[Samba] suse 8.2 Samba 3 LDAP :Cannot Log onto Domain Member
Workstation After Joining Domain
sun at percipia.com
Thu Jan 1 20:59:22 GMT 2004
In my windows 2000 machine I don't have Group Policy Editor , User
Profiles not there, after chaning this setting also, I was not able to
I had the same problem and the following steps executed on the Win2K system
as Administrator did it for me:
Start the Administrative Tools (Start / Settings / Control Panel /
Administrative Tools). From there start the Local Security Policy.
In the Local Security Policy open Local Policies and then Security Options.
Disable the following entries:
Domain member: Digitally encrypt or sign secure channel data (Always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key
In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
Computer Configuration\Administrative Templates\System\User Profiles\do not
check for user ownership of roaming profiles folders
> Now I was not able to login to the samba3 domain from windows 2000, after
> refreing this document
> Here is my smb.conf setting.
> client schannel = Auto
> server schannel = Auto
> client signing = auto
> server signing = No
> What should I change to login to the domain. I am attaching smb.conf file.
> workgroup = TUX-NET
> passdb backend = ldapsam:ldap://localhost
> debuglevel = 3
> time server = yes
> interfaces = 127.0.0.1 eth0
> bind interfaces only = true
> printing = cups
> printcap name = cups
> load printers = yes
> wins support = Yes
> unix charset = LOCALE
> local master = yes
> domain master = yes
> domain logons = yes
> security = user
> add user script = ldapsmb -a -u "%u"
> delete user script = ldapsmb -d -u "%u"
> add machine script = ldapsmb -a -w "%u"
> add group script = ldapsmb -a -g "%g"
> delete group script = ldapsmb -d -g "%g"
> add user to group script = ldapsmb -j -u "%u" -g "%g"
> delete user from group script = ldapsmb -j -u "%u" -g "%g"
> set primary group script = ldapsmb -m -u "%u" -gid "%g"
> ldap admin dn = cn=Manager,dc=sfgroup,dc=com
> ldap suffix = dc=sfgroup,dc=com
> ldap machine suffix = ou=People
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba