[Samba] problems xp joining samba pdc
Cybionet
cybionet at videotron.ca
Tue Sep 19 23:27:24 GMT 2006
Don't use the 'Sign or Seal' registry modification. Samba 3.x work
perfectly without this modification (This modification can be useful for
Samba 2.x). The problem is surely than your machine account don't exist
or you don't enter the good admin password. Try to add this account
manually without the scripts with smbpasswd and with ldapadd. Try to use
phpDLAPAdmin to create user and machine account for samba3+ldap.
I suggest you, on the global section, to revove all these lines
client plaintext auth = Yes
client lanman auth = Yes
lanman auth = No
ntlm auth = Yes
password level = 0
#admin users = manager, root, mikee, jrc, bdhein
admin users =
usershare allow guests = yes
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes
allow trusted domains = Yes
And on the netlogon section change
writable = Yes
for
writable = No or read only = yes
Trust me you don't want people write in this share. :-)
Robert
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/18/2006 09:23 AM, Mike escreveu:
>
>> Morning,
>>
>> I have three machines, two xp and one win2k, that join the
>> samba pdc fine. I have tried to join others to this same
>> samba pdc using the same accounts for authentication without
>> success. The xp machine first says the user does not exist,
>> I click ok and go back to the screen for the domain account
>> authorized to join the domain and press ok (or next) again
>> and this time the xp box says the user already exists.
>>
>> I think something is having an issue with the machine$
>> accounts in ldap. I added a '-t 5' in smb.conf to the
>> smbadd-useradd command for adding a machine. I could
>> tell a longer time before the first messages (missing user)
>> is returned, but I still have the same final situation with
>> the xp box not being a part of the samba pdc.
>>
>
> Any chances that the "Sign or Seal" problem still exists?
>
>
>
>> Any ideas?
>> Mike
>>
>
> [...]
>
>> ------------------------------------ /etc/samba/smb.conf
>>
>> # Samba config file created using SWAT
>> # from 10.1.2.43 (10.1.2.43)
>> # Date: 2006/08/03 15:11:35
>>
>> [global]
>> security = USER
>> client plaintext auth = Yes
>> client lanman auth = Yes
>> encrypt passwords = Yes
>> lanman auth = No
>> ntlm auth = Yes
>> password level = 0
>> guest account = nobody
>> #admin users = manager, root, mikee, jrc, bdhein
>> admin users =
>> hosts allow = 10.1.2., 10.1.3.
>> cups options = raw
>> wins support = yes
>> usershare allow guests = yes
>>
>> workgroup = PWI
>> netbios aliases = loghost, mailhost, backuphost, ldaphost
>> server string = Samba Server (%h)
>> logon drive = P:
>> logon home = \\%N\%U
>> logon path = \\%N\%U\profile
>> logon script = /etc/samba/login.bat
>> ldap suffix = dc=company,dc=com
>> ldap admin dn = cn=manager,dc=company,dc=com
>> ldap user suffix = ou=people
>> ldap group suffix = ou=groups
>> ldap machine suffix = ou=machines
>> ldap ssl = off
>> ldapsam:trusted = Yes
>> ldap timeout = 15
>> utmp directory = /var/run
>> wtmp directory = /var/log
>> utmp = Yes
>>
>> password server = ldaphost.company.com
>> passdb backend = ldapsam:ldap://ldaphost.company.com
>> ldap passwd sync = Yes
>> #unix password sync = Yes
>> #passwd program = /usr/sbin/smbldap-passwd %u
>> #passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new password*" %n\n"
>> #passwd chat debug = Yes
>>
>> os level = 66
>> preferred master = Yes
>> local master = Yes
>> domain master = Yes
>> domain logons = Yes
>> allow trusted domains = Yes
>> dns proxy = No
>>
>> # log level = 255
>> # log level = 4
>> # log level = 3 ldap:10 passdb:10 auth:10 winbind:10
>> log level = 3
>> log file = /var/log/samba/%m.log
>> max log size = 500
>>
>> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
>>
>> #add user script = /usr/sbin/smbldap-useradd -m '%u'
>> add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u -C "\\\\%h\\%u" -D 'H:' -M "%u at company.com" %u
>> delete user script = /usr/sbin/smbldap-userdel %u
>> add group script = /usr/sbin/smbldap-groupadd -p '%g'
>> delete group script = /usr/sbin/smbldap-groupdel '%g'
>> add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
>> delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
>> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>> #add machine script = /usr/sbin/smbldap-useradd -w '%u'
>> #add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c "%u machine account" -d /dev/null %u
>> add machine script = /usr/sbin/smbldap-useradd -w -i '%u' -t 5
>>
>> [netlogon]
>> path = /etc/samba/netlogon
>> browseable = No
>> writable = Yes
>>
>> [homes]
>> comment = Home Directories
>> read only = No
>> guest ok = No
>> browseable = No
>>
>> [printers]
>> comment = All Printers
>> path = /usr/spool/samba
>> printable = Yes
>> browseable = No
>>
>> [company]
>> comment = Company Corporate Files
>> path = /opt/company
>> create mask = 0765
>> browseable = Yes
>> printable = No
>>
>> [Backups]
>> comment = Backup files are stored here
>> path = /opt/backups
>> browseable = Yes
>> printable = No
>>
>> [Data]
>> comment = Storage for support and other data.
>> path = /opt/data
>> browseable = Yes
>> printable = No
>>
>> [Cygwin]
>> comment = Company Cygwin Repositiory
>> path = /opt/cygwin
>> browseable = Yes
>> printable = No
>> guest ok = Yes
>> guest only = No
>> writeable = No
>> read only = Yes
>> ------------------------------------ /etc/samba/smb.conf
>>
>>
>
> - --
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFFD+6JCj65ZxU4gPQRAtFGAJ41tQuXbHjubugQ8f4p/U30A7l+dQCgwo8W
> hCqQWgEaJ/puJ/9qFje2T0k=
> =YM5+
> -----END PGP SIGNATURE-----
>
More information about the samba
mailing list