[Samba] Samba + LDAP + SMBLDAP-Tools + Roaming Profiles
J. Echter
j.echter at elektro-mayer-echter.de
Wed Aug 3 07:32:21 MDT 2011
Am 02.08.2011 14:54, schrieb J. Echter:
> Am 02.08.2011 14:40, schrieb Julien Celle:
>> Le 02/08/2011 14:22, J. Echter a écrit :
>>> Am 02.08.2011 14:06, schrieb Julien Celle:
>>>> pdbedit output indicates that the profile is stored on '\\pdc...' and
>>>> that the user is defined on the domain 'BDC'.
>>> oh i forgot, profiles are on \\pdc.
>>>
>>> cheers.
>> Hi,
>>
>> There may be a problem trying to access your profiles on \\pdc while
>> authenticating against \\bdc. Your users try to access a share
>> without giving your PDC credentials it can validate. Try moving your
>> profile for your user test to \\bdc\profile...
>>
>> You could also post your whole smb.conf for your BDC.
>>
>> Cheers,
>>
>> Julien.
>>
> first both of my configs...
>
> BDC:
>
> [global]
> domain master = no
> domain logons = yes
> passdb backend = ldapsam:ldap://mule
> idmap backend = ldap:ldap://mule
> idmap uid = 10000-15000
> idmap gid = 10000-15000
> ldap suffix = dc=workgroup,dc=local
> ldap user suffix = ou=smb-usr
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=idmap
> ldap admin dn = cn=admin,dc=workgroup,dc=local
> ldap ssl = no
> ldap passwd sync = yes
>
> printing = bsd
> netbios name = BDC
> server string = BDC (%h)
> workgroup = workgroup
> interfaces = eth0,lo
> security = user
> encrypt passwords = true
> map to guest = bad user
> guest account = nobody
> logon path = \\pdc\profile\%U
> logon script = %U.bat
> logon drive = H:
> panic action = /usr/share/samba/panic-action %d
>
> PDC:
>
> [global]
> printing = bsd
> netbios name = PDC
> server string = PDC (%h)
> workgroup = workgroup
> interfaces = eth0,lo
> security = user
> encrypt passwords = true
> map to guest = bad user
> guest account = nobody
>
> ## LDAP
> passdb backend = ldapsam:ldap://127.0.0.1
> idmap backend = ldap:ldap://127.0.0.1
> idmap uid = 10000-15000
> idmap gid = 10000-15000
> ldap suffix = dc=workgroup,dc=local
> ldap user suffix = ou=smb-usr
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=idmap
> ldap admin dn = cn=admin,dc=workgroup,dc=local
> ldap ssl = no
> ldap passwd sync = yes
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
> add user script = /usr/sbin/smbldap-useradd -a '%u'
> delete user script = /usr/sbin/smbldap-userdel %u
> add group script = /usr/sbin/smbldap-groupadd -a '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> '%g'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
>
> local master = yes
> preferred master = yes
> domain master = yes
> domain logons = yes
>
> logon path = \\pdc\profile\%U
> logon script = %U.bat
> logon drive = H:
> panic action = /usr/share/samba/panic-action %d
>
> atm i have domain logons = no, to avoid negative interaction with my
> running pdc. hope this helps.
ok, what i know now :)
there get's a second domain added to ldap directory if i, for example,
add an user on pdc and do a pdbedit -v an-user i have a second
SambaDomainName in my ldap tree. This one is called the same as my bdc
is configured in its smb.conf.
is it forbidden to name the server bdc or similar? i have set workgroup
= workgroup in smb.conf on pdc and bdc.
im lost with this...
thanks
juergen
More information about the samba
mailing list