[Samba] security = ads: problem join XP Pro?
pgienger at ae-solutions.com
Wed Jun 9 19:51:24 GMT 2004
Where are you getting with adding the machines? You should get a posix
user added with machinename$ for the uid, then that user will be
modified to include the sambaSamAccount data.
I would suggest these for 'official' resources:
there are a couple of comments below:
>;unix charset = LOCALE
>workgroup = cyberspicace
>netbios name = fs01
>server string = fs01
>socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
>wins support = yes
>;PDC and master browser settings
>os level = 64
>preferred master = yes
>local master = yes
>domain master = yes
>domain logons = yes
>;security and logging settings
>security = user
>encrypt passwords = yes
>unix password sync = yes
>passdb backend = ldapsam:ldap://fs01.cyberspicace.com
>username map = /etc/samba/smbusers
>log level = 1
>syslog = 0
>log file = /var/log/samba/%m
>max log size = 50
>smb ports = 139 445
>;security - interface
>interfaces = eth0 192.168.1.0/24 lo 127/8
>bind interfaces only = yes
not necessarily related to your problem, but you could probably do away
with these if you're on a protected LAN. Lets try to not be any more
restrictive than we have to, at least not while testing.
>name resolve order = wins bcast hosts
>time server = yes
>printcap name = CUPS
>printing = cups
>show add printer wizard = yes
>passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u
>passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
>add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
>delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
>add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
>delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g
>add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u'
>delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x
>set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g'
>add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
You didn't mention, did you configure the smbldap-tools package? I
would assume that you did, but covering all the bases here.
>logon script = scripts\logon.bat
>logon path = \\%L\profiles\%U
>logon drive = X:
>admin users = "@Domain Admins"
>printer admin = "@Domain Admins"
>ldap suffix = dc=cyberspicace,dc=com
>ldap machine suffix = ou=People
>ldap user suffix = ou=People
>ldap group suffix = ou=Groups
>ldap idmap suffix = ou=Idmap
>ldap admin dn = cn=Manager,dc=cyberspicace,dc=com
Did you store the password for the admin dn with smbpasswd -w ...
>idmap backend = ldap:ldap://fs01.cyberspicace.com
>idmap uid = 10000-20000
>idmap gid = 10000-20000
Don't need these unless you're using winbind.
>map acl inherit = Yes
>include = /etc/samba/shares.conf
>>Are you running any windows servers in your setup or just one samba box
>>and the clients?
>>Assuming the latter, which sounds like you unless I'm badly mis-reading
>>you here, you don't *need* any special DNS entries to make things work.
>>Perhaps you could attach your smb.conf file? It sounds like your
>>security parameter is way out of whack, which could be causing your
>>security = domain
>> is for when you have a functioning NT network to add this machine to
>>that holds your login info. I've successfully added a 3.0 machine to a
>>2.2.x network and then not had to do any passdb setup on it.
>>security = ads
>> is for configuring authentication against an existing 2000 (/2003?) AD
>>network, which you haven't mentioned here.
>>You probably want (from TOSHaRG):
>>preferred master = yes
>>domain master = yes
>>local master = yes
>>security = user
>>domain logons = yes
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba