[Samba] Re: ACCESS DENIED when trying to log into domain
Markus Benkovski
markus.benkovski at webermfg.ca
Wed Jul 7 12:30:01 GMT 2004
For a successful samba3.x domain controller you need to make sure of a few
things.
your nt to unix group map
ip and hostname in host file
proper scripts in smb.conf
proper user map in smbusers (if necessary for your purpose)
here is an example of my smb.conf and of course sub "MY-DOMAIN" for yours
----------------------------------------------------------------------------
---------------------
# Global parameters
[global]
workgroup = MY-DOMAIN
realm = MY-DOMAIN
server string = Linux
security = DOMAIN
map to guest = Bad Password
passwd program = /etc/samba/smbpasswd
unix password sync = Yes
passwd chat = *old password* %o\n *new password* %n\n *new password*
%n\n *changed*
passwd chat debug = false
max log size = 50
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd %u
delete user script = /usr/sbin/userdle %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
delete user from group script = /usr/sbin/deluser %u %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
logon script = %G.bat
logon path =
domain logons = Yes
os level = 65
lm announce = Yes
preferred master = Yes
domain master = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = your_admin_accounts
printer admin = your_admin_accounts
[NETLOGON]
comment = NETLOGON SHARE
path = /home/samba/NETLOGON
----------------------------------------------------------------------------
---------------------------
Markus Benkovszki
ALSO make sure your usr group mapping is bang on I've had some major issues
arrise with bad mappings.
Hope this helps.
-----Original Message-----
From: Michael Lueck [mailto:mlueck at lueckdatasystems.com]
Sent: Tuesday, July 06, 2004 9:58 PM
To: samba at lists.samba.org
Subject: [Samba] Re: ACCESS DENIED when trying to log into domain
Ken Miller wrote:
> However, when I try
> and connect to the domain, I get an 'Access Denied' message after
> entering my userid and password.
What client OS? If NT/2K/XPPro have you joined it to the domain
successfully?
You need a user ID on the Samba box set up as a Domain Admin to use to join
these OS's to your domain.
I assume you are using a smbpasswd back end, you did add the user ID to that
database?
Some of the text within my ramblings to this list on net groupmap apply to
the topic of creating a domain admin account. You might read through the
small office example URL on the Samba web site I
posted in that thread as well. Sounds like what you are up to is what that
describes.
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list