[Samba] Domain logins: 2 small issues
Rob Hall
rob at desynched.net
Tue May 23 18:52:44 GMT 2006
----- Original Message -----
From: "Rob Hall" <rob at desynched.net>
To: <samba at lists.samba.org>
Sent: Wednesday, May 17, 2006 8:50 AM
Subject: [Samba] Domain logins: 2 small issues
> Hey gang,
> I've managed to get samba servers working as PDCs/BDCs with LDAP
> backend for replication. Working fine. Here's my problems:
> 1) A new machine will not join the domain on the first attempt. Apparently
> samba creates the machine account but can't authenticate it. I have
> attempt to join a second time for it to authenticate and succeed. This
> isn't that big of a deal, and if I don't figure it out, I'm not in a major
> bind.
>
> 2) After a machine joins a domain, EVERYTHING in msconfig is gibberish.
> Looking in the registry, every entry now has either a "C" or just "" for
> it's entry. Also, the machines now pop up the system32 folder on login.
> This is the one I *REALLY* need help with. My smb.conf is as follows:
>
> ------------------------------
> [global]
> netbios name = <SERVER NAME>
> workgroup = <WORKGROUP>
> server string = <SERVER NAME>
> security = user
> hosts allow = <IP ADDRESSES>
> log file = /var/log/samba.%m
> max log size = 50
> log level = 1
> passdb = ldapsam:ldap://127.0.0.1
> socket options = TCP_NODELAY
> interfaces = <IP ADDRESS/MASK>
> local master = yes
> os level = 64
> domain master = yes
> preferred master = auto
> domain logins = yes
>
> # LDAP authentication stuff:
> ldap admin dn = cn=Manager,dc=<DOMAIN>,dc=com
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = Yes
> ldap suffix = dc=<DOMAIN>,dc=com
> ldap user suffix = ou=Users
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> logon script = logon.bat
> logon path =
> logon drive = H:
> wins support = yes
> wins proxy = no
> dns proxy = no
>
> # domain scripts
> add user script = /usr/local/sbin/smbldap-useradd -a '%u'
> add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
> add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
> delete user script = /usr/local/sbin/smbldap-userdel '%u'
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
> delete group script = /usr/local/sbin/smbldap-groupdel '%g'
>
> #============================ Share Definitions
> ==============================
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
> comment = Network Logon Service
> path = /usr/local/samba/lib/netlogon
> guest ok = yes
> writable = no
> share modes = no
>
> [shared]
> comment = Shared Space
> path = /usr/local/share/common
> public = yes
> writable = yes
> printable = no
> create mask = 777
>
> ------------------------------------------------------ end
> smb.conf ----------------------------------------------------------------
>
> Any help/suggestions is greatly appreciated.
>
> Thanks!
> --
> Rob
Nobody has any suggestions?
--
Rob
More information about the samba
mailing list