[Samba] XP Client cannot join Samba3 PDC

gpalmer at lganet.com gpalmer at lganet.com
Fri Apr 23 20:23:03 GMT 2004


[global]
#server naming
        netbios name = CHARON
        workgroup = GPNET
        server string = GPNET PDC Server

#authentication as PDC
        domain logons = yes
        domain master = yes
        security = user
        password level = 8
        username level = 8
        smb passwd file=/usr/local/samba/private/smbpasswd
        logon script = logon.bat
        encrypt passwords = yes
        domain admin group = @root
        username map = /usr/local/samba/lbin/map.user

#user group scripts
        add user script=/usr/sbin/useradd -d /dev/null -c "Samba account %u"
-s /bin/false -M %u
	  add machine script =/usr/sbin/useradd -d /dev/null -g machines -c
"Machine account %u" -s /bin/false -M %u

#wins server
        wins support = yes
        time server = yes
        local master = yes
        lm announce = yes
        lm interval = 120
        browse list = yes
        remote announce = 192.168.201.127/GPNET 192.168.12.255/GPNET
192.168.201.135/GPNET 192.168.201.139/GPNET 192.168.201.143/GPNET
        os level = 64
        preferred master = yes
#wins client
        name resolve order = wins bcast lmhosts
        wins proxy = yes
        dns proxy = yes

#IP Networking
        interfaces = 192.168.201.1/25 192.168.201.129/29 192.168.201.137/30
192.168.201.141/30
        hosts allow = 192.168.201. 192.168.202. 127. 192.168.12.
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192

#printing
        printer = pshplj5
        load printers = yes
        printcap name = /etc/printcap

#log files
        log level = 0
        max log size = 50
        log file = /var/log/samba/log.%m

#default share
        map archive = yes
        map system = yes
        map hidden = yes
        browseable = yes
        writable = yes
        public = yes

----------------------------------------------------------------------------
----------
# items that prevent domain join-must be removed for successful operations
	  force group=nobody
	  force user = nobody
----------------------------------------------------------------------------
----------

[homes]
   comment = Home Directory for %U
   browseable = no
   write list = %U
   valid users= %U
   path = /home/%U
   force user=%U
   force group=%U

[profiles]
   browseable = no
   path=/home/%U/profile
   write list = %U
   valid users= %U
   force user=%U
   force group=%U

[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   writable = no
   public = no
   write list=administrator root

[exe]
   comment = Network Public Executables
   path = /home/exe

[movie]
   comment = Movie files
   path = /home/movie

[audio]
   comment = Audio files
   path = /home/audio



	-----Original Message-----
	From:	Jose Martinez [SMTP:jvm_vi at bellsouth.net]
	Sent:	Friday, April 23, 2004 12:47 PM
	To:	gpalmer at lganet.com; chris at lincom.net.au;
samba at lists.samba.org
	Subject:	RE: [Samba] XP Client cannot join Samba3 PDC

	When u used these FORCE user and group settings, you didn't have to
tell it
	which user and group to force?

	Can you send a copy of your smb.conf file.

	The problem I am having is that sometimes a machine that is
connected to the
	domain will not allow a user to authenticate.. but it allows other
users to
	authenticate.. Im wondering if this could be related...

	Jose

	-----Original Message-----
	From: samba-bounces+jmartinez=bellsouth.net at lists.samba.org
	[mailto:samba-bounces+jmartinez=bellsouth.net at lists.samba.org] On
Behalf Of
	gpalmer at lganet.com
	Sent: Friday, April 23, 2004 1:26 PM
	To: chris at lincom.net.au; gpalmer at lganet.com; samba at lists.samba.org
	Subject: RE: [Samba] XP Client cannot join Samba3 PDC

	Resolved problem:
	Had decided to use global force user/force group options for the
shares.  
	It worked like a charm.  All my shares now had default groups and
users.
	I did not realize how truly global these settings were.  After a
careful
	review of the logs,  I noticed that root indeed logged in.  However,
the
	effective user always morphed into nobody.  At that time, I thought
this was
	nominal behavior.  NOT!

	The global settings for:
	FORCE USER = unix user
	FORCE GROUP= unix group
	Sets the Effective User ID to those forced ID's for EVERYTHING,
including
	non share oriented communications.
	Check your configs and eliminate these GLOBAL settings.  

	30 hours!  DOH!

	


More information about the samba mailing list