[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles

J. Echter j.echter at elektro-mayer-echter.de
Tue Aug 2 06:54:44 MDT 2011


Am 02.08.2011 14:40, schrieb Julien Celle:
> Le 02/08/2011 14:22, J. Echter a écrit :
>> Am 02.08.2011 14:06, schrieb Julien Celle:
>>> pdbedit output indicates that the profile is stored on '\\pdc...' and
>>> that the user is defined on the domain 'BDC'.
>> oh i forgot, profiles are on \\pdc.
>>
>> cheers.
> Hi,
>
> There may be a problem trying to access your profiles on \\pdc while 
> authenticating against \\bdc. Your users try to access a share without 
> giving your PDC credentials it can validate. Try moving your profile 
> for your user test to \\bdc\profile...
>
> You could also post your whole smb.conf for your BDC.
>
> Cheers,
>
> Julien.
>
first both of my configs...

BDC:

[global]
    domain master = no
    domain logons = yes
    passdb backend = ldapsam:ldap://mule
    idmap backend = ldap:ldap://mule
    idmap uid = 10000-15000
    idmap gid = 10000-15000
    ldap suffix = dc=workgroup,dc=local
    ldap user suffix = ou=smb-usr
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap idmap suffix = ou=idmap
    ldap admin dn = cn=admin,dc=workgroup,dc=local
    ldap ssl = no
    ldap passwd sync = yes

    printing = bsd
    netbios name = BDC
    server string = BDC (%h)
    workgroup = workgroup
    interfaces = eth0,lo
    security = user
    encrypt passwords = true
    map to guest = bad user
    guest account = nobody
    logon path = \\pdc\profile\%U
    logon script = %U.bat
    logon drive = H:
    panic action = /usr/share/samba/panic-action %d

PDC:

[global]
    printing = bsd
    netbios name = PDC
    server string = PDC (%h)
    workgroup = workgroup
    interfaces = eth0,lo
    security = user
    encrypt passwords = true
    map to guest = bad user
    guest account = nobody

    ## LDAP
    passdb backend = ldapsam:ldap://127.0.0.1
    idmap backend = ldap:ldap://127.0.0.1
    idmap uid = 10000-15000
    idmap gid = 10000-15000
    ldap suffix = dc=workgroup,dc=local
    ldap user suffix = ou=smb-usr
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap idmap suffix = ou=idmap
    ldap admin dn = cn=admin,dc=workgroup,dc=local
    ldap ssl = no
    ldap passwd sync = yes
    add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
    add user script = /usr/sbin/smbldap-useradd -a '%u'
    delete user script = /usr/sbin/smbldap-userdel %u
    add group script = /usr/sbin/smbldap-groupadd -a '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

    local master = yes
    preferred master = yes
    domain master = yes
    domain logons = yes

    logon path = \\pdc\profile\%U
    logon script = %U.bat
    logon drive = H:
    panic action = /usr/share/samba/panic-action %d

atm i have domain logons = no, to avoid negative interaction with my 
running pdc. hope this helps.


More information about the samba mailing list