[Samba] Domain logins: 2 small issues

Rob Hall rob at desynched.net
Wed May 17 12:50:57 GMT 2006

Hey gang,
    I've managed to get samba servers working as PDCs/BDCs with LDAP backend 
for replication. Working fine. Here's my problems:
1) A new machine will not join the domain on the first attempt. Apparently 
samba creates the machine account but can't authenticate it. I have attempt 
to join a second time for it to authenticate and succeed. This isn't that 
big of a deal, and if I don't figure it out, I'm not in a major bind.

2) After a machine joins a domain, EVERYTHING in msconfig is gibberish. 
Looking in the registry, every entry now has either a "C" or just "" for 
it's entry. Also, the machines now pop up the system32 folder on login. This 
is the one I *REALLY* need help with. My smb.conf is as follows:

netbios name = <SERVER NAME>
workgroup = <WORKGROUP>
server string = <SERVER NAME>
security = user
hosts allow = <IP ADDRESSES>
log file = /var/log/samba.%m
max log size = 50
log level = 1
passdb = ldapsam:ldap://
socket options = TCP_NODELAY
interfaces = <IP ADDRESS/MASK>
local master = yes
os level = 64
domain master = yes
preferred master = auto
domain logins = yes

# LDAP authentication stuff:
ldap admin dn = cn=Manager,dc=<DOMAIN>,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=<DOMAIN>,dc=com
ldap user suffix = ou=Users
idmap backend = ldap:ldap://
idmap uid = 10000-20000
idmap gid = 10000-20000

logon script = logon.bat
logon path =
logon drive = H:
wins support = yes
wins proxy = no
dns proxy = no

# domain scripts
  add user script = /usr/local/sbin/smbldap-useradd -a '%u'
  add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
  add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
  delete user script = /usr/local/sbin/smbldap-userdel '%u'
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' 
  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
  add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
  delete group script = /usr/local/sbin/smbldap-groupdel '%g'

#============================ Share Definitions 
   comment = Home Directories
   browseable = no
   writable = yes

# Un-comment the following and create the netlogon directory for Domain 
   comment = Network Logon Service
   path = /usr/local/samba/lib/netlogon
   guest ok = yes
   writable = no
   share modes = no

   comment = Shared Space
   path = /usr/local/share/common
   public = yes
   writable = yes
   printable = no
   create mask = 777

------------------------------------------------------ end 
smb.conf ----------------------------------------------------------------

Any help/suggestions is greatly appreciated.


More information about the samba mailing list