[Samba] problems xp joining samba pdc
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Tue Sep 19 13:30:07 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok, now let's try to first answer the mail and then send it. :)
On 09/18/2006 09:23 AM, Mike escreveu:
> Morning,
>
> I have three machines, two xp and one win2k, that join the
> samba pdc fine. I have tried to join others to this same
> samba pdc using the same accounts for authentication without
> success. The xp machine first says the user does not exist,
> I click ok and go back to the screen for the domain account
> authorized to join the domain and press ok (or next) again
> and this time the xp box says the user already exists.
>
> I think something is having an issue with the machine$
> accounts in ldap. I added a '-t 5' in smb.conf to the
> smbadd-useradd command for adding a machine. I could
> tell a longer time before the first messages (missing user)
> is returned, but I still have the same final situation with
> the xp box not being a part of the samba pdc.
Any chances that the "Sign or Seal" problem still exists?
> Any ideas?
> Mike
[...]
> ------------------------------------ /etc/samba/smb.conf
>
> # Samba config file created using SWAT
> # from 10.1.2.43 (10.1.2.43)
> # Date: 2006/08/03 15:11:35
>
> [global]
> security = USER
> client plaintext auth = Yes
> client lanman auth = Yes
> encrypt passwords = Yes
> lanman auth = No
> ntlm auth = Yes
> password level = 0
> guest account = nobody
> #admin users = manager, root, mikee, jrc, bdhein
> admin users =
> hosts allow = 10.1.2., 10.1.3.
> cups options = raw
> wins support = yes
> usershare allow guests = yes
[...]
> password server = ldaphost.company.com
> passdb backend = ldapsam:ldap://ldaphost.company.com
Hmmm, you should not use password server option when
you are in 'security = user' mode. Even if it is the same
server, you should not set this option unless you want to use
another password server in 'security = domain|ads|server'.
> ldap passwd sync = Yes
> #unix password sync = Yes
> #passwd program = /usr/sbin/smbldap-passwd %u
> #passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n"
> #passwd chat debug = Yes
>
> os level = 66
> preferred master = Yes
> local master = Yes
> domain master = Yes
> domain logons = Yes
> allow trusted domains = Yes
> dns proxy = No
>
> # log level = 255
> # log level = 4
> # log level = 3 ldap:10 passdb:10 auth:10 winbind:10
> log level = 3
> log file = /var/log/samba/%m.log
> max log size = 500
>
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
>
> #add user script = /usr/sbin/smbldap-useradd -m '%u'
> add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D 'H:' -M "%u at company.com" %u
> delete user script = /usr/sbin/smbldap-userdel %u
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> #add machine script = /usr/sbin/smbldap-useradd -w '%u'
> #add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
> add machine script = /usr/sbin/smbldap-useradd -w -i '%u' -t 5
Do you really need -i?
-i Creates an interdomain trust account (machine
Workstation). A password will be asked for the
trust account.
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFD/DfCj65ZxU4gPQRAk5OAKDJ92myNvM77XuSBa4A0ppxUCSvXwCgnG3Y
vz4jEctYTqNlMEWSMwCHN+8=
=p+A+
-----END PGP SIGNATURE-----
More information about the samba
mailing list