Joining the domain

[corbo]

Hi all, first poster here...

I have been evaluating Ebox with an interest in replacing SBS2003 in the future, but I'm having some trouble.

Am I correct in assuming that Ebox can act as a domain controller which can be logged into by XP clients?

I have managed to set it up with file sharing, but when I try to join the domain (Computer Name/Change/Domain) it prompts me for a user/pass with permission to join the domain, as I would expect, but it will not accept ANY user/pass combination to join me to the domain.

Any ideas?

Many thanks
Corbo

[sixstone]

You must use a user with administration rights to add machines to the domain. To do so, create a user and edit his PDC settings by clicking the administration privileges.

I hope this helps. Only Windows XP professional works nicely .

[corbo]

Thanks for the reply.  Yes the user has the administrator option ticked in ebox, I came across that reply in another thread on this forum.  Yes it is Windows XP Pro.  XP can ping th eebox server and access the configuration page.

When I try to join the domain it asks for a user password immediately, so it knows a domain is there but it always fails on authentication.  NO I don't have my caps-lock on :p

could it be a DNS issue?

[javi]

We don't do anything special with the DNS to join windows machines to the domain.

Take a look at the log files located in /var/log/samba while you are trying to join the machine, that should give us some hints.

[corbo]

OK, I noticed it was appending a very long error log based on the client machine name, so I renamed it to get a fresh log.

Attempted to join the domain, XP error is: "The following error occurred attempting to join the domain "test.local": Logon Failure: unknown user name or bad password"

The client is called "testxp" and the testxp log in samba shows:

[Date/time] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[date/time] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create users

Hopefully this will shed some light on it.  Appreciate the support.

[corbo]

I guess that's a no then.

Think I'll stick with SBS then.  Despite its cost I don't think anything on Linux touches the flexibility of AD and group policy.  Even in a small business these are useful, and samba seems to be stuck in the dark ages of NT PDC's.  I'll give it a couple more years.

[javi]

I'm sorry I didn't reply before but I couldn't reproduce your error.

Even though you have decided not to switch, could you please tell me which eBox version and distro you were using?

[whtghst1]

Javi...I am using Ubuntu 8.04LTS with ebox 0.11.99. I have the same problem. If I do a manual machine add at the command line I can then join the domain, but not until then.

Client is running Windows XP SP2.

If you want I am quite comfortable doing any checks that you would like.

[javi]

So if you add the machine manually, you can join the domain and use any user you have created in eBox to log into the domain on the windows machine,  right?

Had you configured samba before installing eBox in that machine?

[whtghst1]

I had installed Samba as part of the Unbuntu Server installation, but had not done any configuration on it, until I installed ebox.

[javi]

Ok, thank you. I'll reinstall eBox in a virtual machine today, to see if i can reproduce the bug.

Did you change the netbios and workgroup configuration in eBox?

[whtghst1]

I have it running in VMWare server and yes I changed the NetBios Name and Domain Name.
My NetBIOS name is PARKERPDC my domain name is PARKERHOME. BTW I have updated to 0.11.100 and I still have the same problem.

EDIT: Added what my changes where and info on newer version.

[c4rdinal]

I get the same error.

Here's what I get in

#tail -f /var/log/samba/akinto

[2008/05/30 18:46:48, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2008/05/30 18:51:19, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2008/05/30 18:51:19, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2008/05/30 19:04:54, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 10.10.10.222. Error Connection reset by peer
[2008/05/30 19:04:54, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
^[[A

~# tail -f /var/log/syslog
May 30 19:04:54 filesrv slapd[15773]: <= bdb_equality_candidates: (sambaGroupTyp                       e) not indexed
May 30 19:04:54 filesrv slapd[15773]: <= bdb_equality_candidates: (sambaSIDList)                        not indexed
May 30 19:04:54 filesrv last message repeated 3 times
May 30 19:04:54 filesrv slapd[15773]: <= bdb_equality_candidates: (sambaGroupTyp                       e) not indexed
May 30 19:04:54 filesrv slapd[15773]: <= bdb_equality_candidates: (sambaSIDList)                        not indexed
May 30 19:04:54 filesrv last message repeated 3 times
May 30 19:04:54 filesrv slapd[15773]: <= bdb_equality_candidates: (sambaSID) not                        indexed
May 30 19:04:54 filesrv last message repeated 2 times
May 30 19:04:57 filesrv slapd[15773]: <= bdb_equality_candidates: (uid) not inde                       xed
May 30 19:04:57 filesrv slapd[15773]: <= bdb_equality_candidates: (gidNumber) no                       t indexed

After being asked for an Admin account and password before joining the domain this came up.

Also, mapping the IP in the run commnand in XP give me all the shared directories.
RUN: \\10.10.1.11

# tail -f /var/log/samba/akinto
[2008/05/30 19:53:44, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2008/05/30 19:53:44, 0] lib/util_sock.c:send_smb(769)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083.
[2008/05/30 19:53:45, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "akinto$"' gave 127
Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 1083.
[2008/05/30 19:55:06, 0] passdb/pdb_interface.c:pdb_default_create_user(329)
  _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "akinto$"' gave 127

Hope you can help us.

Thanks and more power.

[javi]

Hi,

Again can you tell me how did you proceed with the installation?

How did you install your ubuntu: fresh install, upgrade from other version...?
Did you configure samba before installing eBox?
Did you change the netbios and workgroup name?