[Samba] security = ads: problem join XP Pro?

Etienne-Hugues Fortin efortin at fs01.cyberspicace.com
Wed Jun 9 19:37:09 GMT 2004

Hi Paul,

It's the second option that I'm having.  I'm pretty sure security = user
will fix the problem.  Is it me or in previous version of samba, security
= user was for workgroup only?

Below is my smb.conf.  Note that I've changed the security to reflect what
you suggested but it was exactly the same before except for the security =
ads that was there.

It's has now became a very long file based on the various documents that I
read, trying to figure what was my problem.  However, now that I made a
lot of cleanup in the file and regrouped the settings by section, I think
it make sense.

Thank you for your time.


;unix charset = LOCALE
workgroup = cyberspicace
netbios name = fs01
server string = fs01
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
wins support = yes

;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
domain logons = yes

;security and logging settings
security = user
encrypt passwords = yes
unix password sync = yes
passdb backend = ldapsam:ldap://fs01.cyberspicace.com
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445

;security - interface
interfaces = eth0 lo 127/8
bind interfaces only = yes

name resolve order = wins bcast hosts
time server = yes
printcap name = CUPS
printing = cups
show add printer wizard = yes

;various scripts
passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u'
delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:

admin users = "@Domain Admins"
printer admin = "@Domain Admins"

;ldap backend
ldap suffix = dc=cyberspicace,dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=cyberspicace,dc=com
idmap backend = ldap:ldap://fs01.cyberspicace.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = Yes

include = /etc/samba/shares.conf

> Are you running any windows servers in your setup or just one samba box
> and the clients?
> Assuming the latter, which sounds like you unless I'm badly mis-reading
> you here, you don't *need* any special DNS entries to make things work.
> Perhaps you could attach your smb.conf file?  It sounds like your
> security parameter is way out of whack, which could be causing your
> issues.
> security = domain
>   is for when you have a functioning NT network to add this machine to
> that holds your login info.  I've successfully added a 3.0 machine to a
> 2.2.x network and then not had to do any passdb setup on it.
> security = ads
>   is for configuring authentication against an existing 2000 (/2003?) AD
> network, which you haven't mentioned here.
> You probably want (from TOSHaRG):
> preferred master = yes
> domain master = yes
> local master = yes
> security = user
> domain logons = yes

More information about the samba mailing list