samba@lists.samba.org
[Top] [All Lists]

Re: [Samba] Domain logins: 2 small issues

Subject: Re: [Samba] Domain logins: 2 small issues
From: "Rob Hall"
Date: Tue, 23 May 2006 14:52:44 -0400

----- Original Message ----- From: "Rob Hall" <rob@xxxxxxxxxxxxx>
To: <samba@xxxxxxxxxxxxxxx>
Sent: Wednesday, May 17, 2006 8:50 AM
Subject: [Samba] Domain logins: 2 small issues


Hey gang,
I've managed to get samba servers working as PDCs/BDCs with LDAP backend for replication. Working fine. Here's my problems: 1) A new machine will not join the domain on the first attempt. Apparently samba creates the machine account but can't authenticate it. I have attempt to join a second time for it to authenticate and succeed. This isn't that big of a deal, and if I don't figure it out, I'm not in a major bind.

2) After a machine joins a domain, EVERYTHING in msconfig is gibberish. Looking in the registry, every entry now has either a "C" or just "" for it's entry. Also, the machines now pop up the system32 folder on login. This is the one I *REALLY* need help with. My smb.conf is as follows:

------------------------------
[global]
netbios name = <SERVER NAME>
workgroup = <WORKGROUP>
server string = <SERVER NAME>
security = user
hosts allow = <IP ADDRESSES>
log file = /var/log/samba.%m
max log size = 50
log level = 1
passdb = ldapsam:ldap://127.0.0.1
socket options = TCP_NODELAY
interfaces = <IP ADDRESS/MASK>
local master = yes
os level = 64
domain master = yes
preferred master = auto
domain logins = yes

# LDAP authentication stuff:
ldap admin dn = cn=Manager,dc=<DOMAIN>,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=<DOMAIN>,dc=com
ldap user suffix = ou=Users
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-20000
idmap gid = 10000-20000

logon script = logon.bat
logon path =
logon drive = H:
wins support = yes
wins proxy = no
dns proxy = no

# domain scripts
 add user script = /usr/local/sbin/smbldap-useradd -a '%u'
 add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
 add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
 delete user script = /usr/local/sbin/smbldap-userdel '%u'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g'
 set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
 add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
 delete group script = /usr/local/sbin/smbldap-groupdel '%g'

#============================ Share Definitions ==============================
[homes]
  comment = Home Directories
  browseable = no
  writable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
  comment = Network Logon Service
  path = /usr/local/samba/lib/netlogon
  guest ok = yes
  writable = no
  share modes = no

[shared]
  comment = Shared Space
  path = /usr/local/share/common
  public = yes
  writable = yes
  printable = no
  create mask = 777

------------------------------------------------------ end smb.conf ----------------------------------------------------------------

Any help/suggestions is greatly appreciated.

Thanks!
--
Rob

Nobody has any suggestions?
--
Rob
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

<Prev in Thread] Current Thread [Next in Thread>