samba pdc setup fails on net rpc rights grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-docs (Ubuntu) |
Fix Released
|
Undecided
|
Adam Sommer |
Bug Description
Binary package hint: ubuntu-docs
The server guide says that setting up samba as pdc requires the command
net rpc rights grant "EXAMPLE\Domain Admins" SeMachineAccoun
but this doesn't work if done exactly like documented, because:
1: This command can not be issued before restarting samba, because at this time the domain does not yet exist.
2: One must use the -U option to specify a userid, otherwise it will prompt for the passwort of root, which does not exist.
3: Before issuing this command, one must do 'smbpasswd -a' for the userid to be used. I thought that libpam-smbpass would take care of this and make the linux passwords available to samba, but that doesn't seem to work.
4: this command is another example of a truncations in the pdf variant of the manual, as I already wrote in another bug report (590519).
Hi,
These changes would fix this bug:
The command "net rpc rights grant ..." and the sentence before it should be moved from step 3 to step 7 (offtopic note: I think that the note "if you wish to not use roaming profiles ..." should be moved up within step 3).
The option -U must be inserted (e.g. net -U user rpc rights grant ...) with "user" replaced with a username with sufficient rights (and a samba password already set).
Step 1 should note that libpam-smbpass will transfer a unix password to samba only when that user logs in to linux the first time (at least that's the info that I found somewhere). If your users don't log in to linux, only to samba, then you must set the samba passwords manually with smbpasswd -a. This includes the user specified in the command "net user rpc rights grant" and the user used to join client machines into the domain.
The note in step 7 should include a reminder to make sure that the user has a samba password, either by logging in to linux once or by entering it with smbpasswd -a.
best regards,
Klaus