[Samba] Re: domain join - no sambaSamAccount created

U. Dettmer udettmer at gmx.net
Tue Sep 9 09:11:48 GMT 2003


 > if you didn't work it out yet.... send your smb.conf and attach "add
 > machine script" too, I can test it on this system. Maybe that will give
 > us some answers.

Hi again,
my "add machine" script uses the cpu utility, which is available at http://cpu.sourceforge.net . It is also included in many Linux distributions 
( well, at least in SuSE 8.2 Pro ;-).
I've slightly edited the config files but all necessary information should available.
OK, here we go:

# smb.conf - Global parameters
[global]
	workgroup = TUXNET
	server string = Fileserver
	map to guest = Bad User
	null passwords = Yes
	obey pam restrictions = Yes
	passdb backend = ldapsam:ldap://directory, guest
	passwd program = /usr/bin/passwd -q %u
	passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n \n
	unix password sync = Yes
	client lanman auth = No
	client plaintext auth = No
	log level = 0
	syslog = 0
	log file = /var/log/samba/%m.log
	time server = Yes
	server signing = auto
	deadtime = 15
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	printcap name = cups
         # add machine script = /etc/samba/machadd.sh %u
	# Note: I tried to wrap the line below into a shell script. It didn't help ...
	add machine script = /usr/bin/cpu useradd %u -d /dev/null -f /etc/samba/scripts/machadd.cfg -F %u -L %u -g 511 -p \n
	shutdown script = /sbin/shutdown
         abort shutdown script = /sbin/shutdown -c
	logon script = scripts\%m.bat
	logon path = \\%N\%U\.winprofile
	logon drive = m:
	domain logons = Yes
	os level = 65
	domain master = Yes
	wins server = 10.0.0.2
	ldap server = directory
	ldap port = 389
	ldap suffix = ou=department,o=company,c=DE
	ldap machine suffix = ou=herkules,ou=clients
	ldap user suffix = People
	ldap group suffix = Group
#	ldap idmap suffix = ou=department,o=company,c=DE
	ldap admin dn = cn=herkules-proxy,ou=admin,ou=department,o=company,c=DE
	ldap ssl = no
	message command = /bin/mail -s 'Nachricht von %f auf %m' root < %s; rm %s
	host msdfs = Yes
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	comment = HP Laserjet 2100 IL
	admin users = root
	write list = root
	printer admin = @it-s, root
	map acl inherit = Yes
	printing = cups
	printer name = normal
	map system = Yes
	map hidden = Yes

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0711
	directory mask = 0711
	profile acls = Yes
	browseable = No

[netlogon]
	comment = logon scripts
	path = /daten/netlogon/
	write list = root, @it-s
	map system = No
	map hidden = No
	locking = No
	root preexec = /etc/samba/make_logon_script '%m' '%U' '%a' '%g' '%L'

[print$]
	path = /daten/printers
	write list = @it-s, root
	guest ok = Yes

[printers]
	path = /var/spool/cups
	guest ok = Yes
	printable = Yes
	browseable = No


# /etc/samba/scripts/machadd.cfg
# LDAP Configuration
ldap_host::directory
ldap_port::389
bind_dn::cn=herkules-proxy,ou=admin,ou=department,o=company,c=DE
bind_pass::xxx
base_dn::ou=department,o=company,c=DE
user_base::ou=herkules,ou=clients,ou=department,o=company,c=DE
group_base::ou=group,ou=department,o=company,c=DE
user_filter::objectclass=posixAccount
user_object_class::account,posixAccount,top,shadowAccount,inetOrgPerson
group_object_class::posixGroup,top
ldap_version::3

#
# User Configuration
#
default_shell::/bin/false
home_directory::/dev/nul
skel_dir::/etc/skel
def_gecos::Machine Account
max_uidnumber::10000
min_uidnumber::5000
max_gidnumber::10000
min_gidnumber::5000
id_max_passes::1000

#
# Password Configuration
#
hash::clear
password_file::/etc/passwd
shadow_file::/etc/shadow
shadowlastchange::11192
shadowmax::99999
shadowwarning::7
shadowexpire::-1
shadowflag::134538308
shadowmin::-1
shadowinactive::-1

#
# Misc. Configuartion
#
syslog::n
def_dir_perm::0700





More information about the samba mailing list