Topic: PDC

[glc]

I followed the guide at http://www.familybrown.org/howtos/samba-upgrade-howto-2.html, but I get the following error when attempting to switch my Win2k PC from workgroup to domain:

Your computer could not be joined to the domain because the following error has occured:

The account used is a computer account.  Use your global user account or local user account to access this server.

I've tried renaming the workgroup on the Win2k machine and restarting.  I've tried w/ and w/o the user already created on SME.  I've tried logging into Win2k w/ a different user.  All return this same error.

TIA>

[guestFF]

Try do a search in these forums, and you will find:

http://myezserver.com/docs/mitel/samba-upgrade-howto.html


HFW

[Greg Zartman]

When asked to authenticate the join, did you use the username root and the root password?  You should also be logged in on the client machine as the administrator.  

This can be very confusing.  I'll summarize:

1.  Log onto your Windows machine as the administrator.
2.  When asked to authenticate joining the machine to your domain, input the username root and the root password.

Regards,

Greg Zartman

[Greg Zartman]

One thing I left out....

In order for all of the previous to work, you need to have the Unix root username in your smbpasswd database.  Did you follow these steps in the Samba Howto?

[root@e-smith /root]# smbpasswd -add root
Added user root.

[root@e-smith /root]# smbpasswd root
New SMB password:
Retype new SMB password:
Password changed for user root. User has disabled flag set.

[root@e-smith /root]# smbpasswd -e root
Enabled user root.


Greg Zartman

[glc]

> When asked to authenticate the join, did you use the username
> root and the root password?  
Yes, I logged in as root and used the root password.


>You should also be logged in on
> the client machine as the administrator.
The username I'm using under Windows is the built-in administrator account renamed,  so yes, the user has admin rights.


> 1.  Log onto your Windows machine as the administrator.
> 2.  When asked to authenticate joining the machine to your
> domain, input the username root and the root password.
That's exactly what I did.


> In order for all of the previous to work, you need to have
> the Unix root username in your smbpasswd database.  Did you
> follow these steps in the Samba Howto?
>
> [root@e-smith /root]# smbpasswd -add root
> Added user root.
>
> [root@e-smith /root]# smbpasswd root
> New SMB password:
> Retype new SMB password:
> Password changed for user root. User has disabled flag set.
>
> [root@e-smith /root]# smbpasswd -e root
> Enabled user root.
Yes, I executed all of those steps.

[Greg Zartman]

OK, time to do a little troubleshooting then.

1.Terminal into your server and issue the command smbstatus.  Samba will reprocess your smb.conf file and report any issues.  Browser through the output and verify that you don't have any errors in your smb.conf file.

2.  From the terminal session, issue the command smbclient -U% -L localhost.  Samba will attempt to query itself for information.  You should see a list of your current samba shares, the netbios name of the server, the workgroup name, and your current Master browser (this should be your samba server).  If you don't get a response from samba or you get an error, then try step 3.  Skip #3 if Samba reports good information.

3.  Make note of your current server time then issue the following command in a terminal sesstion /etc/rc.d/init.d/smb restart.   Now, have a look at the samba log files for the time that you noted: /var/log/samba/log.smbd  and /var/log/samba/log.nmbd.  If you see any errors with samba then I'd recommend that you go back to the Samba HOWTO and start over.  This howto is pretty solid.

If everything appears to be OK with Samba, then you'll need to play around with the client machine a bit.    Here are a few suggestions.
1.  Make sure you are only using the TCP/IP protocol and that you have the Enable TCP/IP over NETBIOS option selected in the WINS section.  
2.  Issue the IPCONFIG command on your client machine and verify that you have a valid ip address, DNS IP, and WINS IP.  If any of these are missing, then you'll need to fix your client network settings.
3.  Try pinging the server from your client machine.  If you don't get a response form the server, then you have a basic network problem.
4.  When joining the domain, try changing the host name on the client machine.  It's possible the Samba "glitched" while trying to add the machine and you have a partial machine account on the server.


This is about all I can think of without sitting in front of your machine or looking at Samba log entries.  If you are still having problems and your client machine doesn't have any network issue, set your samba log level to 5 and send me the samba log files for the time period that you attempted to add the machine (greg@kwikfind.com)

Good luck.

Greg

[glc]

> 1.Terminal into your server and issue the command smbstatus.
> Samba will reprocess your smb.conf file and report any
> issues.  Browser through the output and verify that you don't
> have any errors in your smb.conf file.
The output returned from that command is as follows:

Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"

Samba version 2.2.2
Service          uid          gid          pid          machine
---------------------------------------------------------------------------

No locked files


> 2.  From the terminal session, issue the command smbclient
> -U% -L localhost.  Samba will attempt to query itself for
> information.  You should see a list of your current samba
> shares, the netbios name of the server, the workgroup name,
> and your current Master browser (this should be your samba
> server).  If you don't get a response from samba or you get
> an error, then try step 3.  Skip #3 if Samba reports good
> information.
All looks good.  My ibays appear, as well as my SME server, clients and the current workgroup.  Master = my SME server.


> 1.  Make sure you are only using the TCP/IP protocol and that
> you have the Enable TCP/IP over NETBIOS option selected in
> the WINS section.
Yes and yes.


> 2.  Issue the IPCONFIG command on your client machine and
> verify that you have a valid ip address, DNS IP, and WINS IP
IP address:
    client 2:      192.168.1.4
    client 1:      192.168.1.3 (the system I'm currently attemtping to domain)
    SME:         192.168.1.2
    DSL router: 192.168.1.1

DNS:
    client 1&2: my ISP's DNS
    SME: Not sure.  From http://host_name/server-manager under "Review configuration"/"Server names", 192.168.1.2 is listed as the DNS server
    router: correct

WINS tab under both clients:
    WINS address, in order of use: empty
    Enable LMHOSTS lookup is CHECKED
    Enable NetBIOS over TCP/IP is SELECTED


> 3.  Try pinging the server from your client machine.  If you
> don't get a response form the server, then you have a basic
> network problem.
Server is pingable from both clients.


> 4.  When joining the domain, try changing the host name on
> the client machine.  It's possible the Samba "glitched" while
> trying to add the machine and you have a partial machine
> account on the server.
Tried that.

[sage]

are you in the same workgroup as the domain you are trying to join? if so on your windows box change the workgroup to somthing else. reboot then try to join the domin.

sage

[glc]

Windows 2000 IP Configuration



   Host Name . . . . . . . . . . . . : glc
   Primary DNS Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.3

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.1.1

   DNS Servers . . . . . . . . . . . : 216.x.x.x
                                       216.x.x.x

[glc]

sage wrote:
>
> are you in the same workgroup as the domain you are trying to
> join? if so on your windows box change the workgroup to
> somthing else. reboot then try to join the domin.
>
> sage

tried that

[Greg Zartman]

OK, I'm 95% sure then that this is an authentication issue.  You either aren't truely the administrator on your client machine and/or you don't have root setup as a samba username.  

Triple check this on your SME server..  Initiate the command smbpasswd root and when prompted, input your password.

After you've done this, attempt to connect to a share from the SME server.  Terminal into your SME server in input the command:

smbclient //servername/Primary -U root%rootpassword

Note: you will need to subsititue for servername and rootpassword.

After you hit return, you sould see something like this:

INFO: Debug class all level = 2   (pid 14353 from pid 14353)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
Got a positive name query response from 127.0.0.1 ( 192.168.0.1 )
Domain=[LEIINC.COM] OS=[Unix] Server=[Samba 2.2.2]
smb: \>

If you don't then your root username is messed up in the smbpasswd file.  You may have to delete it manually by bringing the smbpasswd file up in a text editor (BE VERY CAREFUL when messing with this file).

Greg

[glc]

Greg Zartman wrote:
>
> OK, I'm 95% sure then that this is an authentication issue.
> You either aren't truely the administrator on your client
> machine and/or you don't have root setup as a samba username.
>
> Triple check this on your SME server..  Initiate the command
> smbpasswd root and when prompted, input your password.
OK...done


> After you've done this, attempt to connect to a share from
> the SME server.  Terminal into your SME server in input the
> command:
>
> smbclient //servername/Primary -U root%rootpassword
>
> Note: you will need to subsititue for servername and
> rootpassword.
>
> After you hit return, you sould see something like this:
>
> INFO: Debug class all level = 2   (pid 14353 from pid 14353)
> added interface ip=127.0.0.1 bcast=127.255.255.255
> nmask=255.0.0.0
> added interface ip=192.168.0.1 bcast=192.168.0.255
> nmask=255.255.255.0
> Got a positive name query response from 127.0.0.1 (
> 192.168.0.1 )
> Domain=[LEIINC.COM] OS=[Unix] Server=[Samba 2.2.2]
> smb: \>
I got the exact same minus the INFO: Debug class all level = 2   (pid 14353 from pid 14353) line.  And of course, my IPs are x.x.1.x not x.x.0.x. (i.e., 192.168.1.x)

This means everything should work, correct?

[Greg Zartman]

Yes, this means your root account works as far as Samba is concerned.  Are you using the same samba root password as the root password you use to log into Linux?

The error message:
{The account used is a computer account. Use your global user account or local user account to access this server.}
almost always means that you are trying to join a machine to the domain with a valid samba account that isn't root.  

Have you ever gotten this to work?

Greg

[glc]

> Are you using the same samba root password as the
> root password you use to log into Linux?
As a matter of fact, I am.  Could this be the problem?


> Have you ever gotten this to work?
This is my first attempt at setting up a PDC of any kind.

[Greg Zartman]

OK, I think I may have found your problem.   I think your add user script is messed up.

You'll need to modify one of the template fragments.  Do the following:

1. pico /etc/e-smith/templates-custom/etc/smb.conf/12adduser . Will look start with:
#[12 addusers]

2. Delete all lines in this file using CTRL-K.  

3. Input the following:
#Create Machine Account Script
   add user script = /usr/sbin/adduser -d /dev/null -g 100 -s/bin/false -M %u

4. Save the file.

5. Expand the template fragements:  /sbin/e-smith/expand-templates smb.conf

6  Restart Samba: /etc/rc.d/init.d/smb restart

7. Try adding the machine again.