On Tue, Jun 15, 2010 at 1:04 PM, delpheye <delph...@gmail.com> wrote: > results of testparm -v: > > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[netlogon]" > Processing section "[profiles]" > Processing section "[public]" > Processing section "[former.employees]" > Processing section "[temp]" > Processing section "[joadmin]" > Processing section "[labs]" > Processing section "[business]" > Loaded services file OK. > WARNING: You have some share names that are longer than 12 characters. > These may not be accessible to some older clients. > (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > workgroup = DOMAIN.COM > realm = > netbios name = DOMAIN-FS > netbios aliases = > netbios scope = > server string = Samba 3.3.8-0.51.el5 > interfaces = > bind interfaces only = No > config backend = file > security = USER > auth methods = > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > map to guest = Never > null passwords = No > obey pam restrictions = No > password server = * > smb passwd file = /var/lib/samba/private/smbpasswd > private dir = /var/lib/samba/private > passdb backend = ldapsam:ldap://127.0.0.1 > algorithmic rid base = 1000 > root directory = > guest account = nobody > enable privileges = Yes > pam password change = No > passwd program = /usr/bin/passwd '%u' > passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" > %n\n "*updated successfully*" > passwd chat debug = No > passwd chat timeout = 2 > check password script = > username map = /etc/samba/smbusers > password level = 0 > username level = 0 > unix password sync = Yes > restrict anonymous = 0 > lanman auth = No > ntlm auth = Yes > client NTLMv2 auth = No > client lanman auth = No > client plaintext auth = No > preload modules = > use kerberos keytab = No > log level = 5 > syslog = 1 > syslog only = No > log file = > max log size = 5000 > debug timestamp = Yes > debug prefix timestamp = No > debug hires timestamp = No > debug pid = No > debug uid = No > debug class = No > enable core files = Yes > smb ports = 445 139 > large readwrite = Yes > max protocol = NT1 > min protocol = CORE > min receivefile size = 0 > read raw = Yes > write raw = Yes > disable netbios = No > reset on zero vc = No > acl compatibility = auto > defer sharing violations = Yes > nt pipe support = Yes > nt status support = Yes > announce version = 4.9 > announce as = NT > max mux = 50 > max xmit = 16644 > name resolve order = wins bcast hosts > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = No > unix extensions = Yes > use spnego = Yes > client signing = auto > server signing = No > client use spnego = Yes > client ldap sasl wrapping = plain > enable asu support = No > svcctl list = > deadtime = 0 > getwd cache = Yes > keepalive = 300 > lpq cache time = 30 > max smbd processes = 0 > paranoid server security = Yes > max disk size = 0 > max open files = 10000 > socket options = TCP_NODELAY > use mmap = Yes > hostname lookups = No > name cache timeout = 660 > ctdbd socket = > cluster addresses = > clustering = No > load printers = Yes > printcap cache time = 750 > printcap name = cups > cups server = > cups connection timeout = 30 > iprint server = > disable spoolss = No > addport command = > enumports command = > addprinter command = > deleteprinter command = > show add printer wizard = Yes > os2 driver map = > mangling method = hash2 > mangle prefix = 1 > max stat cache size = 256 > stat cache = Yes > machine password timeout = 604800 > add user script = /usr/sbin/smbldap-useradd -m "%u" > rename user script = > delete user script = /usr/sbin/smbldap-userdel "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w "%u" > shutdown script = > abort shutdown script = > username map script = > logon script = logon.bat > logon path = \\domain-fs\profiles\%u > logon drive = H: > logon home = \\domain-fs\%U > domain logons = Yes > init logon delayed hosts = > init logon delay = 100 > os level = 64 > lm announce = Auto > lm interval = 5 > preferred master = Yes > local master = Yes > domain master = Yes > browse list = Yes > enhanced browsing = Yes > dns proxy = Yes > wins proxy = No > wins server = > wins support = Yes > wins hook = > kernel oplocks = Yes > lock spin time = 200 > oplock break wait time = 0 > ldap admin dn = cn=root,dc=domain,dc=com > ldap delete dn = Yes > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = no > ldap replication sleep = 1000 > ldap suffix = dc=domain,dc=com > ldap ssl = no > ldap ssl ads = No > ldap timeout = 15 > ldap connection timeout = 2 > ldap page size = 1024 > ldap user suffix = ou=Users > ldap debug level = 0 > ldap debug threshold = 10 > eventlog list = > add share command = > change share command = > delete share command = > config file = > preload = > lock directory = /var/lib/samba > pid directory = /var/run > utmp directory = > wtmp directory = > utmp = No > default service = > message command = > get quota command = > set quota command = > remote announce = > remote browse sync = > socket address = 0.0.0.0 > homedir map = auto.home > afs username map = > afs token lifetime = 604800 > log nt token command = > time offset = 0 > NIS homedir = No > registry shares = No > usershare allow guests = No > usershare max shares = 0 > usershare owner only = Yes > usershare path = /var/lib/samba/usershares > usershare prefix allow list = > usershare prefix deny list = > usershare template share = > panic action = > host msdfs = Yes > passdb expand explicit = No > idmap backend = tdb > idmap alloc backend = > idmap cache time = 604800 > idmap negative cache time = 120 > idmap uid = 10000-20000 > idmap gid = 10000-20000 > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind reconnect delay = 30 > winbind enum users = No > winbind enum groups = No > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = Yes > winbind expand groups = 1 > winbind nss info = template > winbind refresh tickets = No > winbind offline logon = No > winbind normalize names = No > winbind rpc only = No > comment = > path = > username = > invalid users = > valid users = > admin users = > read list = > write list = > printer admin = > force user = > force group = > read only = Yes > acl check permissions = Yes > acl group control = No > acl map full control = Yes > create mask = 0744 > force create mode = 00 > security mask = 0777 > force security mode = 00 > directory mask = 0755 > force directory mode = 00 > directory security mask = 0777 > force directory security mode = 00 > force unknown acl user = No > inherit permissions = No > inherit acls = No > inherit owner = No > guest only = No > administrative share = No > guest ok = No > only user = No > hosts allow = > hosts deny = > allocation roundup size = 1048576 > aio read size = 0 > aio write size = 0 > aio write behind = > ea support = No > nt acl support = Yes > profile acls = No > map acl inherit = No > afs share = No > smb encrypt = auto > block size = 1024 > change notify = Yes > directory name cache size = 100 > kernel change notify = Yes > max connections = 0 > min print space = 0 > strict allocate = No > strict sync = No > sync always = No > use sendfile = No > write cache size = 0 > max reported print jobs = 0 > max print jobs = 1000 > printable = No > printing = cups > cups options = > print command = > lpq command = %p > lprm command = > lppause command = > lpresume command = > queuepause command = > queueresume command = > printer name = > use client driver = No > default devmode = Yes > force printername = No > printjob username = %U > default case = lower > case sensitive = Auto > preserve case = Yes > short preserve case = Yes > mangling char = ~ > hide dot files = Yes > hide special files = No > hide unreadable = No > hide unwriteable files = No > delete veto files = No > veto files = > hide files = > veto oplock files = > map archive = Yes > map hidden = No > map system = No > map readonly = yes > mangled names = Yes > store dos attributes = No > dmapi support = No > browseable = Yes > blocking locks = Yes > csc policy = manual > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = Auto > share modes = Yes > dfree cache time = 0 > dfree command = > copy = > include = > preexec = > preexec close = No > postexec = > root preexec = > root preexec close = No > root postexec = > available = Yes > volume = > fstype = NTFS > set directory = No > wide links = Yes > follow symlinks = Yes > dont descend = > magic script = > magic output = > delete readonly = No > dos filemode = No > dos filetimes = Yes > dos filetime resolution = No > fake directory create times = No > vfs objects = > msdfs root = No > msdfs proxy = > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = Yes > > [profiles] > comment = Network Profiles