[Samba] trying to prepare to go live this weekend
craigwhite at azapple.com
Sat Dec 20 19:40:41 GMT 2003
On Fri, 2003-12-19 at 11:30, John H Terpstra wrote:
> > c) turn off logon services (never done this on NT domain controller but
> > presume that it can be somewhat disabled) - has anyone done anything
> > down this path?
> That will work too. Just shut down the Netlogon service.
finally, will all the users gone, I was able to get onto the network and
test these things out. So I got over there this morning and:
- disabled Network Logon service on NT-SERVER
- changed smb.conf on Linux /security = user
/domain/local/preferred master = yes
/os level = 34
- restarted smb service
- user could log on - authenticated by samba/LDAP
- user couldn't access files/shares/printers on NT-SERVER if their
username/password didn't exist on NT-SERVER prior
- NT-SERVER 'Event Viewer' showed nothing of failed access
- NT-SERVER 'Server Manager' lists Samba as PDC and NT-SERVER as
workstation (not PDC or BDC)
- NT-SERVER User Manager for Domains shows all the accounts for the
domain, including the accounts that weren't on NT-SERVER domain prior to
net vampire (obviously talks to Samba server) - it does however
immediately open dialog - Tag is invalid and complains about that every
time I try to connect to DOMAIN
the only clue that I have on this is from /var/log/samba/log.ntserver
[2003/12/20 11:16:20, 0]
ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
(Insufficient access)smbldap_open: cannot access LDAP when not root..
smbpasswd on that machine can access LDAP but apparently, through
NT-SERVER, it can't - must be the Administrator<->root mapping yes/no?
smbaccess -w has been run and up to this point, seemed happy.
Painters came in to mess up my access today. I'm going to the bookstore
and see if the Samba 3 book and a suitable LDAP book is available. I'm
very interested in looking at various slapd.conf examples that might
give me good ideas before I am committed.
More information about the samba