[Samba] XP Client cannot join Samba3 PDC
gpalmer at lganet.com
gpalmer at lganet.com
Fri Apr 23 20:23:03 GMT 2004
[global]
#server naming
netbios name = CHARON
workgroup = GPNET
server string = GPNET PDC Server
#authentication as PDC
domain logons = yes
domain master = yes
security = user
password level = 8
username level = 8
smb passwd file=/usr/local/samba/private/smbpasswd
logon script = logon.bat
encrypt passwords = yes
domain admin group = @root
username map = /usr/local/samba/lbin/map.user
#user group scripts
add user script=/usr/sbin/useradd -d /dev/null -c "Samba account %u"
-s /bin/false -M %u
add machine script =/usr/sbin/useradd -d /dev/null -g machines -c
"Machine account %u" -s /bin/false -M %u
#wins server
wins support = yes
time server = yes
local master = yes
lm announce = yes
lm interval = 120
browse list = yes
remote announce = 192.168.201.127/GPNET 192.168.12.255/GPNET
192.168.201.135/GPNET 192.168.201.139/GPNET 192.168.201.143/GPNET
os level = 64
preferred master = yes
#wins client
name resolve order = wins bcast lmhosts
wins proxy = yes
dns proxy = yes
#IP Networking
interfaces = 192.168.201.1/25 192.168.201.129/29 192.168.201.137/30
192.168.201.141/30
hosts allow = 192.168.201. 192.168.202. 127. 192.168.12.
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
#printing
printer = pshplj5
load printers = yes
printcap name = /etc/printcap
#log files
log level = 0
max log size = 50
log file = /var/log/samba/log.%m
#default share
map archive = yes
map system = yes
map hidden = yes
browseable = yes
writable = yes
public = yes
----------------------------------------------------------------------------
----------
# items that prevent domain join-must be removed for successful operations
force group=nobody
force user = nobody
----------------------------------------------------------------------------
----------
[homes]
comment = Home Directory for %U
browseable = no
write list = %U
valid users= %U
path = /home/%U
force user=%U
force group=%U
[profiles]
browseable = no
path=/home/%U/profile
write list = %U
valid users= %U
force user=%U
force group=%U
[netlogon]
comment = Network Logon Service
path = /home/netlogon
writable = no
public = no
write list=administrator root
[exe]
comment = Network Public Executables
path = /home/exe
[movie]
comment = Movie files
path = /home/movie
[audio]
comment = Audio files
path = /home/audio
-----Original Message-----
From: Jose Martinez [SMTP:jvm_vi at bellsouth.net]
Sent: Friday, April 23, 2004 12:47 PM
To: gpalmer at lganet.com; chris at lincom.net.au;
samba at lists.samba.org
Subject: RE: [Samba] XP Client cannot join Samba3 PDC
When u used these FORCE user and group settings, you didn't have to
tell it
which user and group to force?
Can you send a copy of your smb.conf file.
The problem I am having is that sometimes a machine that is
connected to the
domain will not allow a user to authenticate.. but it allows other
users to
authenticate.. Im wondering if this could be related...
Jose
-----Original Message-----
From: samba-bounces+jmartinez=bellsouth.net at lists.samba.org
[mailto:samba-bounces+jmartinez=bellsouth.net at lists.samba.org] On
Behalf Of
gpalmer at lganet.com
Sent: Friday, April 23, 2004 1:26 PM
To: chris at lincom.net.au; gpalmer at lganet.com; samba at lists.samba.org
Subject: RE: [Samba] XP Client cannot join Samba3 PDC
Resolved problem:
Had decided to use global force user/force group options for the
shares.
It worked like a charm. All my shares now had default groups and
users.
I did not realize how truly global these settings were. After a
careful
review of the logs, I noticed that root indeed logged in. However,
the
effective user always morphed into nobody. At that time, I thought
this was
nominal behavior. NOT!
The global settings for:
FORCE USER = unix user
FORCE GROUP= unix group
Sets the Effective User ID to those forced ID's for EVERYTHING,
including
non share oriented communications.
Check your configs and eliminate these GLOBAL settings.
30 hours! DOH!
More information about the samba
mailing list