Domain Server

Questions about using Windows AD service.
Post Reply
Boris
Starting out
Posts: 16
Joined: Tue Dec 11, 2007 6:50 pm

Post by Boris »

Hi,

so the TS-201 update didn't changed anything on my custumized smb.conf.

But i am still missing the net binary. Anyone could upload this, please :)

Boris
AndersF
New here
Posts: 6
Joined: Wed Dec 12, 2007 3:35 pm
Location: Sweden

Post by AndersF »

Eraser-EMC2- wrote: 2. run this commands to add the builtin groups:

Code: Select all

/usr/local/samba/bin/net sam createbuiltingroup "Administrators"
/usr/local/samba/bin/net sam createbuiltingroup "Power Users"
/usr/local/samba/bin/net sam createbuiltingroup "Users"
/usr/local/samba/bin/net sam createbuiltingroup "Guests"
/usr/local/samba/bin/net sam createbuiltingroup "Account Operators"
/usr/local/samba/bin/net sam createbuiltingroup "System Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Print Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Backup Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Replicators"

I tried to follow this but gor these errors for "createbuiltingroup"
[/share/HDA_DATA/sambastuff] # $NET sam createbuiltingroup "Administrators"
[2007/12/27 17:39:51, 0] groupdb/mapping.c:pdb_create_builtin_alias(1380)
pdb_create_builtin_alias: Could not add group mapping entry for alias 544 (NT_STATUS_UNSUCCESSFUL)

Any ideas to what causes this?

Do you have any more information about what needs to be done on the windows side? (I have Vista)
Best regards,
Anders
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Post by Eraser-EMC2- »

It is possible, that there comes 2 errors for "Administrators" and "Users".
In this case are the groupmaming existing.

You can check it with "/usr/local/samba/bin/net groupmap list".

On the Windows side you need to change the PC from workgroup to domain with your domain name, after this it ask you for name and password of the domain admin.

I dont know where these settings on a Vista System, on a Win XP system you find it under the properties of the "My computer" -> "Computer name" -> "change".
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
AndersF
New here
Posts: 6
Joined: Wed Dec 12, 2007 3:35 pm
Location: Sweden

Post by AndersF »

Eraser-EMC2- wrote: I dont know where these settings on a Vista System, on a Win XP system you find it under the properties of the "My computer" -> "Computer name" -> "change".
It seems like, since I have Vista Home premium, I can't add it to be part of a domain.

What's the difference between workgroup and domain?
Best regards,
Anders
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Post by Eraser-EMC2- »

Vista Home dont support domain login, only with business version.
EDIT: i dont know, if vista business support NT4-Ddomains.

In a workgroup have all pcs his own user accounts and passwords.
If you want to change your password, you have to change on all connected pcs.

In a domain you have a server with these accounts and passwords and all pc use only these accounts.
If you want to change your password, you need it only once.
It is easy to manage the user passwords / properties and
designed for business, not really for home user.

But i dont know, if vista supports a nt4 domain or only a active directory domain
Last edited by Eraser-EMC2- on Sat Dec 20, 2008 6:03 pm, edited 1 time in total.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
mrmoosehead
Starting out
Posts: 25
Joined: Fri Nov 02, 2007 10:41 pm

Re: Domain Server

Post by mrmoosehead »

Guys, cracking job so far.
Run into one problem:

[/bin] # /etc/init.d/smb.sh restart
Restarting SMB services:
Shutting down SMB services: smbd nmbd.
Shutting down Winbind services: done.
Starting Winbind services:Starting SMB services: smbd nmbd.
done.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Administrators"
/usr/local/samba/bin/net sam createbuiltingroup "Guests"
/usr/local/samba/bin/net sam createbuiltingroup "Account Operators"
/usr/local/samba/bin/net sam createbuiltingroup "System Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Print Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Backup Operators"
/usr/local/samba/bin/net sam createbuiltingroup "Replicators"


winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Power Users"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Users"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Guests"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Account Operators"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "System Operators"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Print Operators"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Backup Operators"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] # /usr/local/samba/bin/net sam createbuiltingroup "Replicators"
winbind seems not to run. createlocalgroup only works when winbind runs.
[/bin] #


So looks like Winbind running, but the createbuiltingroup command doesn't seem to be happy.