Share > path = /data/profiles > read only = No > create mask = 0600 > directory mask = 0700 > hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ > store dos attributes = Yes > browseable = No > > [public] > path = /data/public > valid users = "@Domain Users" > read only = No > create mask = 0755 > guest ok = Yes > > [former.employees] > path = /data/former.employees > valid users = "@Domain Users" > read only = No > create mask = 0755 > guest ok = Yes > > [temp] > path = /data/temp > valid users = "@Domain Users" > read only = No > create mask = 0755 > guest ok = Yes > > > [joadmin] > comment = Jo Admin > path = /data/jo-admin > valid users = joxxx > write list = "@domain users" > read only = No > create mask = 0775 > directory mask = 0775 > > [labs] > comment = Labs Data > path = /data/labs > valid users = "@Domain Users" > write list = "@Domain Users" > read only = No > create mask = 0775 > directory mask = 0770 > guest ok = Yes > > [business] > comment = Business Docs > path = /data/Business > valid users = "@Business Users" > read only = No > create mask = 0775 > directory mask = 0775 > > > On Tue, Jun 15, 2010 at 12:52 PM, Alberto Moreno <ports...@gmail.com> wrote: >> >> On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno <ports...@gmail.com> >> wrote: >> > On Tue, Jun 15, 2010 at 9:57 AM, <t...@tms3.com> wrote: >> >> >> >> >> >> >> >> On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: >> >> >> >> On Mon, Jun 14, 2010 at 11:45 PM, <t...@tms3.com> wrote: >> >> >> >> >> >> >> >> --- Original message --- >> >> Subject: Re: [Samba] windows 7 unable to join domain >> >> From: Alberto Moreno <ports...@gmail.com> >> >> To: <samba@lists.samba.org> >> >> Date: Monday, 14/06/2010 11:03 PM >> >> >> >> On Mon, Jun 14, 2010 at 6:11 PM, <t...@tms3.com> wrote: >> >> >> >> >> >> >> >> >> >> SNIP >> >> >> >> I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently >> >> have >> >> many Windows XP clients associated with the domain and behaving >> >> correctly. >> >> However, I am unable to join a Windows 7 PC. I receive "The specified >> >> network name is no longer available." >> >> >> >> I've verified that DNS is configured correctly, and as stated XP >> >> machines >> >> have no problem joining. >> >> >> >> http://wiki.samba.org/index.php/Windows7 >> >> >> >> There's a reg file that comes with the source code. Not sure about >> >> binary >> >> packages. >> >> >> >> Cheers, >> >> >> >> SNIP >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> Like tms3 told u, we have to make some changes to the register before >> >> we join ms 7 to the domain, I already did and works, no issue. >> >> >> >> Another thing I see in your smb.conf: >> >> >> >> security = DOMAIN. >> >> >> >> In my little knowledge about samba, if u have a PDC it must say: >> >> >> >> security = user. >> >> >> >> Went u add a BDC it must say: >> >> >> >> security = DOMAIN. >> >> >> >> I disagree on the last point. >> >> >> >> Security = user is default, so no entry necessary. >> >> >> >> For PDC I use: >> >> >> >> os level = 64 >> >> preferred master = Yes >> >> domain logons =Yes >> >> domain master = Yes >> >> >> >> For BDC I use (if on separate nodes) >> >> >> >> �� os level = 64 >> >> preferred master = Yes >> >> domain logons =Yes >> >> domain master = no >> >> >> >> If on same node >> >> >> >> os level = 60 >> >> preferred master = Auto >> >> domain logons =Yes >> >> domain master = no >> >> >> >> >> >> "In domain security mode, the Samba server has a machine account >> >> (domain security trust account) and causes all authentication requests >> >> to be passed through to the domain controllers. The Samba server is >> >> made into a domain member server by using the following directives in >> >> smb.conf." >> >> >> >> "security = domain" >> >> >> >> Hi. >> >> >> >> I point this because on his smb.conf file he us using security=domain, >> >> by default like u say is =user. >> >> >> >> Oh, not trying to be a snit, just that if you use sec=domain then the >> >> BDC >> >> will call the PDC for authing. It will work, it's just that it kinda >> >> (IMHO) >> >> makes the BDC sorta useless. And over WAN links wastes bandwidth. >> >> >> >> Cheers, >> >> >> >> >> >> Thanks!!! >> >> >> >> Last thing, smbldap-tools using the base repo from Centos 5.5 depend >> >> on Samba-3.0.x, u must build your own rpm to