Changing OU to default?
Jason Gerfen
jason.gerfen at scl.utah.edu
Wed Oct 19 19:28:20 GMT 2005
I have posted a few questions in the normal samba lists and have not
recieved an answer, other then to remove the AD object and try again.
Here is what I am trying to accomplish; Using samba as a file server
for users authenticating through kerberos and active directory.
I have followed the samba-howto on samba.org, and here is my smb.conf
[global]
#
# Network configuration
#
server string = doc-odin.domain.com
workgroup = DOMAIN
netbios name = DOC-ODIN
realm = DOMAIN
security = ADS
password server = server.domain.com server2.domain.com
#
# Domain configuation options
#
prefered master = no
local master = no
domain master = no
prefered master = no
domain logons = no
#
# Security options
#
encrypt passwords = yes
update encrypted = yes
password level = 20
#
# Winbind options
#
#
winbind use default domain = no
winbind cache time = 5
winbind separator = /
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
#
# User/Group mapping options
#
idmap uid = 500-500000
idmap gid = 500-500000
add user script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
/bin/false -M %u
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
#
# LDAP/AD configuration options
#
passdb backend = ldapsam:LDAP://server2.domain.com
ldap admin dn = "cn=readonly,cn=users,dc=domain,dc=com
ldap user suffix = cn=users
ldap group suffix = ou=groups
ldap suffix = dc=domain,dc=com
ldap delete dn = no
use spnego = yes
#
# Networking options
#
hide unreadable = no
wins support = no
dns proxy = no
interfaces = eth* lo
bind interfaces only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts deny = 0.0.0.0/0
#
# Miscellaneous options
#
os level = 20
template shell = /bin/false
template homedir = /odin/%D/%U
load printers = no
#
# Logging options
#
log level = 1 ads:5 auth:5 sam:5 rpc:5
I am able to join the domain, I am able to view users, just not the
correct users. I mapped a OU=users when I needed to map the CN=users
(which is the default) and I am not able to run the net ads join -U
username at realm.com "container/users" without getting an error that
CN=users is not a valid OU. I have already attempted to delete the
server name from active directory and re-joining.
A co-worker and I were talking about everything we could do, and the
only thing that has not been done is using another AD Administrative
user to join the domain with. Any help is appreciated.
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
More information about the samba-technical
mailing list