[Samba] Domain logins: 2 small issues

Rob Hall rob at desynched.net
Tue May 23 18:52:44 GMT 2006


----- Original Message ----- 
From: "Rob Hall" <rob at desynched.net>
To: <samba at lists.samba.org>
Sent: Wednesday, May 17, 2006 8:50 AM
Subject: [Samba] Domain logins: 2 small issues


> Hey gang,
>    I've managed to get samba servers working as PDCs/BDCs with LDAP 
> backend for replication. Working fine. Here's my problems:
> 1) A new machine will not join the domain on the first attempt. Apparently 
> samba creates the machine account but can't authenticate it. I have 
> attempt to join a second time for it to authenticate and succeed. This 
> isn't that big of a deal, and if I don't figure it out, I'm not in a major 
> bind.
>
> 2) After a machine joins a domain, EVERYTHING in msconfig is gibberish. 
> Looking in the registry, every entry now has either a "C" or just "" for 
> it's entry. Also, the machines now pop up the system32 folder on login. 
> This is the one I *REALLY* need help with. My smb.conf is as follows:
>
> ------------------------------
> [global]
> netbios name = <SERVER NAME>
> workgroup = <WORKGROUP>
> server string = <SERVER NAME>
> security = user
> hosts allow = <IP ADDRESSES>
> log file = /var/log/samba.%m
> max log size = 50
> log level = 1
> passdb = ldapsam:ldap://127.0.0.1
> socket options = TCP_NODELAY
> interfaces = <IP ADDRESS/MASK>
> local master = yes
> os level = 64
> domain master = yes
> preferred master = auto
> domain logins = yes
>
> # LDAP authentication stuff:
> ldap admin dn = cn=Manager,dc=<DOMAIN>,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = Yes
> ldap suffix = dc=<DOMAIN>,dc=com
> ldap user suffix = ou=Users
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> logon script = logon.bat
> logon path =
> logon drive = H:
> wins support = yes
> wins proxy = no
> dns proxy = no
>
> # domain scripts
>  add user script = /usr/local/sbin/smbldap-useradd -a '%u'
>  add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
>  add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
>  delete user script = /usr/local/sbin/smbldap-userdel '%u'
>  delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' 
> '%g'
>  set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
>  add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
>  delete group script = /usr/local/sbin/smbldap-groupdel '%g'
>
> #============================ Share Definitions 
> ==============================
> [homes]
>   comment = Home Directories
>   browseable = no
>   writable = yes
>
> # Un-comment the following and create the netlogon directory for Domain 
> Logons
> [netlogon]
>   comment = Network Logon Service
>   path = /usr/local/samba/lib/netlogon
>   guest ok = yes
>   writable = no
>   share modes = no
>
> [shared]
>   comment = Shared Space
>   path = /usr/local/share/common
>   public = yes
>   writable = yes
>   printable = no
>   create mask = 777
>
> ------------------------------------------------------ end 
> smb.conf ----------------------------------------------------------------
>
> Any help/suggestions is greatly appreciated.
>
> Thanks!
> --
> Rob

Nobody has any suggestions?
--
Rob 



More information about the samba mailing list