Changing OU to default?

Jason Gerfen jason.gerfen at
Wed Oct 19 19:28:20 GMT 2005

I have posted a few questions in the normal samba lists and have not 
recieved an answer, other then to remove the AD object and try again.

Here is what I am trying to accomplish;  Using samba as a file server 
for users authenticating through kerberos and active directory.

I have followed the samba-howto on, and here is my smb.conf

# Network configuration
     server string =
     workgroup = DOMAIN
     netbios name = DOC-ODIN
     realm = DOMAIN
     security = ADS
     password server =

# Domain configuation options
     prefered master = no
     local master = no
     domain master = no
     prefered master = no
     domain logons = no

# Security options
     encrypt passwords = yes
     update encrypted = yes
     password level = 20

# Winbind options
     winbind use default domain = no
     winbind cache time = 5
     winbind separator = /
     winbind enum users = no
     winbind enum groups = no
     winbind nested groups = yes

# User/Group mapping options
     idmap uid = 500-500000
     idmap gid = 500-500000
     add user script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s 
/bin/false -M %u
     add machine script = /usr/sbin/useradd -c Machine -d 
/var/lib/nobody -s /bin/false %m$

# LDAP/AD configuration options
     passdb backend = ldapsam:LDAP://
     ldap admin dn = "cn=readonly,cn=users,dc=domain,dc=com
     ldap user suffix = cn=users
     ldap group suffix = ou=groups
     ldap suffix = dc=domain,dc=com
     ldap delete dn = no
     use spnego = yes

# Networking options
     hide unreadable = no
     wins support = no
     dns proxy = no
     interfaces = eth* lo
     bind interfaces only = yes
     socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     hosts deny =

# Miscellaneous options
     os level = 20
     template shell = /bin/false
     template homedir = /odin/%D/%U
     load printers = no

# Logging options
     log level = 1 ads:5 auth:5 sam:5 rpc:5

I am able to join the domain, I am able to view users, just not the 
correct users.  I mapped a OU=users when I needed to map the CN=users 
(which is the default) and I am not able to run the net ads join -U 
username at "container/users" without getting an error that 
CN=users is not a valid OU.  I have already attempted to delete the 
server name from active directory and re-joining.

A co-worker and I were talking about everything we could do, and the 
only thing that has not been done is using another AD Administrative 
user to join the domain with.  Any help is appreciated.

Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."

More information about the samba-technical mailing list