Ok, so we at present upgrading our server hardware for production facility, this mainly is running as a File Store, and MySQL database store, but its also been running as a PDC domain controller for a locked down network for shop floor. But when I come to try and add pc’s to the new domain they unable to find the domain controller. I obviously missed a settings. The smb.conf below what I am using, any guidance to what i may have messed up be gratefully received.
[global]
netbios name = RDDS04
server string = Linux Data Server
workgroup = RDMill
interfaces = lo eth0 eth1
os level = 65
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
#socket options = TCP_NODELAY
time server = yes
hide dot files = yes
security = user
passdb backend = tdbsam
encrypt passwords = yes
admin users = root @smbadmin
invalid users = bin daemon sys man postfix mail ftp
guest ok = yes
guest account = dataserver
map to guest = bad user
username map = /etc/samba/smbusers
enable privileges = yes
nt acl support = yes
follow symlinks = yes
wide links = yes
unix extensions = no
#logon path = \\%L\profiles\%U
logon path =
logon drive = H:
logon script = logon.cmd
add machine script = /usr/sbin/useradd -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
add user script = /usr/sbin/useradd "%u" -n -g users
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
delete user from group script = /usr/sbin/userdel "%u" "%g"
wins support = yes
wins proxy = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = yes
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
load printers = yes
show add printer wizard = yes
log file = /var/log/samba/log.%m
max log size = 50
log level = 1
passwd chat debug = yes
#============================ Share Definitions ==============================
[printers]
comment = All Printers
printable = yes
path = /var/spool/samba
guest ok = yes
create mask = 0600
[print$]
comment = Printer Driver Download Area
path = /export/samba/drivers
browseable = no
guest ok = yes
write list = @smbadmin, root
force group = smbadmin
create mask = 0664
directory mask = 0775
[homes]
comment = Home Directories
browseable = no
writable = yes
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/.svn/
[netlogon]
comment = Network Logon Service
path = /export/samba/netlogon
root preexec = /var/lib/samba/scripts/autopoweruser-saltsmill.sh %U %m
read only = yes
guest ok = yes
browsable = no
#[profiles]
# comment = Network Profiles Share
# path = /export/samba/profiles
# read only = no
# store dos attributes = yes
# create mask = 0600
# directory mask = 0700
# browseable = no
# guest ok = no
# printable = no
# profile acls = yes
[TADS]
comment = TADS exported filesystem
path = /export/TADS
read only = yes
writeable = no
public = no
guest ok = yes
force user = dataserver
create mask = 0640
directory mask = 0750
write list = @smbadmin, root
[filexchange]
comment = Common shared folder
path = /export/shared
read only = no
writeable = yes
public = yes
guest ok = yes
force user = dataserver
create mask = 0640
directory mask = 0750
[work]
comment = Working Folder for each user
path = /export/work
read only = no
writeable = yes
public = yes
guest ok = yes
force user = dataserver
create mask = 0640
directory mask = 0750
[repairs]
comment = Repairs shared folder
path = /export/repairs
read only = no
writeable = yes
public = yes
guest ok = yes
force user = dataserver
create mask = 0640
directory mask = 0750
[admin]
comment = Shared Admin Files
path = /var/server
read only = no
writeable = yes
public = yes
guest ok = yes
force user = root
create mask = 0640
directory mask = 0750
browseable = no
> Enazel;
>
> Windows 7 (and I believe Windows 8) needs a registry hack to join a Samba3 NT style domain. For details see:
>
> http://wiki.samba.org/index.php/Windows7
>
> ( for Windows 8 see also: http://www.admin-magazine.com/Articles/Linux-with-Windows-8 )
>
Oh yes; although not necessary, you might consider dropping the socket options. You are unlikely able to out guess a modern
kernel. See the reply of Jeremy Allison in this thread:
as for the register hack I know about that, been using it for the last year or so on windows 7 pc’s, definitely there. so will need to start looking at other reasons.
Ok i now actually getting further than I did yesterday, its asking for username / password when connecting to the domain but after giving username password - it gives the error “The following error occurred attempted to join the domain “RDMILL”: The specified domain either does not exist or could not be contacted.” Any ideas what could cause that.
So clients are OK… Let’s check the server and the network! And there is quite a lot to check…
About the server
[ul]
[li]Which version of openSUSE is in use? [/li][li]What is Samba version?[/li][LIST]
[li]I’m at ease with Samba 3.* only [/li][/ul]
[li]What are the UNIX permissions on /export/samba/netlogon?[/li][ul]
[li]It should be readable by all domain users [/li][/ul]
[/LIST]
About the network
In the following lines, I will use the imperative tone for the sake of simplicity but I’m only making suggestions ;).
From the Samba server, try to list its own shares:
$ smbclient -L localhost
From the Windows client, try with cmd.exe to list your server shares:
C:\> net view \\RDDS04
From the Samba server, check if it is advertised correctly on the network:
$ nmblookup 'RDMILL#1b' 'RDMILL#1c'
Where 1b means we want he domain master browser and 1c the domain controler. If your Samba server is advertised correctly, the IP adress of your Samba server should be returned.
End note
If all tests went well, maybe you should try a minimal smb.conf like the following:
Sorry I not replied to this other issues became priority.
About the server
[ul]
[li]Which version of openSUSE is in use? - 12.2[/li][/ul]
[ul]
[li]What is Samba version? - samba 3.6.7[/li][LIST]
[li]I’m at ease with Samba 3.* only[/li][/ul]
[li]What are the UNIX permissions on /export/samba/netlogon?[/li][ul]
[li]It should be readable by all domain users its readable by everyone[/li][/ul]
[/LIST]
About the network
In the following lines, I will use the imperative tone for the sake of simplicity but I’m only making suggestions ;).I am happen for the guidance.
From the Samba server, try to list its own shares:
Workgroup Master
NAS RD-QNAP (our NAS server box for backups)
RDMILL RDDS04
WHARF RDDS00 (test domain for trying stuff not on live system)
Workgroup RD-ITXXX (test pc trying to join to the RDMILL)
From the Windows client, try with cmd.exe to list your server shares:
```
C:\> net view \\RDDS04
```
Shows the 4 shares on RDDS04 but thats it.
From the Samba server, check if it is advertised correctly on the network:
```
$ nmblookup 'RDMILL#1b' 'RDMILL#1c'
```
Where 1b means we want he domain master browser and 1c the domain controler. If your Samba server is advertised correctly, the IP adress of your Samba server should be returned.
Right think i might have found problem
querying RDMILL on 127.255.255.255
querying RDMILL on 192.168.5.255
querying RDMILL on 172.16.7.255
172.16.0.2 RDMILL<1b>
querying RDMILL on 127.255.255.255
192.168.5.131 RDMILL<1c>
Those are both address for the server, (its going to be temp on the old network of 172.16.*.* address while we move all the pc's over, and the 192.168.5.131 is the windows domain IP address which temp is sitting while I sort everything out, but there is a third IP address which is should be using of 192.168.11.1 which isn't showing up. So I am guessing as its return those two address that its not advertising correctly.
I Agree, your server isn’t advertised correctly or at least on the wrong interface. Below is my interpretation of your output:
querying RDMILL on 127.255.255.255 *Broadcast lo*
querying RDMILL on 192.168.5.255 *Broadcast eth0*
querying RDMILL on 172.16.7.255 *Broadcast eth1*
172.16.0.2 RDMILL<1b>
querying RDMILL on 127.255.255.255
192.168.5.131 RDMILL<1c>
My diagnostic is that your interfaces parameter is wrong. Of course, it’s me who may be wrong.
To be sure, you should check your server nmb logfile (/var/log/samba/log.nmbd). A successful logon server registration 1c is like this:
become_logon_server_success: Samba is now a logon server for workgroup *DOMAIN NAME* on subnet *SERVER IP*
You should also see an entry in the server nmb logfile saying that the server became domain master 1b:
Samba server *SERVER NAME* is now a domain master browser for workgroup *DOMAIN NAME* on subnet *SERVER IP*
From what you will see in nmb log file, you may need to change your interfaces parameter in smb.conf and add:
bind interfaces only = yes
This will force nmb and smb to respond only to the IP adresses and the interface devices specified in the interfaces parameter. Note that you don’t need to specify the loopback interface in interfaces.
Right got the domain working was interface issue, which been resolved.
Only issue I can see now is
when I log in with one of the domain accounts on the PC either though it is join the RDMill domain and pulling the info from there, its got the profile being used as OLDDOMAIN/Account rather than NewDomain/Account, its all working but its a bit of a strange one any ideas?
Right got the domain working was interface issue, which been resolved.
Nice!
Only issue I can see now is
when I log in with one of the domain accounts on the PC either though it is join the RDMill domain and pulling the info from there, its got the profile being used as OLDDOMAIN/Account rather than NewDomain/Account, its all working but its a bit of a strange one any ideas?
Yes, I have an idea: I had the same problem. When you change the Samba domain name, Samba users’ domain aren’t changed automatically. You can correct this using:
