[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
J. Echter
j.echter at elektro-mayer-echter.de
Tue Aug 2 06:54:44 MDT 2011
Am 02.08.2011 14:40, schrieb Julien Celle:
> Le 02/08/2011 14:22, J. Echter a écrit :
>> Am 02.08.2011 14:06, schrieb Julien Celle:
>>> pdbedit output indicates that the profile is stored on '\\pdc...' and
>>> that the user is defined on the domain 'BDC'.
>> oh i forgot, profiles are on \\pdc.
>>
>> cheers.
> Hi,
>
> There may be a problem trying to access your profiles on \\pdc while
> authenticating against \\bdc. Your users try to access a share without
> giving your PDC credentials it can validate. Try moving your profile
> for your user test to \\bdc\profile...
>
> You could also post your whole smb.conf for your BDC.
>
> Cheers,
>
> Julien.
>
first both of my configs...
BDC:
[global]
domain master = no
domain logons = yes
passdb backend = ldapsam:ldap://mule
idmap backend = ldap:ldap://mule
idmap uid = 10000-15000
idmap gid = 10000-15000
ldap suffix = dc=workgroup,dc=local
ldap user suffix = ou=smb-usr
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap admin dn = cn=admin,dc=workgroup,dc=local
ldap ssl = no
ldap passwd sync = yes
printing = bsd
netbios name = BDC
server string = BDC (%h)
workgroup = workgroup
interfaces = eth0,lo
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody
logon path = \\pdc\profile\%U
logon script = %U.bat
logon drive = H:
panic action = /usr/share/samba/panic-action %d
PDC:
[global]
printing = bsd
netbios name = PDC
server string = PDC (%h)
workgroup = workgroup
interfaces = eth0,lo
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody
## LDAP
passdb backend = ldapsam:ldap://127.0.0.1
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-15000
idmap gid = 10000-15000
ldap suffix = dc=workgroup,dc=local
ldap user suffix = ou=smb-usr
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap admin dn = cn=admin,dc=workgroup,dc=local
ldap ssl = no
ldap passwd sync = yes
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add user script = /usr/sbin/smbldap-useradd -a '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -a '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\pdc\profile\%U
logon script = %U.bat
logon drive = H:
panic action = /usr/share/samba/panic-action %d
atm i have domain logons = no, to avoid negative interaction with my
running pdc. hope this helps.
More information about the samba
mailing list