing. I am not sure where to go from this point. Everything I have read seems to indicate that this should "just work".
I have too many problems to join my OpenSuSE 11.2 with Samba 3.5.4 in a Windows 2008 Active directory Forest (MYDOMAIN.LOCAL). I have updated Samba to 3.5.4 after read that default 11.2 version have too many bugs. Now, when I try to join the Domain MYDOMAIN.LOCAL via yast i have only an undebuggable error "unknown error". For yast, my Suse is joined but i'm unable to authenticate, i can't see "MYDOMAIN.LOCAL" at KDM login and if i try to lookup forest i have this error:
Code: wbinfo -u Error looking up domain users but i'm able to retrive ticket via kinit Code: # kinit Administrator Password for Administrator@MYDOMAIN.LOCAL:
have you a samba version tested against Active Directory 2008? can you link me the repository or help me to solve this?
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
I am facing a problem which joining my linux machine to SAMBA Primary Domain Controller (Running on Centos 5). I am able to join Windows XP machine to the domain, but i have no idea how to do it on Linux Client.
i need to allow window domain controller user to use file share of linux.windows DC user can see the share file and directories of linux file server but not able to access.
below is brief--
I have a Linux machine which is on my network but not on my domain. I have configured SAMBA FILESERVER for file sharing purpose. I have a Windows XP PC which is on the domain(windows server) that I am trying to connect to a share on the Linux box. I supply my credentials but regardless of which login I use I always get Logon Failure. I have created an account on the Linux machine with the same user name and password as my domain account but so far no luck. Can I connect from a domain PC to a non-domain Linux box? Is there something else I should be checking?
Good evening, I get the following error when prompted for my user name and password credentials that have access to the domain rights on the server. After typing in root and the password I get the following.
"The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted, unjoin, reboot and rejoin the domain."
Posted below is my smb.conf file, however I feel like I am screwing up the last steps with group-mapping, net commands, and creating accounts.
[global] workgroup = SCRUGGSHOME passdb backend = tdbsam printcap name = cups add user script = /usr/sbin/useradd -m %u
i have registered two domain names that i want to use to connect to my ubuntu server. I was wondering how to do this i was looking at bind9 but that didn't work that great. The server is behind a router with firewall i can connect to it using the external IP address but i like to use the two domain names if that is possible.
My samba domain controller will not serve up scripts upon login, and acts very slow when not connected to the Internet. Also, network browsing from windows boxes shows no computers on the network once all this happens. Once the net connection comes back up, everything is fine.
Ubuntu 10.04.2 LTS Samba 3.4.7
Router: Smoothwall Express 3.0-polar-i386 3.0 (update6). Router is set up as DHCP, and appears to be serving up normal IP's when the Internet connection goes down. I can ping the domain server at its normal IP when the connection goes down.
We're still using an NT Domain Server, and Samba is already configured properly. But the problem is if the shared folder is configured in samba to be accessed by group and not the domain username, authentication fails even if the user is member of the group.
I've been working for hours with Samba on Ubuntu Server 9.10 (Samba version 3.4.0), trying to get it setup simply as a fileserver that performs authentication to an NT 4 server (yes, I know, old and out of date). After much struggling, I finally realized that my configuration *was* working when the clients connecting (from XP, and Win2k clients, mostly) were actually joined to the domain (where the PDC is the NT 4 Server) and logged into the domain.For various reasons, many of the Windows clients at this location don't actually log into the domain, even though they have login/passwords that are valid users on the domain and they'll typically have some drives mapped to the PDC.
By the way, I have this working on another Linux box running Samba 3.0.28, so I'm sure it's possible, I'm just lost as to how to do it.I can provide plenty more information if it would help diagnose the situation. Does anyone have an idea of how I can get this to work? I'm sure it's possible, since the exact scenario worked in a recent version of Samba.
I'm stuck with this problem of adding Windows machine to Linux domain. for which samba has been configured as PDC .
operating system : Cent OS 5.3 with updates ., with hostname tester.com Dnsdomainname = com Code: [global] workgroup = TESTER netbios name = TESTER server string = Samba Server Version %v interfaces = lo, eth0, 192.168.1.1/24, 192.168.1.2/24 passdb backend = tdbsam code....
guest ok = Yes now everything work well i.e windows client can access their share. also permissions are set appropriately. Also account for users and particular XP machine are also created.when I try add windows machine to samba domain by changing windows machines domain name to the tester . Windows client gives error of can not connect to domain.If anyone has any idea about this problem of adding windows machines to SAMBA domain pls reply.
I'm trying to connect to a Samba share on a VirtualBox'ed Windows 7 that is connected to an openSUSE host in bridged mode. For reasons beyond my comprehension I cannot use the shared folders feature, so I'm using Samba instead. I configured a share through openSUSE's Samba server configuration tool:
[iTunes] inherit acls = Yes path = /home/myusername/iTunes read only = No valid users = myusername
I also set a password for this user using smbpasswd -a myusername. I can go to smb://192.168.1.6 on the host machine and log in to the share successfully, but on Windows 7 I see this: What am I doing wrong? I can connect to the shares list without any problems. It's just the login that doesn't work.
Update: I noticed that my Samba server is part of the WORKGROUP domain.
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64] Sharename Type
My Windows 2003 domain has three domain controllers. All of them are configured as global catalog servers, but my krb.conf and krb5.conf only contain a reference to one of them. What if the DC referenced is down? Should my files reference the other DCs? The contents of my files follow...
I have sucessfully joined my machine to Windows Active Directory (it wasn't all that complicated ). I was wondering where the uid information for users that login is located and managed? The reason I ask is because we are going to set up a separate NFS server and NFS relies on the uids of the users. I know there are numerous ways I can view the uid for a user (through the use of the id <username> command, do an ls on the /home directory displaying the uid instead of the translated name, etc), but is there a way to have this readily available (almost as the /etc/passwd file is)?
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code: [testshare] path = /srv/testshare valid users = @"Domain Name+Domain Group" (Have tried many things here) public = no writable = yes printable = no create mask = 0765