FedoraForum.org - Fedora Support Forums and Community
Results 1 to 10 of 10
  1. #1
    Join Date
    Sep 2009
    Posts
    6

    Samba as BDC on Fedora 11 and WinXP SP3 not join in domain

    I heve instaled
    Fedora 11 and all updates
    Samba 3.4.1
    When join to domain from WinXP box with sp3 show error
    The specified network password is not correct.
    Any idea where is problem

    Thanks,
    Rosen

  2. #2
    Join Date
    Dec 2004
    Location
    UK
    Age
    63
    Posts
    276
    Its been a while since I used Samba but I remember you need to configure it before you can use it. SWAT (samba web administration tool) is a good tool use as it has plenty of inline docs that explain what of the various options do. You may have it already installed if not you can get it from the repositories (package manager). Google SWAT to find out how to use.
    Stop making excuses, start making progress.

  3. #3
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,120
    I have a common samba errors page at http://home.roadrunner.com/~computer...u/rhsamba.html

    A guess, and only a guess (two guesses, actually), is it possible that the Windows user needs to be added to smbpasswd, and second guess, is the WORKGROUP name correct. By default, Windows uses WORKGROUP and some versions of samba use MYGROUP.

    These are just guesses. I fear there's not quite enough information to make better ones.

    Perhaps posting the lines of smb.conf that are relevant to the BDC setup might help.
    --
    http://srobb.net

  4. #4
    scottro's Avatar
    scottro is offline Retired Community Manager -- Banned from Texas by popular demand.
    Join Date
    Sep 2007
    Location
    NYC
    Posts
    8,120
    I moved this to General Support. In, errm, general, the installation section is for problems installing (or booting immediately after installation). This could also have gone into networking or servers, I chose general to be safe. I think the majority of readers just go to the new posts link, so I don't know how important it is, but it's simply an effort to keep the forums a little more orderly.

    If you'd really prefer it in networking or servers, just post in this thread, and the next moderator who sees it will move it again for you.

    If it's not clear to you why I moved it out of installation, feel free to ask.
    --
    http://srobb.net

  5. #5
    Join Date
    Jul 2007
    Posts
    134
    If this server is the BDC, is there a PDC for the domain? Can you also post the smb.conf file so that we can get more information on your configuration (which will help us isolate the problem)?

  6. #6
    Join Date
    Sep 2009
    Posts
    6
    I add witn smbpasswd -w password for ldap binddn and wbinfo --set-auth-user=user%password for winbind admins but not work idmap system correct.
    I heve install Shorewall Firewall.

    This is smb.conf file
    # Samba config file created using SWAT
    # from UNKNOWN (�)
    # Date: 2009/09/28 19:51:46

    [global]
    dos charset = CP866
    workgroup = KONDOR-BG
    server string = Condor samba server
    interfaces = 192.168.0.4/24, 192.168.0.255/24, 127.0.0.1/24
    bind interfaces only = Yes
    security = DOMAIN
    password server = ldap.kondor-bg.com:389
    passdb backend = ldapsam:ldap://server.kondor-bg.com/
    passwd program = smbpasswd -U %u
    passwd chat = "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"
    username map = /etc/samba/smbusers
    lanman auth = Yes
    client lanman auth = Yes
    client plaintext auth = Yes
    log level = 10
    log file = /var/log/samba/%m
    name resolve order = lmhosts bcast host
    time server = Yes
    svcctl list = cups, postfix, httpd
    max open files = 10000
    socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    printcap name = /etc/printcap
    add user script = /usr/sbin/smbldap-useradd -a -m '%u'
    delete user script = /usr/sbin/smbldap-userdel '%u'
    add group script = /usr/sbin/smbldap-groupadd -a '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
    add machine script = /usr/sbin/smbldap-useradd -W -i '%m'
    logon script = %m.bat
    logon path = \\%L\%u\.%a
    logon drive = Z:
    logon home = \\%L\%u\.%a
    domain logons = Yes
    os level = 254
    lm announce = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=Manager,dc=kondor-bg,dc=com
    ldap delete dn = Yes
    ldap group suffix = ou=Group
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=Computers
    ldap passwd sync = yes
    ldap suffix = dc=kondor-bg,dc=com
    ldap ssl = no
    ldap user suffix = ou=People
    time offset = 180
    usershare allow guests = Yes
    idmap backend = ldap:ldap://ldap.kondor-bg.com/
    idmap uid = 10000-40000
    idmap gid = 10000-40000
    template shell = /bin/bash
    idmap alloc config:ldap_user_dn = cn=Manager,dc=kondor-bg,dc=com
    idmap alloc config:ldap_base_dn = ou=Idmap,dc=kondor-bg,dc=com
    idmap alloc config:ldap_url = ldap://ldap.kondor-bg.com/
    idmap alloc config:range = 10000-40000
    admin users = "@Domain Admins"
    read only = No
    profile acls = Yes

