From 915b20eda06df3c3f61a4db7c1e3b5fd3e826c99 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Fri, 15 Apr 2005 23:53:30 +0000 Subject: More fixups and feedback item integration stuff. (This used to be commit cbd7c8f7793d4f009dcf6dcf9d015ee72ab5b99d) --- docs/Samba-Guide/SBE-AddingUNIXClients.xml | 152 ++++++++++++++++++++++++++++- 1 file changed, 148 insertions(+), 4 deletions(-) (limited to 'docs/Samba-Guide/SBE-AddingUNIXClients.xml') diff --git a/docs/Samba-Guide/SBE-AddingUNIXClients.xml b/docs/Samba-Guide/SBE-AddingUNIXClients.xml index c7656f8b58..f0f476585a 100644 --- a/docs/Samba-Guide/SBE-AddingUNIXClients.xml +++ b/docs/Samba-Guide/SBE-AddingUNIXClients.xml @@ -644,10 +644,63 @@ ou: idmap The system is ready to join the Domain. Execute the following: -&rootprompt; net rpc join -U root%not24et +&rootprompt; net rpc join -U root%not24get Joined domain MEGANET2. This indicates that the Domain join succeeded. + + + + Failure to join the domain could be caused by any number of vaiables. The most common + causes of failure to join are: + + + + + Broken resolution of netbios names to the respective IP address. + Incorrect username and password credentials. + The NT4 restrict anonymous is set to exclude anonymous + connections. + + + + + The connection setup can be diagnosed by executing: + +&rootprompt; net rpc join -S 'pdc-name' -U administrator%password -d 5 + + failed + failed join + rejected + restrict anonymous + Note: Use 'root' for UNIX/Linux and Samba, use 'Administrator' for Windows NT4/200X. If the cause of + the failure appears to be related to a rejected or failed 'NT_SESSION_SETUP*' or an error message that + says 'NT_STATUS_ACCESS_DENIED' immediately check the Windows registry setting that controls the + restrict anonymous setting. Set this to the value 0 so that an anonymous connection + can be sustained, then try again. + + + + It is possible (perhaps even recommended) to use the following to validate the ability to connect + to an NT4 PDC/BDC: + +&rootprompt; net rpc info -S 'pdc-name' -U Administrator%not24get +Domain Name: MEGANET2 +Domain SID: S-1-5-21-422319763-4138913805-7168186429 +Sequence number: 1519909596 +Num users: 7003 +Num domain groups: 821 +Num local groups: 8 + +&rootprompt; net rpc testjoin -S 'pdc-name' -U Administrator%not24get +Join to 'MEGANET2' is OK + + If for any reason the following response is obtained to the last command above it is time to + call in the Networking Super-Snooper task force (i.e.: Start debugging): + +NT_STATUS_ACCESS_DENIED +Join to 'MEGANET2' failed. + @@ -658,7 +711,7 @@ Joined domain MEGANET2. &rootprompt; wbinfo --set-auth-user=Administrator%not24get -- The configuration is now ready to obtain ADS Domain user and group information. + The configuration is now ready to obtain ADS Domain user and group information. @@ -1038,6 +1091,97 @@ aliases: files + + NT4/Samba Domain with Samba Domain Member Server - Without NSS Support + + + No matter how many UNIX/Linux administrators there may be who believe that a UNIX operating + system that does not have NSS and PAM support to be outdated and antique, the fact is there + are still many such systems in use today. Samba can be used without NSS support, but this + does limit it to the use of local user and group accounts only. + + + + The following steps may be followed to implement Samba with support for local accounts. + In this configuration Samba is made a domain member server. All incoming connections + to the Samba server will cause the look-up of the incoming user name. If the account + is found, it is used. If the account is not found, one will be automatically created + on the local machine so that it can then be used for all access controls. + + + + Configuration Using Local Accounts Only + + + Using your favorite text editor, create the &smb.conf; file so it has the contents + shown in . + + + + netrpcjoin + The system is ready to join the Domain. Execute the following: + +net rpc join -U root%not24et +Joined domain MEGANET2. + + This indicates that the Domain join succeed. + + + + Be sure to run all three Samba daemons: smbd, nmbd, winbindd. + + + + The Samba member server of a Windows NT4 Domain is ready for use. + + + + +Samba Domain Member Server &smb.conf; File for NT4 Domain +Global parameters + +LOCALE +MEGANET3 +BSDBOX +DOMAIN +/etc/samba/smbusers +1 +0 +/usr/sbin/useradd -m '%u' +/usr/sbin/useradd -M '%u' +/usr/sbin/groupadd '%g' +Yes +/var/log/samba/%m +0 +139 445 +wins bcast hosts +CUPS +192.168.2.1 +root +192.168.2., 192.168.3., 127. +cups + + +Home Directories +%S +No +No + + +SMB Print Spool +/var/spool/samba +Yes +Yes +No + + +Printer Drivers +/var/lib/samba/drivers +root, Administrator +root + + + Active Directory Domain with Samba Domain Member Server @@ -1864,8 +2008,8 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash realm In the case of an NT4 or Samba-3 style Domain the realm is not used and the command used to join the domain is: net rpc join. The above example also demonstrates - advanced error reporting techniques that are documented in the chapter called - Reporting Bugs. + advanced error reporting techniques that are documented in the chapter called Reporting Bugs in the + book The Official Samba-3 HOWTO and Reference Guide (TOSHARG). -- cgit