[Samba] Can't login to domain from Windows 2K clients
David Lynum
dlynum at youthuprising.org
Thu May 17 21:38:42 GMT 2007
Sorry,
My goof. I pasted the smb.conf from the wrong server. The samba server
that the win2k clients need to login to isn't the pdc. That's why it's
not the domain master. Here's the smb.conf for the correct server.
This server is also our ldap server.
Thanks
#Global parameters
[global]
workgroup = YOUTHUPRISING
netbios name = AUTH1
server string = Youth Uprising %h
passdb backend = ldapsam:ldap://auth1.inside.youthuprising.org
# passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam
# enable privileges = Yes
# pam password change = No
# passwd chat debug = Yes
# unix password sync = Yes
ldap passwd sync = Yes
# passwd program = /var/lib/samba/sbin/smbldap-quickpass.pl "%u" "%n"
# passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -u %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n *
# passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n
*Password*changed*
username map = /etc/samba/smbusers
encrypt passwords = true
# unix password sync = Yes
# unix password sync = No
log level = 5
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -m "%u"
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl "%u"
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p "%g"
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl "%g"
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl
-m "%u" "%g"
delete user from group script =
/var/lib/samba/sbin/smbldap-groupmod.pl -x "%u" "%g"
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g
"%g" "%u"
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w "%u"
# shutdown script = /var/lib/samba/scripts/shutdown.sh
# abort shutdown script = /sbin/shutdown -c
logon script = scripts\logon.bat
logon path = \\file\profiles\%U
logon drive = X:
domain logons = Yes
os level = 80
preferred master = Yes
local master = Yes
domain master = Yes
wins support = No
utmp = Yes
winbind use default domain = yes
map acl inherit = Yes
printing = cups
lpq command = %p
printer admin = root
admin users = root
guest account = guest
veto files = /*.eml/*.nws/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
ldap suffix = dc=inside,dc=youthuprising,dc=org
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=inside,dc=youthuprising,dc=org
# ldap port = 389
# ldap server = auth0.youthuprising.org
ldap ssl = off
ldap delete dn = Yes
idmap backend = ldap:ldap://auth1.inside.youthuprising.org
idmap uid = 10000-20000
idmap gid = 10000-20000
security = user
template shell = /bin/false
Ray Klassen wrote:
> David Lynum wrote:
>> List,
>>
>> I'm running Samba 3.01012 on Fedora Core 2. A consultant setup the
>> linux servers, including the one running samba. The problem is that
>> recently some w2k users, but not all, can no longer login to our
>> domain. They were able to login just fine before, but now can't.
>> Yes, they were already joined to the domain. No changes were made to
>> their user accounts. The error message that comes from the Windows
>> login screen is "The system is unable to login you in because the
>> domain "joeblow" is not available". One of the reasons that this is
>> a major problem is because our user use roaming profiles. What I've
>> done as a work around is to create a local windows account for the
>> users. I then run "\\servername\share" from run and they're able to
>> mount the folders they need from the server running samba. So yes,
>> the shares are still working. We also are running ldap servers. It
>> appears as though one of the ldap servers is the pdc? An additional
>> problem is that when I goto My Network Places -> Entire Network ->
>> double click on Microsoft Windows Network, I can see the domain name
>> for the workgroup. But when I double click on it I receive the error
>> message "YouthUpRising is not accessible. The network path was not
>> found." Also there are some w2k computers that are still a part of
>> the "workgroup" workgroup. I used to be able to see both the
>> youthuprising domain and the "workgroup" workgroup when I went into
>> my network places. But now I can no longer see the "workgroup"
>> workgroup.
>>
>> I hope that my explanation is clear, at least clear than mud. I need
>> help on this asap. The problem doesn't seem to be growing, but I
>> need it resolved quickly.
>>
>> Thanks
>>
>>
>> Here's a copy of a port of smb.conf.
>> # Global parameters
>> [global]
>> workgroup = YOUTHUPRISING
>> server string = Youth Uprising %h
>>
>> passdb backend = ldapsam:ldap://auth1.inside.youthuprising.org
>> username map = /etc/samba/smbusers
>> log level = 1
>> syslog = 0
>> log file = /var/log/samba/%m
>> max log size = 50
>> smb ports = 139 445
>> name resolve order = wins bcast hosts
>> printcap name = CUPS
>> show add printer wizard = No
>> logon script = scripts\logon.bat
>> logon path = \\file\profiles\%U
>> logon drive = X:
>> domain logons = No
>> domain master = No
>> # wins server = xx.xx.xx.xx
>> ldap suffix = dc=inside,dc=youthuprising,dc=org
>> ldap machine suffix = ou=People
>> ldap user suffix = ou=People
>> ldap group suffix = ou=Groups
>> ldap idmap suffix = ou=Idmap
>> ldap admin dn = cn=Manager,dc=inside,dc=youthuprising,dc=org
>> # ldap port = 389
>> # ldap server = auth0.youthuprising.org
>> utmp = Yes
>> idmap backend = ldap:ldap://auth1.inside.youthuprising.org
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> printing = cups
>> printer admin = Administrator, root
>> security = user
>>
>
>
> Just a thought. you might try enabling wins support = yes and pointing
> your windows boxes at your server as the wins server.
>
>
More information about the samba
mailing list