[Samba] Problems Setting up an Samba-PDC

Yura Pismerov ypismerov at tucows.com
Sun Sep 8 18:42:01 GMT 2002 

	You also need to do it as user with root parmissions (member of "admin
user" parameter in smb.conf). 

Martin Elshuber wrote:
> 
> Hi!
> 
> I'm trying to set a Samba 2.2.5 PDC with w2k Clients,
> but the clients can't join the domain!
> 
> I've created an Mashine account 'gandalf$', and I've added this account
> in my smbpasswd file
> 
> perhaps someone can tell me what I've done wrong
> 
> thanks Martin
> 
> p.s.: I've already read the PDC-HOWTO
> http://us6.samba.org/samba/ftp/docs/htmldocs/Samba-PDC-HOWTO.html
> 
>   ------------------------------------------------------------------------
> # This is the main Samba configuration file. You should read the
> # smb.conf(5) manual page in order to understand the options listed
> # here. Samba has a huge number of configurable options (perhaps too
> # many!) most of which are not shown in this example
> #
> # Any line which starts with a ; (semi-colon) or a # (hash)
> # is a comment and is ignored. In this example we will use a #
> # for commentry and a ; for parts of the config file that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run the command "testparm"
> # to check that you have not made any basic syntactic errors.
> #
> #======================= Global Settings =====================================
> [global]
> 
>    workgroup = THE_RING
>    server string = Domain Server
> 
>    os level 64
>    preferred master = yes
>    domain master = yes
>    local master = yes
> 
>    security = user
>    encrypt passwords = yes
>    domain logons = yes
> 
>    logon path = \\SAURON\profiles\%u
>    logon drive = = R:
>    logon home = \\SAURON\%u
> 
>    domain admin group = root @users
> 
> ;   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
> 
>    hosts allow = 192.168.0. 127.
> 
> ;   printcap name = /etc/printcap
> ;   load printers = yes
> ;   printing = lprng
> 
>    log file = /var/log/samba/%m.log
>    max log size = 0
> 
> # Use password server option only with security = server
> # The argument list may include:
> #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> #   password server = *
> ;   password server = <NT-Server-Name>
> 
> # Password Level allows matching of _n_ characters of the password for
> # all combinations of upper and lower case.
> ;  password level = 8
> ;  username level = 8
> 
>    smb passwd file = /etc/samba/smbpasswd
> 
>    unix password sync = Yes
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
> 
>    pam password change = yes
> 
> ;  username map = /etc/samba/smbusers
>    include = /etc/samba/smb.conf.%m
> 
>    obey pam restrictions = yes
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    interfaces = 192.168.0.2/24
> 
> # Case Preservation can be handy - system default is _no_
> # NOTE: These can be set on a per share basis
> ;  preserve case = no
> ;  short preserve case = no
> # Default case is normally upper case for all DOS files
> ;  default case = lower
> # Be very careful with case sensitivity - it can break things!
> ;  case sensitive = no
> 
> #============================ Share Definitions ==============================
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    valid users = %S
>    create mode = 0664
>    directory mode = 0775
> # If you want users samba doesn't recognize to be mapped to a guest user
> ; map to guest = bad user
> 
> # Un-comment the following and create the netlogon directory for Domain Logons
> [netlogon]
>    comment = Network Logon Service
>    path = /home/PDC/netlogon
>    read only = yes
>    write list = @users root martin
> 
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> [profiles]
>    path = /usr/PDC/profiles
>    read only = no
>    create mask = 0600
>    directory mask = 0700
> 
> # NOTE: If you have a BSD-style print system there is no need to
> # specifically define each individual printer
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
> # Set public = yes to allow user 'guest account' to print
>    guest ok = no
>    writable = no
>    printable = yes
> 
> # This one is useful for people to share files
> ;[tmp]
> ;   comment = Temporary file space
> ;   path = /tmp
> ;   read only = no
> ;   public = yes
> 
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> [public]
>    comment = Public Stuff
>    path = /home/public
>    public = yes
>    writable = yes
>    printable = no
>    write list = @users
>    force create mode = 0775
>    force directory mode = 0775
>    force group = users
> 
> [BG]
>    comment = Baldur's Gate
>    path = /home/public/Games/BG
>    public = yes
>    writable = no
>    printable = no
>    force create mode = 0775
>    force directory mode = 0775
>    force group = users
> 
> # Other examples.
> #
> # A private printer, usable only by fred. Spool data will be placed in fred's
> # home directory. Note that fred must have write access to the spool directory,
> # wherever it is.
> ;[fredsprn]
> ;   comment = Fred's Printer
> ;   valid users = fred
> ;   path = /home/fred
> ;   printer = freds_printer
> ;   public = no
> ;   writable = no
> ;   printable = yes
> 
> # A private directory, usable only by fred. Note that fred requires write
> # access to the directory.
> ;[fredsdir]
> ;   comment = Fred's Service
> ;   path = /usr/somewhere/private
> ;   valid users = fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
> 
> # a service which has a different directory for each machine that connects
> # this allows you to tailor configurations to incoming machines. You could
> # also use the %U option to tailor it by user name.
> # The %m gets replaced with the machine name that is connecting.
> ;[pchome]
> ;  comment = PC Directories
> ;  path = /usr/local/pc/%m
> ;  public = no
> ;  writable = yes
> 
> # A publicly accessible directory, read/write to all users. Note that all files
> # created in the directory by users will be owned by the default user, so
> # any user with access can delete any other user's files. Obviously this
> # directory must be writable by the default user. Another user could of course
> # be specified, in which case all files would be owned by that user instead.
> ;[public]
> ;   path = /usr/somewhere/else/public
> ;   public = yes
> ;   only guest = yes
> ;   writable = yes
> ;   printable = no
> 
> # The following two entries demonstrate how to share a directory so that two
> # users can place files there that will be owned by the specific users. In this
> # setup, the directory should be writable by both users and should have the
> # sticky bit set on it to prevent abuse. Obviously this could be extended to
> # as many users as required.
> ;[myshare]
> ;   comment = Mary's and Fred's stuff
> ;   path = /usr/somewhere/shared
> ;   valid users = mary fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
> ;   create mask = 0765

More information about the samba mailing list