[Samba] Samba + LDAP Windows Join Domain

James Taylor jtaylor at laszlosystems.com
Wed Feb 15 22:38:05 GMT 2006


Hello all,

 

I have been working on this issue for some time and I know I am close to a
solution.  

 

I am currently running samba 3.0.13.  I have set the samba server up as a
NT4 Domain controller and I have also integrated my LDAP configuration with
samba.  When I try to join the samba domain from any Windows 2000 or Windows
XP machine I get the error message "The user could not be found".  My
smbldap-tools scripts are working in the sense that the Machine Add script
is adding the machinename$ domain account.  I have read several different
Samba Windows Join Domain documents and have tried different variations of
my config's to see if I can resolve this issue.

 

I know my Samba LDAP configuration is good as I am able to authenticate to
SMB file shares on the samba server with groups mapped to my LDAP database.
I am also seeing successful LDAP binds as well in the logs.  

 

Any pointers on things I may be able to try would be great.  

 

Configs as follows:

# Global parameters

[global]

        workgroup = MYDOMAIN

        realm = MYDOMAIN.COM

        server string = Samba Server %v

        interfaces = 192.168.0.8/16

        min password length = 3

        map to guest = Bad User

        passdb backend = ldapsam:ldap://myldapsvr/

        enable privileges = Yes

        passwd program = /usr/sbin/smbldap-passwd

        username map = /etc/samba/smbusers

        client NTLMv2 auth = No

        client lanman auth = No

        client plaintext auth = No

        syslog = 7

        log file = /var/log/samba/log.%m

        max log size = 100000

        smb ports = 135 445

        min protocol = NT1

        time server = Yes

        deadtime = 10

        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        add user script = /usr/sbin/smbldap-useradd -m '%u'

        delete user script = /usr/sbin/smbldap-userdel '%u'

        add group script = /usr/sbin/smbldap-groupadd -p '%g' &&
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'

        delete group script = /usr/sbin/smbldap-groupdel '%g'

        add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'

        delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'

        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

        add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c
'Machine Account' -s /bin/false '%u'

        logon script = logon.bat

        logon path =

        logon drive = H:

        logon home =

        domain logons = Yes

        os level = 65

        preferred master = Yes

        domain master = Yes

        dns proxy = No

        wins support = Yes

        ldap admin dn = cn=Manager,dc=mydomain,dc=com

        ldap delete dn = Yes

        ldap group suffix = ou=Groups

        ldap idmap suffix = ou=Users

        ldap machine suffix = ou=Computers

        ldap passwd sync = Yes

        ldap suffix = dc=mydomain,dc=com

        ldap ssl = no

        ldap user suffix = ou=Users

        printer admin = @adm, root

        create mask = 0755

        directory mask = 0750

        hosts allow = 192.168., 127.

        nt acl support = No

        case sensitive = No

        dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

 

[printers]

        comment = All Printers

        path = /var/spool/samba

        create mask = 0700

        guest ok = Yes

        printable = Yes

        browseable = No

 

[print$]

        path = /var/lib/samba/printers

        write list = @adm, root

        inherit permissions = Yes

        guest ok = Yes

 

[admin]

        path = /

        valid users = @adm, root, jtaylor

        admin users = @adm, root, jtaylor

        read only = No

        browseable = No

 

Thank you all

 

James Taylor



More information about the samba mailing list