Samba as PDC with Debian : domain network path not found

[DigitAlex]

Hello

I have installed Samba 3 on Debian Woody, configured all the needed accounts and all to use it as a PDC, but I cannot join the domain with my Windows 2000 workstations.

I can ping the samba machine (by IP or NetBIOS name). I also can access it in windows explorer by typing "\\ip address" or "\\netbiosname", and i have read/write access to the shares. windows explorer adds a new domain in the tree view (network neighbourhood) and displays the server as being par of that domain. but if i click the domain icon, i get the "network path not found" message, the same I get when I try to make my windows 2000 join the domain.

I already tried lots of different suggestions i've found online, but none of them seems to solve that issue.

Do you have some ideas ?

Thanks a lot

 

[Nodsu]

Do you have absolutely the latest Samba? They fixed some w2k issues in 3.0.2 i think.

How have you configured the name resolving? Disable all WINS stuff in Samba.

I can also hook you up with a working Samba PDC configuration file if you want.

 

[DigitAlex]

I upgraded to samba 3 but didn't reconfigure it yet (im at testing stage, so i used a clean install image again). i'm gonna try with samba 3.

didn't know i have to disable WINS .... why so ?

You can give me that smb.conf file if you have one !

thanks a lot, cya around on irc

 

[Nodsu]

WINS is bad.

Download the latest samba from www.samba.org.

I'm sending you the smb.conf

 

[DigitAlex]

already installed it, im gonna ticker with it a little bit later today.
didn't receive your conf file, maybe attach it to a post ?
thanks

 

[Nodsu]

You probably replied before I had the chance to send you the mail.. Anyways: configuration file of a working Samba PDC. WINS is bad unless you have to support some NT or 9x machines. The file was originally generated by SWAT and then modified, so it isn't optimal and contains unnecessary/redundant entries. But it works.

Maybe you have to enable plaintext passwords in 2K and XP to get them to work..

# Global parameters
[global]
log file = /var/log/samba/%m.log
ldap ssl = no
obey pam restrictions = Yes
wins server = ***.***.***.***
logon drive = H:
domain master = Yes
use spnego = no
dns proxy = No
printing = lprng
server string = *******
lock spin count = 10
logon script = *******
workgroup = *****
logon path =
os level = 66
update encrypted = Yes
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
lock spin time = 100
max log size = 250
pam password change = Yes
domain logons = Yes

[homes]
comment = Home Directories
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[everyone]
writeable = yes
delete readonly = Yes
write list = @users,@admin
path = /home/everyone
create mask = 0777
hide dot files = No
directory mask = 0777
comment = everyone
valid users = @users,@admin
user = @users,@admin

 

[DigitAlex]

sorry hehe, and thank you a lot
i'm gonna try that right now

 

[DigitAlex]

I moved to samba 3, and that error is gone

The Win2000 client can see the domain now, but the password never matches (for root).

I tried to set "password backend" to smbpassdb and tdb and it still does not work

The machine account and all that stuff is added properly though...

Any suggestions please ?

 

[Nodsu]

You have to create users for samba separately using smbpasswd. No Linux users are originally in the Samba users database. Also, you have to define domain builtin groups like "Domain Admins" and "Domain Users". Look at the "net groupmap" command.

 

[DigitAlex]

i defined samba users and it didnt work you know, but i didnt know about the groups, i'm looking ...

 

[Nodsu]

The passdb backend is not important. But i think if you change the backend, you lose all the Samba users you had in the old one.

You are trying to add the w2k machine to the domain and the password isn't accepted?

You should try allowing plaintext passwords on the Windows machine. Set HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters\EnablePlainTextPassword to 1

 

[DigitAlex]

hmm now it works without plain text passwords, i apparently did something wrong ... thank you for all this help nods

 

[Nodsu]

Whatever part of my random shreds of information was useful, I'm glad I could give it to you

 

[accidentalguru]

Nodsu is good.
WINS is bad.
Thanks Nodsu, you just saved me a night's sleep.