Any thoughts anyone?
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

You have to add these lines to the smb.conf inside of the [global]:

Code: Select all

idmap uid = 10000-20000
idmap gid = 10000-20000
winbind needs these lines to starts and then you can use the missed net commands.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
mrmoosehead
Starting out
Posts: 25
Joined: Fri Nov 02, 2007 10:41 pm

Re: Domain Server

Post by mrmoosehead »

Doh! I'm an idiot.
I had created a copy conf file to put the changes in, then planned to rename and backup the old config .

Guess what. I forgot to swop them.... :roll:
wongdai
Starting out
Posts: 18
Joined: Sun Feb 03, 2008 12:39 pm

Re: Domain Server

Post by wongdai »

Hi there

Great thread guys.

This bit I don't understand:
For each pc on your domain is a user account required as mypc$,
pcname with a $ at the end.
Now you can add your pc with name "mypc" to your domain.
Where do I do this? Using the Qnap's Admin function in the web browser, or in the smb.conf file, or somewhere else?

Also, which is the correct smb.conf file to edit. Is it the /etc/smb.conf ?

Regards

Wongdai
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

You can add the name of the worksation in the user management of your nas
( pcname + $ )

or to add it with ssh or telnet to the /etc/passwd with the command :

Code: Select all

adduser -h /tmp mypc$
"mypc" is a example name for the windows workstation.

The you have to change on the windows workstation form workgroup to domain with your domain name.
It will ask you for the administrator name (admin) and password of the NAS.
When i is done without error, you have to reboot your windows workstation
and on the logon screen will appear a option with your pcname and domain name.
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
wongdai
Starting out
Posts: 18
Joined: Sun Feb 03, 2008 12:39 pm

Re: Domain Server

Post by wongdai »

Thanks man

It's not working for me atm. Coming up saying Cannot find a domain controller.

I will go through the all the instructions again tomorrow and see if I can locate where i went wrong.

Thanks again

Wongdai

edit: W00t! I had a brainwave just prior to going to bed. I remembered to repoint my dns settings to the NAS in my network connections, and then also registered the NAS in WINS.

I get the domain login now, but it is not allowing me to join as yet. I used the admin login and password, but it came back with a dialogue box "The specified account already exists".

Not sure what this means.

Wongdai
wongdai
Starting out
Posts: 18
Joined: Sun Feb 03, 2008 12:39 pm

Re: Domain Server

Post by wongdai »

Ahh. got it worked out.

It turns out the weird results are something to do with Vista. XP Pro logged into the domain just perfectly.

Unfortunately it stalled on the "loading personal settings" screen, which is probably because I haven't set up any of the user directories.

Something for tomorrow.

Wongdai
wongdai
Starting out
Posts: 18
Joined: Sun Feb 03, 2008 12:39 pm

Re: Domain Server

Post by wongdai »

All working now.

One weird thing though, on the Windows start menu, instead of saying the name of the user at the top as per usual, it says, "Linux User,,,"

Any ideas?

Wongdai
Eraser-EMC2-
Been there, done that
Posts: 711
Joined: Sat Oct 13, 2007 5:26 pm
Location: Germany

Re: Domain Server

Post by Eraser-EMC2- »

This is the full name of the user.

You have to edit the passwd manual by
connecting with ssh or telnet and open the passwd with

Code: Select all

vi /etc/passwd
_________________
Windows 7 32/64bit, German
TS-439 , 1x 512GB SSD/1x 512GB Samsung ; SAMBA as NT4 PDC, DHCP/DNS-Server
TS-431+, 1x 1TB WD green, 2x 3TB WD red , 1x 2TB Samsung
TS-220 , 2x 2TB Samsung, for Backup
wongdai
Starting out
Posts: 18
Joined: Sun Feb 03, 2008 12:39 pm

Re: Domain Server

Post by wongdai »

Spot on man. Well done!

The upside of this is that it has also fixed my problems with Workgroups, which I had before. Nice.

The only issue I currently have is that I am getting permission denied on gpedit.msc when I run it, even when I am logged in as administrator.
Post Reply

Return to “Windows Domain & Active Directory”