[Samba] Windows domain group policies

John H Terpstra jht at samba.org
Sat Jun 21 21:54:10 GMT 2003 

On Sat, 21 Jun 2003, Thomas Angst wrote:

> Hmm,
> that's confusing me...
> As robowarp (or what his name is) has written, it doesn't look like
> joining machines to samba domains is working. Or more precisely samba
> does never trust a machine how has joined a moment before.
>
> And group managing may not working but I don't know how to do it...

Email me your smb.conf file.

Mine is attached. Mine works fine. I have joined WinXP and Win2K to the
domain and have joined another samba server to the domain. All work fine.

- John T.

>
> Thomas
>
> John H Terpstra schrieb:
>
> >Thomas,
> >
> >Domain membership joins work fine in current CVS.
> >
> >Managing Groups is the problem right now.
> >
> >This should be done early next week. There are patches on samba-technical
> >that have not yet been accepted and applied.
> >
> >- John T.
> >
> >
> >On Sat, 21 Jun 2003, Thomas Angst wrote:
> >
> >
> >
> >>I hope they will fix this bug soon, how can we else test the new functionality of Samba 3.0 if we cannot use it as a domain server?
> >>Or is there another way to register a machine which will be accepted by Samba 3.0?
> >>
> >>Thomas
> >>
> >>
> >>
> >>
> >>>I am using Debian 3.0r1 with unstable packages. But if the fixes are in
> >>>CVS I can download and compile it.
> >>>
> >>>
> >>Fixes are still being worked on. I hope they will make it for Beta2.
> >>
> >>- John T.
> >>
> >>
> >>robowarp at gmx.de schrieb:
> >>
> >>
> >>
> >>>recompiled samba 3 on current cvs , the bug stays
> >>>no login to samba domain is possible , cause computer acount is not
> >>>trusted
> >>>after reboot the client which
> >>>joined the domain succesfully
> >>>regards r
> >>>
> >>>
> >>>
> >>>
> >
> >
> >
>
>

-- 
John H Terpstra
Email: jht at samba.org
-------------- next part --------------
# Samba config file created using SWAT
# from 192.168.1.1 (192.168.1.1)
# Date: 2003/06/21 14:41:58

# Global parameters
[global]
	workgroup = MIDEARTH
	server string = Samba3
	interfaces = eth0, lo
	bind interfaces only = Yes
	server schannel = Yes
	passdb backend = tdbsam, guest
	pam password change = Yes
	passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed*
	username map = /etc/samba/smbusers
	password level = 8
	username level = 8
	unix password sync = Yes
	log level = 1
	syslog = 0
	log file = /var/log/samba/%m
	smb ports = 139 445
	name resolve order = wins bcast hosts
	time server = Yes
	socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192
	printcap name = CUPS
	disable spoolss = Yes
	add user script = /usr/sbin/useradd -m %u
	delete user script = /usr/sbin/userdel -r %u
	add group script = /usr/sbin/groupadd %g
	delete group script = /usr/sbin/groupadd %g
	add user to group script = /usr/sbin/usermod -G %g %u
	add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
	shutdown script = /var/lib/samba/scripts/shutdown.sh
	abort shutdown script = /sbin/shutdown -c
	logon script = scripts\logon.bat
	logon path = \\%L\Profiles\%U
	logon drive = H:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 35
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap ssl = no
	utmp = Yes
	panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e gdb /proc/%d/exe %d || /bin/sleep
	idmap uid = 15000-20000
	idmap gid = 15000-20000
	winbind separator = +
	comment = Samba 3.0.0
	hosts allow = 127., 192.168.1.
	use sendfile = Yes
	printing = cups
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/
	veto oplock files = /*.doc/*.xls/*.mdb/
	include = /etc/samba/machine.

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	browseable = No

[print$]
	comment = Printer Drivers Share
	path = /var/lib/samba/drivers
	write list = jht, root
	printer admin = jht, root
	create mask = 0664
	directory mask = 0775

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	admin users = root, jht
	guest ok = Yes
	nt acl support = No
	browseable = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[Profiles]
	comment = Roaming Profile Share
	path = /var/lib/samba/profiles
	read only = No
	profile acls = Yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	printer admin = root, jht
	create mask = 0600
	guest ok = Yes
	printable = Yes
	use client driver = Yes
	default devmode = Yes
	browseable = No

[media]
	comment = Public Stuff
	path = /export2
	read list = @users
	write list = jht
	read only = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[data]
	comment = Data Stuff
	path = /export/data
	write list = @ntadmin
	read only = No
	blocking locks = No
	csc policy = disable
	locking = No
	oplocks = No
	level2 oplocks = No
	posix locking = No
	strict locking = No
	share modes = No

[cdr]
	comment = CDR Production Files
	path = /export/CDR
	force user = root
	read only = No
	case sensitive = Yes

More information about the samba mailing list