Topic: Adding a linux workstation to the sme samba domain (winbind)

[HebsgaardS]

Hi,

I am trying to add a linux workstation to the SME server 7.0 windows domain using winbind on the client.
In the ”Change workgroup settings” I have the following:
windows workgroup: local
Server Name:myserver
Workgroup and Domain Controller:Yes
Roaming profiles:No

In the hostnames and addresses, the client machine name has been added.

The relevant(?) bits of smb.conf on the client are:
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        security = domain
        usershare max shares = 100
        workgroup = local
        domain master = No
        netbios name = ferrari
        passdb backend = smbpasswd
        password server = *
        name resolve order = hosts lmhosts wins bcast
        winbind cache time = 15
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind use default domain = Yes

From the client side I try to join the domain by issuing:
net rpc join -U admin%password.

This produces the following error in the samba log:
2006/08/14 22:56:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261)
  get_md4pw: Workstation FERRARI$: no account in domain

And this error on the client:
[2006/08/15 09:49:39, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(341)
  Error in domain join verification (credential setup failed): NT_STATUS_ACCESS_DENIED

Unable to join domain LOCAL.

I have checked the /etc/passwd file on the SME server machine and it does contain a ferrari$ line.

Does anyone have any ideas on how to fix this? Any help would be apreciated!

Thanks,
Stefan

[brick]

Did you resolved this?
I'm having the same problems with the exact same messages returning!
 

[HebsgaardS]

Did you resolved this?
I'm having the same problems with the exact same messages returning!

Unfortunately I have had no reaction to this post, and I have made no further progress myself.

[steever]

Hi guys.  It CAN be done with Ubuntu and here's how:

http://forums.contribs.org/index.php?topic=33383.0

It works and it's great.

Steve

[HebsgaardS]

Hi guys.  It CAN be done with Ubuntu and here's how:

http://forums.contribs.org/index.php?topic=33383.0

It works and it's great.

Steve

Thanks! I've tried it and unfortunately I get the same error as before when I try to join the domain. I can't say that I have any idea why it works on Ubuntu and not my distro (Open Suse 10.1).
Also I really don't want to mount the users home directory on the server, I just want user authentication against the server and automounting of server file shares when the user logs in (including single sign on so that an already authenticated user doesn't have to provide a password for a share when the user is already authenticated).

Stefan

[NZLamb]

I haven't been able to get this to work with either Ubuntu 6.06 or FC5 (returns the same error as above). I've spent endless hours mucking about with no luck so far. Windows 2000/XP clients work no worries.

If I make a break through I'll let you all know. Steever, have you tried this on the latest version of Ubuntu?

Oh for the day when SME supports LDAP authentication...

[gkocov]

The problem is that the Samba machine accounts are created as disabled. It seems the reason for this is a bug in the CentOS 4.3 Samba packages, because there were no problems with SME 7 Beta/Pre editions which were CentOS 4.2 based - also look at http://www.gatago.com/linux/samba/19616486.html.

Fortunately the solution is simple. After the machine account is automaticly generated as disabled, log to the SME machine as root and type 'smbpasswd -a -m client_machine_name$' (you can see the correct machine name by doing 'cat /etc/samba/smbpasswd'). This should convert the disabled account to enabled. Then on the client machine, also as root, type 'net rpc join -U admin' and type the SME admin password. The client machine should now be joined to the windows domain.

I've tested this both with Openfiler 2.1 Beta1 NAS (where I had to try joining the SME windows domain twice in order to see the domain users and groups, I don't know why) and with a CentOS 4.3 workstation. There were no problems accessing the Openfiler Samba shares or loging on the CentOS workstation with the domain users (configuring CentOS 4.3 for this was more longwinded then I expected, but it was not a big problem).

Hopefully this will help everybody that was trying to authenticate Linux machines against a SME box.

Regards,
Goran

[HebsgaardS]

...
Fortunately the solution is simple. After the machine account is automaticly generated as disabled, log to the SME machine as root and type 'smbpasswd -a -m client_machine_name$' (you can see the correct machine name by doing 'cat /etc/samba/smbpasswd'). This should convert the disabled account to enabled. Then on the client machine, also as root, type 'net rpc join -U admin' and type the SME admin password. The client machine should now be joined to the windows domain.
...
Regards,
Goran

This solution works perfectly for me on Open Suse 10.1. Many thanks.

Stefan

[steever]

I have added this to bugzilla.  The account should not be created in a disabled state.  We should only have to join the domain once, not twice, like we did in the rc stage.

[NZLamb]

It sure solved the problem for me! I had actually tried the smbpasswd command but must have missed a switch somewhere.

Thanks for the post!

[bcliburn]

It would be great to have a reliable way to add, say a Cent OS client to a SME Domain.  I would love to start phasing out the Windows clients on my network