    [ftp]
    comment = Ftp server data
    path = /var/ftp/pub
    force user = ftp
    force group = ftp
    create mask = 0775
    directory mask = 0775

    [application]
    comment = Data disk
    path = /data/application/bin
    force group = Domain Users
    create mask = 0750
    directory mask = 0750

    [data]
    comment = Data disk
    path = /data/firms
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [konto_data]
    comment = Data disk of Konto ver 4.xx
    path = /data/application/konto-4.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [fakt_data]
    comment = Data disk of Fackt ver. 1.00
    path = /data/application/Fakt-1.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [dds_data]
    comment = Data disk of Dnevnici
    path = /data/application/dds-4.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [dds7_data]
    comment = Data disk of Dnevnici
    path = /data/application/dds-7.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [dma_data]
    comment = Data disk of DMA
    path = /data/application/dma-2.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [ro2007_data]
    comment = Data disk of ro2007
    path = /data/application/ro-20.xx/data
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [Documents]
    comment = Shared Documents
    path = /data/Documents
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [data_all]
    comment = Data all
    path = /data
    force user = root
    force group = Domain Users
    create mask = 0775
    directory mask = 0775

    [print$]
    comment = Prinder Drivers
    path = /var/lib/samba/drivers
    write list = Administrator

    [IPC$]
    path = /tmp
    force user = root
    force group = root
    administrative share = Yes

    [homes]
    comment = %u's Home Directories
    path = /home/%u
    browseable = No
    browsable = No

    [printers]
    comment = SMB Print Spool
    path = /var/spool/samba
    printable = Yes
    browseable = No
    browsable = No

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    administrative share = Yes

    [profiles]
    comment = Profile Share
    path = /home/.%a
    create mask = 0600
    directory mask = 0700
    administrative share = Yes
    hide files = /DESKTOP.INI/desktop.ini/Desktop.ini/
    [ftp]
    comment = Ftp server data
    path = /var/ftp/pub
    force user = ftp
    force group = ftp
    create mask = 0775
    directory mask = 0775

    This is Firewall Rules file /etc/shorewall/rules
    #
    # Shorewall version 4 - Rules File
    #
    # For information on the settings in this file, type "man shorewall-rules"
    #
    # The manpage is also online at
    # http://www.shorewall.net/manpages/shorewall-rules.html
    #
    ################################################## ################################################## ########################
    #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
    # PORT PORT(S) DEST LIMIT GROUP
    #SECTION ESTABLISHED
    #SECTION RELATED
    SECTION NEW
    COMMENT Samba server
    Ping/ACCEPT net $FW
    ACCEPT $FW net tcp 139,445
    ACCEPT net $FW tcp 139,445
    ACCEPT $FW net udp 137,138
    ACCEPT net $FW udp 137,138
    COMMENT VoIP protocol
    ACCEPT net $FW udp 4569,5036,5060:5082
    ACCEPT $FW net udp 4569,5036,5060:5082
    ACCEPT net $FW udp 10001:19999
    COMMENT Printer
    IPPserver/ACCEPT net $FW
    COMMENT Public
    ACCEPT net $FW tcp 4559,8080,8088,20001
    Web/ACCEPT net $FW
    SSH/ACCEPT net $FW
    DNS/ACCEPT net $FW
    DNS/ACCEPT $FW net
    FTP/ACCEPT net $FW
    VNC/ACCEPT net $FW
    VNCL/ACCEPT net $FW
    Webmin/ACCEPT net $FW
    COMMENT Mail server
    IMAP/ACCEPT net $FW
    IMAPS/ACCEPT net $FW
    POP3/ACCEPT net $FW
    POP3S/ACCEPT net $FW
    Mail/ACCEPT net $FW
    Mail/ACCEPT $FW net
    COMMENT Squid as transparent proxy
    REDIRECT net:!192.168.0.0/24 3128 tcp 80,443 - !83.228.48.32
    ACCEPT $FW net tcp 80,443
    COMMENT Sane ports
    SANE/ACCEPT net $FW
    COMMENT notify
    ACCEPT $FW net udp 40000
    COMMENT VPN all traffic
    IPsec/ACCEPT net $FW
    COMMENT Growl
    ACCEPT $FW net tcp - 23052:23053
    ACCEPT $FW net udp - 9887
    ACCEPT net $FW udp - 9887
    COMMENT Ldap server
    LDAP/ACCEPT net $FW
    LDAPS/ACCEPT net $FW
    #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
    Last edited by Luk_; 29th September 2009 at 09:16 AM.

