Topic: W2k domain logon

[karl]

Hi all,
I have tried to get Win2k pc's to log into a e-smith setup as pdc. I have tried Darrell's way and via the " trust-account rpm", but all fail. The error I recieve is
"error, the credentils supplied details confilct with an existing set of credentials "
Any help or pointers would be appreciated. Thanks in advance,
Karl

[andrew]

Hi Karl,

Did you upgrade the Win2k box with Service Pack 2? If so, there is a problem with Samba & SP2, which will not be rectified until Samba 2.2.1 is released.

The only workaround is to rollback to SP1, get it on the domain, then upgrade to SP2.

Hope that helps.

Andrew.

[karl]

Hi Andrew,
As yet I've not upgraded Win2k at all. It is still a virgin install. It works fine so I'm following "if it ain't broke,don't fix it".
I have tried renaming my pc to something else (fredfrog) and trying to connect that way, but still no success. I can remember reading somwhere about using "root" as the name with access rights to the domain, but the response is still the same.
I'm stuck

Regards Karl

[bill roy]

I have the same problem too. I have win2k SP1 and have tried to connect to the domain and still get the "credentials supplied" message...

[andrew]

Try this,

1.Create a UNIX user account for the win2k machine account " useradd -c 'win2k workstation' -M -s /bin/false -n workstationname$"
(note, "workstationname$" would be the name of the win2k box)

2.When the win2k workstation asks for a user with permissions to join you to the domain the root account has to be created for samba.
Add root to the smbpasswd file:
"smbpasswd -add root"
Changing root password in smbpasswd:
"smbpasswd root"
Enable the user root account:
"smbpasswd -e root"

This is from upgrading Samba, but should be the same for the e-smith install.

Andrew.

[karl]

I've tried what you suggested and still end up with the same response.
" The credentials you supplied conflict witha existing set of credentials"
I may have confused Samba with added "machine" users throught the "trust account" rpm, and via what you suggested. I am running out of ideas, but do you know of a way of checking for machine accounts, so as I can clean any out ?
I don't know where to go from here, do you suggest upgrading to Samba 2.2.x ?
If so did you fall into any problems. Thanks Andrew again for your assistance.

Karl

[Des Dougan]

I wasn't sure, from watching this thread, whether everyone was on the same page, and now I am sure...

Karl, fundamentally, you can't get a Win2K box to logon to Samba _unless_ you are using Samba 2.2. Samba 2.0.x simply does not have that capability. There are a number of threads on General, Experienced and devinfo forums which, if you search for "domain logon" or "win2k", you will find additional information.

Note that e-smith have not (yet) announced whether 2.2 is supported, so if you do install it, you may break something else (although others seem to have done it successfully).


Des Dougan

[karl]

Hi Des,
Thanks for your info. It was what was needed, someone to actually tell me if it would be a success or not. I bit the bullett and "rpm -i --force samba2.2x".
I backed up the smbpasswd file and copied it back after the install.
I let it install, then did a "signal-event post-upgrade ", then a reboot. The templates overwrote the standard samba as well as my custom ones. I then went through the normal procedure of adding a machine accoutn etc, and it worked. I could become a member of the domain. It even populated the profiles except for some access rights to some "start menu" stuff. I'm going to keep plugging on with this and see where I end up.
Regards      Karl

[andrew]

Here is a copy of the thread on upgrading Samba. I've upgrading together with three other e-smiths server's, and so far no trouble at all. I would however backup the server prior to upgrading (just in case!!).

Godd luck.

Hi!

Here's a way to get Win2k clients to login to a E-smith PDC.

1.Download Samba2.20

http://se.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.0/samba-2.2.0-20010417.i386.rpm.

2.Install the new version by running"rpm -i --force samba-2.2.0-20010417.i386.rpm"
I'm sure theres alot of better ways to do this, all I know is when you do a regular "rpm -i filename" the e-smith complains about conflicting files.

3.Reboot the system

4.The first thing I noticed was that the users samba passwords settings were gone so I guess we have to update the samba passwd file. Enter the E-smith-Manager, enter "user accounts" and then do a reset password for all users.

5.As far as I noticed e-smiths templates solution didn't apply to our new samba version so, changes to the smb.conf file has to be made in /etc/smb.conf

6.Create a UNIX user account for the win2k machine account " useradd -c 'win2k workstation' -M -s /bin/false -n workstationname$"

7.When the win2k workstation asks for a user with permissions to join you to the domain the root account has to be created for samba.
Add root to the smbpasswd file:
"smbpasswd -add root"
Changing root password in smbpasswd:
"smbpasswd root"
Enable the user root account:
"smbpasswd -e root"

8. On the win2k client logon as the Administrator, right click the My Computer Icon and select properties from the popup menu, select the Network Identifications tab and click the properties button and change the settings to join your domain.
After a while you will be asked to enter a name and a password of a user with permissions to join the domain, use the root account we created earlier.

9.Thats It! The sweet "WELCOME TO THE YOURDOMAN DOMAIN" message should appear if everything wen't your way.

Note! This is not a professional way of doing things, but I had nothing to lose when I decided to brutally --force the new samba version into e-smith. I suggest that you do this in a test enviorment where you have absolutely nothing to lose.

Best of luck // Olle Maartensson // SWEDEN

[karl]

Andrew,
Just missed you. I basically have done what you posted and it went fine. The templates and web manager also work without problems at this stage. After a reboot the templates restored back to previous but with samba 2.2 running.
Thanks for your help, Karl

[karl]

Ok, last post.
1. Setup e-smith as domain controller and workgroup
2. Added all users and passwords
3. Backed up /etc/smbpassword
4. Installed Samba 2.2.x
5. Mucked around with smb.conf
6. Got Win2K logging on
7. Got roaming profiles to work
8. Got Win9x working
9. Printing Ok
10. Did not try e-smith-manager
11. All config done through smb.conf

[WXP]

Hey !

I'd like to make a PDC.
I tried what is explained here but It didnt work for me.
Could someone please take the time to answer ?

I did exactly that :

1. Install E-Smith 4.1.2

2.Download Samba 2.2.0 : http://se.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.0/samba-2.2.0-20010417.i386.rpm.

3.Install the new version by running"rpm -i --force samba-2.2.0-20010417.i386.rpm"

4.Reboot the system

5.Enter the E-smith-Manager, enter "user accounts" and then I added a user called "pbrossin" and i reset his password.
(I assume this is the login i'm gonna use on my windows 2k computer...?)

6.Create a UNIX user account for the win2k machine account:
"useradd -c 'PC1' -M -s /bin/false -n PC1$"

"PC1" is the "Full Computer Name" of my w2k station

7.I did that :

"smbpasswd -add root"
"smbpasswd root"
"smbpasswd -e root"

8.Then I tried to put E-Smith as Domain and Then enter root & password
but I get :

The following error occured attempting to join the domain "E-Smith":
The credentials supplied conflict with an existing set of credentials.

Please help !

-------

[root@Server /]# rpm -q samba
samba-2.2.0-20010417

[Charles Harmon]

I recently had this problem.  Does your current workgroup setting have the same name as the domain you are trying to join?  I had the same problem, this is what you need to do for sucess:

1. Change your current workgroup to something new such as "TEMP"
2. Reboot your win2k machine
3. Add your win2k machine to your e-smith domain

If all goes well you should see "Welcome to DOMAIN" and it will prompt you for another reboot.

Good Luck.....

Charles

[Dan Brown]

Very very bad, for a number of reasons (not the least of which is that you're not using the current version of Samba).  I'd delete the unix user account, and then check out my howto at http://www.familybrown.org/howtos/samba-upgrade-howto.html.

[WXP]

no my current workgroup is "Workgroup" and my domain is "E-Smith"

Thanx for trying to help man !

[WXP]

thanx Dan
I already tried your howto and it didnt work.
I'm missing something...
everytime I try a new howto I reinstall E-Smith..

Ok I'll detail every step and I'll tell you..

thanx for help dudes !

[WXP]

My Computer Name is: PC1
Running Windows 2000 Pro English
And I want to login as "pbrossin" on a PDC.

OK So Here is what I just did :

1. I Installed E-Smith. So no user, no password are set ! nothing.. it's a clean system

2. [root@e-smith /]# mkdir temp

3. [root@e-smith /]# cd temp

4. [root@e-smith /temp]# rpm -q samba
    samba-2.0.7-21ssl

(For information...)

5. wget ftp://us6.samba.org/pub/samba/Binary_Packages/redhat/RPMS/7.1/samba-2.2.1a-20010713.i386.rpm

6. [root@e-smith /temp]# cp /etc/smbpasswd /etc/smbpasswd.old

7. [root@e-smith /temp]# rpm -e --nodeps samba samba-client samba-common
   cannot remove /var/lock/samba - directory not empty
   removal of /etc/samba/smbusers failed: No such file or directory

8. [root@e-smith /temp]# rpm -q samba
    package samba is not installed

9. [root@e-smith /temp]# rpm -Uvh samba-2.2.1a-20010713.i386.rpm
    (a lot of) group abartlet does not exist - using root
                 user abartlet does not exist - using root
    samba #############################################
    Looking for old /etc/smb.conf...
    Bla bla bla
    Bla bla bla
    inetd: no process killed
    Installing stack version of /etc/pam.d/samba...

10. [root@e-smith /temp]# rpm -q samba
      samba-2.2.1a-20010713

11. [root@e-smith /temp]# cd /etc/samba
11. [root@e-smith samba]# mv * ..
11. [root@e-smith samba]# ln -s ../smbpasswd smbpasswd
11. [root@e-smith samba]# ln -s ../smb.conf smb.conf
11. [root@e-smith samba]# ln -s ../MACHINE.SID MACHINE.SID
11. [root@e-smith samba]# ln -s ../smbusers smbusers
11. [root@e-smith samba]# ln -s ../lmhosts lmhosts

12. [root@e-smith samba]# pico smbusers
     (The file is empty... should I do something ?)

13. [root@e-smith samba]# smbpasswd -add root
      Added user root.

14. [root@e-smith samba]# smbpasswd root
      New SMB password:test
      Retype new SMB password:test
      Password changed for user root. User has disabled flag set.

15. [root@e-smith samba]# smbpasswd -e root
      Enabled user root.

16. [root@e-smith samba]# mkdir -p /etc/e-smith/templates-custom/etc/smb.conf

17. [root@e-smith samba]# pico /etc/e-smith/templates-custom/etc/smb.conf/12adduserscript
      add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
(I just wrote that string in the file 12adduserscript and then exit & save)

18. [root@e-smith samba]# /sbin/e-smith/expand-template /etc/smb.conf

19. [root@e-smith samba]# /etc/rc.d/rc7.d/S91smb restart
      Restarting SMB services: Shutting down SMB services:   [FAILED]
      Starting SMB services:                                                  [   OK   ]
      done.

20. Ok FAILED... So Reboot the server...
     [root@e-smith /temp]# Reboot

21. Right-click on "My Computer", and select "Properties".  Click on the Network Identification tab, and click the Properties button.  Set the radio button at the bottom of the window to "Domain", and enter "E-Smith". Then it asks me for a username and password. I put : root & test (like I show you below)
And I get:

The following error occured attempting to join the domain "E-Smith":
The credentials supplied conflict with an existing set of credentials.

Thanx for helping !

[WXP]

anyone is working with an E-Smith PDC ?
I really need help men !

Would be kind to help me... i-m fed up to have this "credentials thing" message.

What do I do wrong ?

I can reinstall my e-smith if i have to...

thanx

[Dan Brown]

A google groups search leads to a couple of suggestions:

1.      Be sure you aren't using any shares on the computer you're trying to join to the domain.

2.      Be sure the computer name isn't the same as any user's name.

[WXP]

Thanx for answering man ! It's kind of you to try to help me !!

>1. Be sure you aren't using any shares on the computer you're trying to join to the domain.

In fact, I just installed my e-smith server to be sure it's clean and that I didnt do anything wrong... so there isnt any shares (any ibays) any users.. nothing...
it's clean.. I just set the ADSL Connection to be able to come here

>2. Be sure the computer name isn't the same as any user's name.

I have two pcs for this test. my e-smith server.
Domain = E-smith
And my computer. Computer name = PC1

Did you see my explaination on the other message ?
I wrote everything I did...

thanx for help !

[WXP]

I just installed a windows nt 4.0 pc and I tried to logon the domain.

So I just did what Dan Brown explain in his manual and then I did :

useradd -c 'windows nt 4.0 server' -M -s /bin/false -n NTSERVER$

NTSERVER is the name of my nt4 computer.

And I get : "The machine account for this computer either does not exist or is inaccessible".

i tried :

useradd -c 'windows nt 4.0 server' -M -s /bin/false -n NTSERVER

(without the $)

And still have the same error....

What am I doing wrong ?!

I'm think E-Smith is not supposed to be a PDC.. should I then use windows 2000 advanced server for my internet connection and share...

I'm disappointed...

Thanx for help

[WXP]

no one is motivated to make a module... a rpm .. something easy to install cause I cant make it work and i'm damn fed up with that @!#$ !

[Dan Brown]

Keep some perspective here.  You're trying to make e-smith do something that it wasn't designed to do, we're working with a very recently-released version of the relevant software, and it's been less than 24 hours since your first post on this issue.  Have some patience.  Or, better yet, if you really want to find out how to work around this issue, try researching the issue yourself and posting your findings.

I don't know what the problem is.  The directions I wrote work just fine on my system and my (small) LAN, but they apparently aren't working for everybody (which is part of the reason that I haven't made an RPM, the other major part being that I do have to work for a living, and there are only 24 hours in the day).

[WXP]

yeah you're right sorry ;-(

It's just that I really really need to make it work...

I'll try to make it work by myself and i'll tell you if i find something.

thanx for help

[bill roy]

I was having the exact same problems up until yesterday. I made one final effort. I made sure there were no mapped drives to the e-smtih server. Then went through joining the domain. And voila, Welcome to the Domain.  I don't know if it was necessarily the mapping or the 100 hail marys I said before trying one last time. But I finally got in. Hope this helps.

[WXP]

As I said in one of my few posts, It's a brand new system.. I just installed E-Smith on this comp and I tried what was explained.. I do not have any user, any share any groups.. nothing.. nothing.. it's clean..

Maybe that's the trouble )

[Steven_l]

I have almost the same problem, with the difference that when I try to join the domain, it gives me the message "The account used is a computer account.  Use your global account or local user account to access this server."

That is with user root and it's password.  Any other username fails also.  Anyone ?  Thx in advance.

[Hsing-Foo]

Just to let you know,

I had the same problems concerning 'credentials etc.' (using samba 2.2.1a)

At that moment I already had a mapped share drive to the server, so I disconnected this one.
Tryed to join again but no luck, same message.
I rebooted my w2k machine (you now windoze, telling you one thing and doing another... and tryed to join again, with success! Welcome to....

I think there is still a relation between the server and client after disconnecting a share, so reboot and you're clean of any links.
Short: disconnect all mappings and reboor your w2k machine before joining your domain.

Good luck,

RequestedDeletion