Horrible problem with SAMBA -- Does Karmic work?

Tue Nov 24 05:14:08 UTC 2009

>> I have done a clean install of Karmic on my file server and am tearing my
>> hair out. I'm almost ready to bolt for Red Hat!
>> I have tried numerous times to set up SAMBA so that students can log into
>> the system and access the files they need to access. They can't. The
>> latest error is that the machine account isn't set up. But I can't find
>> where the machine account is. When I upgraded from Jaunty (which worked
>> fine), I got this error and was unable to delete the machine password from
>> the /etc/samba/smbpasswd file to reload it. Now there isn't an
>> /etc/samba/smbpasswd file at all, so the accounts must be stored elsewhere.
>> Any ideas? Students can log in directly to the server or via ssh. The
>> problem is samba, and it appears to be the machine accounts.

> Thanks to the two who responded to this email. However, this still leaves
> the question open as to whether I need to establish accounts for both users
> and workstations; I assume I do. The TDBs seem to record the users
> correctly, but they do not appear to record the workstations. The way I've
> been doing this is, first, "useradd -M -N -s /bin/false <machinename$>",
> then "passwd -l <machinename$>", then "smbpasswd -a -m <machinename>". I
> get the message that users are added with the final statement (or deleted
> with smbpasswd -x -m <machinename>), but then I get the message that the
> workstation accounts aren't established when I try to log in on them. I
> suspect that the smbpasswd program is trying to write something to
> somewhere, but it's the tbd files that are actually controlling things. Do
> I use pdbedit for this, as I do with the users?

I have only ever used pdbedit for listing users (with -Lw or -Lv) but
it can be used to create, modify, and delete users and groups just
like smbpasswd. It can also create and modifies account policies but I
have not used these functions or even looked into them.

Your useradd-passwd-smbpasswd sequence seems correct (I would have
added "-g <gid>" or "-g 65534" rather than "-N" to the passwd
invocation, out of habit rather than out of necessity AFAIK - and I
assume that the missing $ at the end of the smbpasswd invocation is an
email typo).

Run
pdbedit -Lv <hostname>$
to make sure that you have "W" on the account flags line
and
to make sure that you have your domain/workgroup on the domain line
(and not your server name)

Questions:

1. How do you know that it is the machine accounts that are failing
you? Please check your logs (or possibly increase the log level,
restart samba, try logging on, and check your logs).

2. How is your smb.conf set up? Which security setting have you
chosen? Do you have a netlogon section?

3. Do you really need to have a domain setup with machine accounts
(since you seem to have just one box)?