Skip to main content

If you don't have an IBM ID and password, register here.

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. This profile includes the first name, last name, and display name you identified when you registered with developerWorks. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

Using Samba as a PDC

Tom Syroid is a contract writer for Studio B Productions, a literary agency based in Indianapolis, IN specializing in computer-oriented publications. Topics of interest/specialty include *NIX system security, Samba, Apache, and Web database applications based on PHP and MySQL. He has experience administering and maintaining a diverse range of operating systems including Linux (Red Hat, OpenLinux, Mandrake, Slackware, Gentoo), Windows (95, 98, NT, 2000, and XP), and AIX (4.3.3 and 5.1). He is also the co-author of Outlook 2000 in a Nutshell (O'Reilly & Associates) and OpenLinux Secrets (Hungry Minds). Tom lives in Saskatoon, Saskatchewan with his wife and two children. Hobbies include breaking perfectly good computer installations and then figuring out how to fix them, gardening, reading, and building complex structures out of Lego with his kids. Questions, comments, and errata submissions are welcome; you can either e-mail the author directly (dwcomments@syroidmanor.com.

Summary:  Open-source Samba turns a UNIX or Linux system into a file and print server for Microsoft Windows network clients. Tom Syroid dishes up a juicy tutorial that shows you how to configure Samba as the primary domain controller on an xSeries server.

Date:  03 Apr 2002
Level:  Introductory

Comments:  

Troubleshooting and SWAT information

When things go bump in the night...

When Murphy crashes your party, it's time to do some troubleshooting. The list below is by no means complete or seminal. It's simply a compliation of years of working with Samba, and many many hours tracking user's cries for help on the Samba mailing list.

  • First and foremost, determine where exactly your problem lies and how it occurred. Is it on the server end, or the client? Did it occur in conjunction with something else? Can you isolate the problem? Did you check your network cables? Are you SURE it's Samba related (this one in particular has bitten me several times), can you perform the same action without difficulty from another workstation? Are the Samba daemons running?
  • If you start the Samba daemons and they unexpectedly die, run the Samba testparm utility on your configuration file. Chances are you have a syntax error somewhere. As a matter of fact, experience has taught me that the two most common errors that cause Samba to stop running or lose functionality are: (1) typos in smb.conf, and (2) incorrect permissions on a file or directory.
  • The client can't save a profile to the PDC? Read the above again. And check your directory permissions.
  • The client can't join the domain? Check to ensure user and machine accounts exist on the controller. If necessary, create them manually.
  • If you try and join the domain, and get a "Cannot join domain..." or "Cannot create account, you already have a connection to the domain" message, check to ensure there are no existing mapped drives to the server. If there are, kill them by typing net use * /d in a command prompt window.
  • If you can't join the domain, and you created the machine account manually, check to ensure you didn't forget to add the dollar-sign ('$') after the machine name.
  • If you can't join the domain, and are using the add user script option to automatically create machine accounts, double check the option. If nothing looks amiss, disable it, and manually create the machine account. Now try again.
  • If all the above fails, go back through the tutorial and double check everything. Methodically. Again, the material presented here has been tripled checked. The smb.conf file was moved to a clean install of Redhat, the directories and permissions were created/set as shown, and the controller was tested with a Windows XP client. Everything worked first time without error or incident.
  • Finally, failing everything else, send a message to the Samba mailing list asking for assistance. Don't forget to detail your problem clearly, what you've tried so far, and enclose your configuration file. The list is populated by a lot of very fine people; someone will no doubt come to your rescue.

Sidebar I: SWAT

A lot of administrators accustomed to GUI configuration tools find working with a command line editor like vi or emacs both intimidating and frustrating. Situations like this are precisely what SWAT was designed to address. SWAT stands for Samba Web Administration Tool, and is bundled with the Samba package. In short, SWAT puts an easy to navigate interface on smb.conf using any web browser. It also provides context-sensitive help for all options, and a link to the vast array of documentation shipped with Samba.

Unfortunately, convenience always comes at a cost. First and foremost, SWAT requires the root password to accomplish much of anything, and that password is transmitted in plain text. This dangerous security breach is offset somewhat by the fact that SSL/HTTPS can be used for remote connections (there's a HOWTO located at www.samba.org/samba/docs/swat_ssl.html). Second, SWAT has a habit of rearranging the order of entries in smb.conf when changes are saved. If you've got a carefully ordered configuration file complete with insightful comments, I do not recommend using SWAT.

Another difficulty with SWAT is that it's turned off by default and users unfamiliar with the landscape of Redhat seem to have a lot of trouble turning it on. This last problem is easy to fix.


Sidebar II: SWAT configuration

The are two ways to enable SWAT, depending on whether your system is configured to use xinetd or inetd.

For systems running xinetd (RH 7.2 and, I believe, 7.1), the script /etc/xinetd.d/swat must be edited (as root). Change the line that reads disable = yes to disable = no. If you want to access SWAT from a remote machine (a very bad choice on anything but a firewalled intranet), place a pound sign ('#') in front of the line that reads only_from = localhost. Now re-start the xinetd daemon by typing service xinetd reload (again, as root). You should now be able to access the SWAT service directly from the local machine by typing httpd://localhost:901, or from a remote host by substituting localhost for the host name.

On systems running inetd, two files must be edited. Ensure that /etc/services contains the line:

swat 901/tcp

Next, open /etc/inetd.conf and locate the line that reads:

swat stream tcp nowait.400 root /path/to/the/swat/binary swat

Replace /path/to/the/swat/binary with the correct path. For example, /usr/sbin/swat. Now restart the inetd service: service inetd reload. Follow the procedures in the paragraph above to connect to your server.

5 of 8 | Previous | Next

Comments



Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX
ArticleID=105868
TutorialTitle=Using Samba as a PDC
publish-date=04032002
author1-email=dwcomments@syroidmanor.com
author1-email-cc=

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).