[Samba] trying to prepare to go live this weekend

Craig White craigwhite at azapple.com
Sat Dec 20 19:40:41 GMT 2003 

On Fri, 2003-12-19 at 11:30, John H Terpstra wrote:
> >  c) turn off logon services (never done this on NT domain controller but
> > presume that it can be somewhat disabled) - has anyone done anything
> > down this path?
> 
> That will work too. Just shut down the Netlogon service.
> 
----
finally, will all the users gone, I was able to get onto the network and
test these things out. So I got over there this morning and:
- disabled Network Logon service on NT-SERVER
- changed smb.conf on Linux /security = user
                            /domain/local/preferred master = yes
                            /os level = 34
- restarted smb service

- user could log on - authenticated by samba/LDAP
- user couldn't access files/shares/printers on NT-SERVER if their
username/password didn't exist on NT-SERVER prior

- NT-SERVER 'Event Viewer' showed nothing of failed access
- NT-SERVER 'Server Manager' lists Samba as PDC and NT-SERVER as
workstation (not PDC or BDC)
- NT-SERVER User Manager for Domains shows all the accounts for the
domain, including the accounts that weren't on NT-SERVER domain prior to
net vampire (obviously talks to Samba server) - it does however
immediately open dialog - Tag is invalid and complains about that every
time I try to connect to DOMAIN

the only clue that I have on this is from /var/log/samba/log.ntserver

[2003/12/20 11:16:20, 0]
passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
  ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
(Insufficient access)smbldap_open: cannot access LDAP when not root..

smbpasswd on that machine can access LDAP but apparently, through
NT-SERVER, it can't - must be the Administrator<->root mapping yes/no?

smbaccess -w has been run and up to this point, seemed happy.


hints?

Painters came in to mess up my access today. I'm going to the bookstore
and see if the Samba 3 book and a suitable LDAP book is available. I'm
very interested in looking at various slapd.conf examples that might
give me good ideas before I am committed.

Craig

More information about the samba mailing list