[Samba] Windows domain group policies

robowarp at gmx.de robowarp at gmx.de
Sat Jun 21 23:19:39 GMT 2003 

hi John,
i looked at you smb.conf and i see nothing special what is different to my
conf,
but its late perhaps my eys are tired i attach the my conf.
 exact failure is that i can join the domain with local administrator rights
from a client ,
then you have to reboot the client (win2k serv pack3)
and logon but this fails with the failure 
the machine account is not trusted or known in the domain,
the machine account is present in passwd and smbpasswd as "testpc$",
problem stays if you create account traditional smbpasswd -a -m ....(from
linux shell) or done by script.
the samba runs on suse 8.2 with minimal installation.
the  net groupmap modify works fine for me , after i could not test
anything, cause first step in my opinion must be using beta as pdc.
Browsing the machine works very fine.
i have many detailed experience with the old sambas so tried out many conf
and setup additional bind dns on the server to have no dns bug depend in the
logon.
this way of joining domain worked ever in the older sambas.
after all i think the join auth is kindly broken in the beta1
and in the latest cvs i used, i will reomile the new code in a few days and
try again.
But hey if this stuff works it will be great thing.
thx for your hard work on samba, i used it it in many places since years.

Regards Robert

# Global parameters
[global]
        dos charset = ASCII
        display charset = UTF8
        workgroup = LINUX
        interfaces = 127.0.0.1, 10.10.10.100, eth1
        bind interfaces only = Yes
        passdb backend = smbpasswd:/etc/samba/smbpasswd
        passwd program = /usr/bin/passwd %u
        username map = /etc/samba/smbusers
        unix password sync = Yes
        log level = 2
        log file = /var/log/samba/%m
        time server = Yes
        keepalive = 255
        socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
SO_RCVBUF=8192
        load printers = No
        printcap name = cups
        add user script = /usr/sbin/useradd -m -g smbusers %u
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd -r %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/bin/gpasswd -a %u %g
        delete user from group script = /usr/bin/gpasswd -d %u %g
        set primary group script = /usr/sbin/usermod -g '%g' '%u'
        add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
        logon drive = z
        domain logons = Yes
        os level = 255
        preferred master = Yes
        domain master = Yes
        wins proxy = Yes
        wins support = Yes
        ldap ssl = no
        add share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
        change share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
change share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
        delete share command =
/usr/share/doc/packages/samba3/examples/misc/modify_samba_config.pl
        utmp = Yes
        host msdfs = Yes
        admin users = rruegner
        use sendfile = Yes

followed by home and netlogon section  

> On Sat, 21 Jun 2003, Thomas Angst wrote:
> 
> > Hmm,
> > that's confusing me...
> > As robowarp (or what his name is) has written, it doesn't look like
> > joining machines to samba domains is working. Or more precisely samba
> > does never trust a machine how has joined a moment before.
> >
> > And group managing may not working but I don't know how to do it...
> 
> Email me your smb.conf file.
> 
> Mine is attached. Mine works fine. I have joined WinXP and Win2K to the
> domain and have joined another samba server to the domain. All work fine.
> 
> - John T.
> 
> >
> > Thomas
> >
> > John H Terpstra schrieb:
> >
> > >Thomas,
> > >
> > >Domain membership joins work fine in current CVS.
> > >
> > >Managing Groups is the problem right now.
> > >
> > >This should be done early next week. There are patches on
> samba-technical
> > >that have not yet been accepted and applied.
> > >
> > >- John T.
> > >
> > >
> > >On Sat, 21 Jun 2003, Thomas Angst wrote:
> > >
> > >
> > >
> > >>I hope they will fix this bug soon, how can we else test the new
> functionality of Samba 3.0 if we cannot use it as a domain server?
> > >>Or is there another way to register a machine which will be accepted
> by Samba 3.0?
> > >>
> > >>Thomas
> > >>
> > >>
> > >>
> > >>
> > >>>I am using Debian 3.0r1 with unstable packages. But if the fixes are
> in
> > >>>CVS I can download and compile it.
> > >>>
> > >>>
> > >>Fixes are still being worked on. I hope they will make it for Beta2.
> > >>
> > >>- John T.
> > >>
> > >>
> > >>robowarp at gmx.de schrieb:
> > >>
> > >>
> > >>
> > >>>recompiled samba 3 on current cvs , the bug stays
> > >>>no login to samba domain is possible , cause computer acount is not
> > >>>trusted
> > >>>after reboot the client which
> > >>>joined the domain succesfully
> > >>>regards r
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> > >
> > >
> >
> >
> 
> -- 
> John H Terpstra
> Email: jht at samba.org

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

More information about the samba mailing list