work with samba3x. >> >> >> >> My two cents. >> >> -- >> >> LIving the dream... >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> >> >> -- >> >> LIving the dream... >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> > >> > No problem my friend, we are here to learn, thanks for sharing. >> > >> > -- >> > LIving the dream... >> > >> >> U say that u already have some XP clients on your domain, which meant >> that works. >> >> U are trying to add a Windows 7 capable of being able to be part of a >> Domain, like Ultimate Edition or compatible right? not a Home Edition. >> >> U are using ldap on centos, which is working? Because u have XP >> clients inside the domain, they can see the PDC of your domain? >> >> Could u please give us the output of testparm+testparm of your PDC. >> >> Thanks!!! >> >> -- >> LIving the dream... >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >
This is my smb.conf which I had setup this week, I have here Windows XP+Windows 7 UE. [global] unix charset = UTF8 workgroup = BOMBOM server string = PDC Server interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://172.16.5.152/ pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/usermap password level = 6 unix password sync = Yes log level = 1 log file = /var/log/samba/%m.log max log size = 500 name resolve order = wins hosts bcast lmhost socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %m logon path = logon home = domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=bombom,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=bombom,dc=com ldap ssl = no ldap user suffix = ou=Users host msdfs = No idmap backend = ldap:ldap://172.16.5.152 idmap uid = 10000-20000 idmap gid = 10000-20000 hosts allow = 172.16.0.0/16, 127. hosts deny = 0.0.0.0 map acl inherit = Yes map archive = No[netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes locking = No [homes] comment = Home Directories valid users = %S read only = No browseable = No [Public] comment = Public Folder path = /opt/public read only = No create mask = 0775 directory mask = 0775 guest ok = Yes [IT] path = /opt/it valid users = @it write list = @BOMBOM\it force group = @BOMBOM\it read only = No force create mode = 0770 directory mask = 0770 [Account] path = /opt/account valid users = @account write list = @BOMBOM\accounts force group = @BOMBOM\account read only = No force create mode = 0770 directory mask = 0770 map readonly = no store dos attributes = Yes This is my account for the windows 7 client: pdbedit -Lv bom-win7ue$ Unix username: bom-win7ue$ NT username: bom-win7ue$ Account Flags: [W ] User SID: S-1-5-21-506473411-1786020119-2248725859-1002 Primary Group SID: S-1-5-21-506473411-1786020119-2248725859-515 Full Name: BOM-WIN7UE$ Home Directory: HomeDir Drive: Logon Script: Profile Path: Domain: BOMBOM Account desc: Computer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Mon, 14 Jun 2010 07:33:00 PDT Password can change: Mon, 14 Jun 2010 07:33:00 PDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF net groupmap list Domain Admins (S-1-5-21-506473411-1786020119-2248725859-512) -> Domain Admins Domain Users (S-1-5-21-506473411-1786020119-2248725859-513) -> Domain Users Domain Guests (S-1-5-21-506473411-1786020119-2248725859-514) -> Domain Guests Domain Computers (S-1-5-21-506473411-1786020119-2248725859-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators it (S-1-5-21-506473411-1786020119-2248725859-3007) -> it account (S-1-5-21-506473411-1786020119-2248725859-3009) -> account My domain groups are there. smbclient -L \\pdc-srv -U test1 Enter test1's password: Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (PDC Server) Contabilidad Disk Sistemas Disk Public Disk Public Folder netlogon Disk Network Logon Service test1 Disk Home Directories Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5] Server Comment --------- ------- BOM-WIN7UE Windows 7 Domain PIM-WINXPA vbWinXP PDC-SRV PDC Server Workgroup Master --------- ------- BOMBOM PDC-SRV I didn't disable anything from windows 7 like the firewall, I just make the change to the register on windows 7 like the wiki told us, restart windows 7 and done, I could add the client to the domain. Hope this file help to find the issue, u could setup a vm with windows 7 and start from scratch. See u latter!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba