[Samba] Re: Cannot join SAMBA domain from XP/2K
Igor Belyi
sambauser at katehok.ac93.org
Sat Sep 18 03:54:56 GMT 2004
Paul Gienger wrote:
> Igor Belyi wrote:
>> In short, it is borken and you'll need to have both machine and user
>> accounts in the same location in LDAP for now.
>>
>> I'll try to look in the code but I promise nothing. :o)
>
> It's not so much broken as it is designed for a particular purpose and
> limited by that decision. There is a bug filed against it that explains
> most of the reasoning but I can't remember the number. To paraphrase
> (and probably mangle) the intent... they decided to require machine
> accounts to be 'users' because that is what you have to do to assign
> rights to a machine, which is a perfectly logical operation under the
> windows system.
The bug is #1292. I don't quite understand Gerald's remard regarding
nss_ldap since Samba uses its own library to access LDAP for account
information.
On related note - somehow it works for me. I've updated my config files
to separate locations for machine accounts into ou=Computers,dc=xxxxx
and users into ou=People,dc=xxxxx, My WinXP was added to domain without
a problem and users can login into it without a problem. I do remember
that it didn't work before...
In smbldap_conf.pm I have:
$suffix = "dc=xxxxx"
$usersou = q(People);
$usersdn = "ou=$usersou,$suffix";
$computersou = q(Computers);
$computersdn = "ou=$computersou,$suffix";
In smb.conf:
domain logons = yes
security = USER
encrypt passwords = true
preferred master = yes
domain master = yes
passdb backend = ldapsam
ldap suffix = dc=xxxxx
ldap user suffix = ou=People
ldap group suffix = ou=Group
Alexei, if you still want to pursue this problem can you post your
smb.conf and samba log related to the problem with "log level" set to 2
or more?
Igor
More information about the samba
mailing list