[Samba] samba windows domain controller
Mike Brady
mike.brady at devnull.net.nz
Tue Apr 29 18:32:57 GMT 2008
The add user script is only for adding users, not machines and it
shouldn't call smbpassword. The script only needs to handle the OS task
of adding the user. Samba will add the Samba stuff itself.
To add machines you want an "add machines script" specified.
Depending on what you are trying to do you can also have other scripts
specified. A full set for a Linux box could be:
add user script = /usr/sbin/useradd "%u" -n -g domusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
add share command = /usr/local/samba/modify_samba_config.py
delete share command = /usr/local/samba/modify_samba_config.py
On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote:
> Hi
>
> I want windows machines to automatically be added into samba when they
> try to attach to the domain. Had various problems with root account not
> being accepted.
>
> Can anyone spot anything glaringly obviously wrong in my config that
> follows.
> Cheers
>
>
>
>
> [global]
> name resolve order = wins bcast hosts
> ldap ssl = no
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> idmap gid = 500-550
> admin users = root
> obey pam restrictions = no
> client schannel = no
> passwd program = /usr/bin/passwd %u
> dns proxy = No
> netbios name = sss-server
> writeable = yes
> printing = lprng
> idmap uid = 500-2000
> logon script = user.bat
> workgroup = domain
> debug level = 3
> os level = 65
> getwd cache = yes
> log file = /var/log/samba/%m.log
> guest account = root
> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> sync always = yes
> map to guest = never
> null passwords = yes
> domain master = Yes
> encrypt passwords = yes
> public = yes
> realm = domain
> wins support = true
> netbios aliases = sss-server
> server string = sss-server
> add user script = /usr/sbin/useradd -g machines -c NTMachine
> -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
> domain logons = Yes
> pam password change = Yes
> # DOMAIN ADMIN GROUP added to allow root as local admin
> domain admin group = root
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> [netlogon]
> comment = Network Logon Service
> share modes = No
> public = yes
> path = /usr/local/samba/netlogon
>
> [Profiles]
> nt acl support = yes
> browseable = no
> delete readonly = yes
> path = /usr/local/samba/profiles
> force group = root
> force user = root
> comment = Network Profiles Service
> create mode = 0600
> directory mode = 0700
>
> [root_dir]
> comment = root dir mark only
> delete readonly = yes
> path = /
>
> [data]
> force user = root
> comment = Data Directory
> path = /home/data/
> force group = root
>
--
Mike Brady
PGP ID: 0x9C777DA4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080430/384e90f3/attachment.bin
More information about the samba
mailing list