[Samba] Cannot Join Client to Domain

Jason Baker jbaker at glastender.com
Wed Mar 7 16:58:06 GMT 2007

I have a Samba PDC with LDAP running on a CentOs 4.4 machine. When I 
first had it all configured, everything worked fine, but now for some 
reason, login scripts will not run on the client (even though they have 
access to the shares the login script is trying to map) and I cannot 
join client machines to the domain automatically using the Windows XP 
Network Identification Wizard. When I try to join a workstation to the 
domain I get an error that tells me the "user name could not be found". 
If I add the machine manually through LDAP Account Manager, then I can 
join the machine to the domain. Also, when I join the machine and setup 
the user, their home directory is mapped correctly to the drive letter I 
selected (in this case U:) and the login script will appear on the 
desktop, but it errors out claiming that the username is not found and 
it prompts the user for their username and password, but if they enter 
it in, it won't authenticate them, yet they can browse the network 
shares and access them through network neighborhood as well as map 
shares to drive letters manually. Here is my conf file:

#============General Settings===========   	
	unix charset = LOCALE
 	workgroup = mydomain
	netbios name = myserver
	server string = Domain Controller running %v
	interfaces = eth1, lo
	bind interfaces only = yes
	os level = 35
#========Domain Settings================
	preferred master = yes
	local master = yes
	domain master = yes
	security = user
	time server = yes
	username map = /etc/samba/smbusers
	wins support = yes
	encrypt passwords = yes
	pam password change = yes	
	name resolve order = wins bcast hosts
	winbind nested groups = no
#	obey pam restrictions = yes
#	check password script = /usr/local/sbin/crackcheck -d /usr/lib/cracklib_dict
	passdb backend = ldapsam:ldap://
	ldap passwd sync = Yes
	ldap suffix = dc=mydomain,dc=com
	ldap admin dn = cn=Manager,dc=mydomain,dc=com
	ldap ssl = no
	ldap group suffix = ou=Groups
	ldap user suffix = ou=People
	ldap machine suffix = ou=People
	ldap idmap suffix = ou=Idmap
	idmap backend = ldap:ldap://
   	idmap uid = 10000-20000
  	idmap gid = 10000-20000
	map acl inherit = yes	
	add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
	#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
	add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
	add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
	#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
	add user to group script = /etc/smbldap-tools/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x "%u" "%g"
	set primary group script = /etc/smbldap-tools/smbldap-usermod -g "%g" "%u"
	domain logons = yes
	log file = /var/log/samba/log.%m
	log level = 1
	syslog = 0
	max log size = 50
	#smb ports = 139 445
	smb ports = 139
	hosts allow =
	# User profiles and home directories
	logon drive = U:
	logon path = \\%L\profiles\%U
	logon script = %U.bat

   template shell = /bin/false
   winbind use default domain = no

	comment = Home Directories
	browseable = no
	read only = no
	write list = %U
	create mask = 0600
	directory mask = 0700
	force user = %U

	comment = Profile Share
	path = /var/lib/samba/profiles
	writeable = yes
	browseable = no
	profile acls = yes

	path = /var/lib/samba/netlogon
	guest ok = yes
	locking = no


*Jason Baker
*/IT Coordinator/

*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>

Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- 
r+++ y+++

More information about the samba mailing list