[Samba] samba machines as PDC and member

harry forbess hforbess at gmail.com
Fri Jan 27 00:24:24 GMT 2006

I have set up samba to be a AD member and no other linux boxes.    It worked
I set up samba to be a PDS with no other linux boxes. It worked well.

Now, I need to make a samba client that works with the samba PDS. I can join
the domain.  winbind can list users and such. getent doesnt work.

I can see the authentication succeeding on the PDS but I cant access any
shares. smbclient -L DOMAIN shows all the shares.

I just cant seem to authenticate except as root.

I realize that this PDC is not AD so i dont need krb but I dont know what I
need to authenticate between the samba machines.  I thought this was going
to be easy.

Here is my PDC smb.conf

# PDC Samba Configuration File
# by Lorenzo Allori <lallori at medici.org>
# To be edited and then copied to /usr/local/samba/lib/smb.conf


        netbios name =  SERENITY
        workgroup = SERENITY
        log level = 2
        log file = /var/log/samba/sambapdc.log
        security = share
        ;invalid users = root
interfaces =
        security = user
        server string = %h server (Samba %v)
        syslog only = no

# Performance tuning
# Remember to increase or decrease by 1024 SO_SNBUF and SO_RCVBUF

        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNBUF=4096

# If you are accessing by multiple users to a single MSAccess File (*.mdb)
# Uncomment theese two lines about oplocks you have to disable them.
#       oplocks = False
#       level2oplocks = False

        encrypt passwords = yes

# NT Domain Section
        wins support = yes
        os level = 34
        domain master = yes
        local master = yes
        preferred master = yes
        domain logons = yes

        logon script = logon.bat
# Where the scripts resides.
        logon path = \\SERENITY\profiles\%u
# Where the profiles are
        logon home = \\SERENITY\home\samba\users\%u

        name resolve order = lmhosts host wins bcast
        dns proxy = no

        smb passwd file = /usr/local/samba/private/smbpasswd

# Uncomment this lines only if you know what you are doing.

#       unix password sync = yes
#       passwd program = /usr/bin/passwd %u
#       passwd chat = *Enter\snew\sUNIX\spassword:*\
#       %n\n *Retype\snew\sUNIX\spassword:* %n\n .

# How long do you want the samba log file to be?
        max log size = 2000

        time server = yes

        path = /home/samba/netlogon
        public = no
        writeable = no
        browsable = no
        read only = yes
        write list = administrator

create mode = 0600
directory mode = 0700
path = /home/samba/profiles
;profile acls = yes
read only = no
writable = yes
browseable = no

And this works fine with windows boxes. Roaming profiles and the whole bit.

here is my member smb.conf

workgroup = SERENITY
security = domain
password server = *
hosts allow = 192.168.1., 192.168.3., 127.
load printers = yes
printing = cups
printcap name = cups
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root, @"SERENITY\domain"
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = root
path = /shares
public = Yes
read only = no
browseable = Yes
valid users = @"SERENITY\users"
comment = Home Directories
read only = No
browseable = Yes
valid users = %D+%S
create mode = 0664

Is there someting I need to change to in nsswitch.conf or /etc/pam.d/samba.
Another way to authenticate?

I hope someone can point me in the right direction.

More information about the samba mailing list