  7. #7
    Join Date
    Sep 2009
    Posts
    6
    Also when run nslookup kondor6 on server return correct ip but when run on XP box net config workstation return workstation dns name (null) and ping server return correct ip

  8. #8
    Join Date
    Sep 2009
    Posts
    6
    Errors in log file
    winbindd[4675]: saf_store: refusing to store 0 length domain or servername!
    winbindd[4682]: [2009/09/29 12:30:26, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal)
    winbindd[4682]: tdb_chainlock_with_timeout_internal: alarm (40) timed out for key SERVER in tdb /var/lib/samba/mutex.tdb
    winbindd[4682]: [2009/09/29 12:30:26, 0] winbindd/winbindd_cm.c:782(cm_prepare_connection)
    winbindd[4682]: cm_prepare_connection: mutex grab failed for SERVER

  9. #9
    Join Date
    Sep 2009
    Posts
    6
    Last probleme i resolve with
    wbinfo --set-auth-user=
    after remove auth user the
    wbinfo --get-auth-user
    No authorised user configured
    nd now work but, idmap return message
    winbindd/idmap.c:201(smb_register_idmap_alloc)
    winbindd[4333]: idmap_alloc module ldap already registered!
    winbindd/idmap.c:201(smb_register_idmap_alloc)
    winbindd[4333]: idmap_alloc module tdb already registered!
    winbindd/idmap.c:149(smb_register_idmap)
    winbindd[4333]: Idmap module passdb already registered!
    winbindd[4333]: [2009/09/29 13:49:47, 0] winbindd/idmap.c:149(smb_register_idmap)
    winbindd[4333]: Idmap module nss already registered!
    winbindd[4333]: [2009/09/29 13:49:47, 0] winbindd/idmap_ldap.c:469(idmap_ldap_allocate_id)
    winbindd[4333]: Cannot allocate gid above 40000!

  10. #10
    Join Date
    Sep 2009
    Posts
    6
    Finally back to version 3.0.24-11.fc6 and everything works without a problem

Similar Threads

  1. Samba: Problems trying to join a CentOS to a fc3 Samba Domain
    By adrio in forum Servers & Networking
    Replies: 0
    Last Post: 28th November 2008, 12:32 PM
  2. Samba: can not join ADS domain
    By The_Source_HIM in forum Servers & Networking
    Replies: 1
    Last Post: 13th December 2007, 02:04 PM
  3. Join FC5 box to Win2k3 domain...
    By phearthepenguin in forum Servers & Networking
    Replies: 0
    Last Post: 15th December 2006, 06:46 PM
  4. Cannot join ADS Domain
    By jrmontg in forum Using Fedora
    Replies: 0
    Last Post: 12th May 2006, 02:39 PM
  5. can't join Samba Domain
    By budds in forum Servers & Networking
    Replies: 4
    Last Post: 14th July 2005, 08:42 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •