[Samba] Domain logins: 2 small issues
Rob Hall
rob at desynched.net
Wed May 17 12:50:57 GMT 2006
Hey gang,
I've managed to get samba servers working as PDCs/BDCs with LDAP backend
for replication. Working fine. Here's my problems:
1) A new machine will not join the domain on the first attempt. Apparently
samba creates the machine account but can't authenticate it. I have attempt
to join a second time for it to authenticate and succeed. This isn't that
big of a deal, and if I don't figure it out, I'm not in a major bind.
2) After a machine joins a domain, EVERYTHING in msconfig is gibberish.
Looking in the registry, every entry now has either a "C" or just "" for
it's entry. Also, the machines now pop up the system32 folder on login. This
is the one I *REALLY* need help with. My smb.conf is as follows:
------------------------------
[global]
netbios name = <SERVER NAME>
workgroup = <WORKGROUP>
server string = <SERVER NAME>
security = user
hosts allow = <IP ADDRESSES>
log file = /var/log/samba.%m
max log size = 50
log level = 1
passdb = ldapsam:ldap://127.0.0.1
socket options = TCP_NODELAY
interfaces = <IP ADDRESS/MASK>
local master = yes
os level = 64
domain master = yes
preferred master = auto
domain logins = yes
# LDAP authentication stuff:
ldap admin dn = cn=Manager,dc=<DOMAIN>,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=<DOMAIN>,dc=com
ldap user suffix = ou=Users
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000
logon script = logon.bat
logon path =
logon drive = H:
wins support = yes
wins proxy = no
dns proxy = no
# domain scripts
add user script = /usr/local/sbin/smbldap-useradd -a '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no
[shared]
comment = Shared Space
path = /usr/local/share/common
public = yes
writable = yes
printable = no
create mask = 777
------------------------------------------------------ end
smb.conf ----------------------------------------------------------------
Any help/suggestions is greatly appreciated.
Thanks!
--
Rob
More information about the samba
mailing list