[Samba] Trying to write a PDC HOWTO - Samba 3.0.1/LDAP

Jim C. jcllings at javahop.com
Sat Jan 17 02:07:29 GMT 2004

Hash: SHA1

Hi.  I'm trying to write a HOWTO for Samba 3.0.1 with an LDAP (new
schema) backend. Basically just how to get a PDC up and useful.  Here is
the background info:

1. Samba 3.0.1, Mandrake 9.1, openldap-2.0.27-5.3mdk, clients are XP Pro
and either Mandrake 9.1 or 9.2.

2. System will do Single Sign-on auth for both Linux and Windows XP.

Where I am at:
I've used the migration scripts in /usr/share/openldap/migration to
create the base for the posix side.  I've also used the IDEALX scripts
to build the Windows system accounts.  I can see these on the Linux
server box when I use 'getent passwd', 'getent group', etc.

Problems: When on an XP client I get "Access denied" when trying to add
that machine to the domain. Also, when I browse to the server using "My
Network Places" on an XP cleint I am never prompted for a password.
Global access is apparently granted to anyone. Clues anyone?  I've not
found any recognizable errors in the logs (/var/log/messages,
/var/log/ldap/ldap.log and /var/log/samba/(machinesaDNSname).log)

Additional debug info follows:

[root at enigma samba]# testparm3 | more
Load smb config files from /etc/samba3/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[pdf-generator]"
Processing section "[public]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
~        workgroup = TESTDOM
~        server string = Samba Server %v
~        map to guest = Bad User
~        passdb backend = ldapsam:ldap://, smbpasswd
~        username map = /etc/samba3/smbusers
~        log level = 10
~        log file = /var/log/samba3/log.%m
~        max log size = 50
~        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
~        printcap name = cups
~        add user script = /usr/share/samba3/scripts/smbldap-useradd.pl '%u'
~        delete user script =
/usr/share/samba3/scripts/smbldap-userdel.pl '%u'
~        add group script = /usr/share/samba3/scripts/smbldap-groupadd.pl
'%g' && /usr/share/samba3/scripts/smbldap-groupshow.pl %g|awk
'/^gidNumber:/ {print $2}'
~        delete group script =
/usr/share/samba3/scripts/smbldap-userdel.pl '%g'
~        add user to group script =
/usr/share/samba3/scripts/smbldap-groupmod.pl -m '%u' '%g'
~        delete user from group script =
/usr/share/samba3/scripts/smbldap-groupmod.pl -x '%u' '%g'
~        set primary group script =
/usr/share/samba3/scripts/smbldap-usermod.pl -g '%g' '%u'
~        add machine script =
/usr/share/samba3/scripts/smbldap-useradd.pl -w -d /dev/null -g machines
- -c 'Machine Account' -s /bin/false %u
~        domain logons = Yes
~        os level = 65
~        preferred master = Yes
~        domain master = Yes
~        dns proxy = No
~        ldap suffix = dc=testdom,dc=net
~        ldap machine suffix = ou=Computers
~        ldap user suffix = ou=People
~        ldap group suffix = ou=Group
~        ldap idmap suffix = ou=Idmap
~        ldap admin dn = cn=root,dc=testdom,dc=net
~        ldap ssl = no
~        idmap backend = ldap:ldap://localhost
~        idmap uid = 10000-20000
~        idmap gid = 10000-20000
~        printing = cups

~        comment = Home Directories
~        read only = No
~        browseable = No

~        comment = Network Logon Service
~        path = /var/lib/samba3/netlogon
~        guest ok = Yes


- --

- -----------------------------------------------------------------
| I can be reached on the following messenger services:		|
| MSN: j_c_llings at hotmail.com  AIM: WyteLi0n  ICQ: 123291844 	|
| Y!: j_c_llings               Jabber: jcllings at nureality.com	|
- -----------------------------------------------------------------
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list