On Mon, 27 Sep 2010 17:08:12 +0200, Claudio Prono <[email protected]> wrote: > Gaiseric Vandal ha scritto: >> Do you have an underlying unix account for the pc (eg SOMEMACHINE$) >> >> It is possible to configure scripts that the unix account is created >> by samba if necessary when samba creates the "Windows" account for the >> machine. I don't have it set up this way, so I need to create the >> unix account 1st. >> > add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s > /bin/false %m$ > > This script automatically add the machine if needed, or i am wrong ? >> Also, I found that since the underlying unix OS may need validate the >> machine account, I put my machine accounts in either the same ldap ou >> as people (or in a sub ou.) ("getent passwd" command may need to show >> your machine accounts as well as people accounts.) >> >> If you have manually created the unix account for the machine, can you >> them manually create the samba account for it >> >> e.g. smbpasswd -m -a SOMEMACHINE >> >> (I think you leave the $ off .) >> >> >> I use LDAP for both "unix" and "windows" clients so my config choices >> may not be applicable to a windows-only client environment. >> >> >> On 09/27/2010 09:59 AM, Claudio Prono wrote: >>> Hello all, >>> >>> I have some problems to make work a configuration like Samba and >>> OpenLDAP as domain controller. My operative system is OpenSuSE 11.3. >>> >>> Here is my testparm: >>> >>> [global] >>> workgroup = MEDIADC >>> netbios name = MEDIADC >>> map to guest = Bad User >>> passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri >>> log level = 2 >>> printcap name = cups >>> add machine script = /usr/sbin/useradd -c Machine -d >>> /var/lib/nobody -s /bin/false %m$ >>> logon path = \\%L\profiles\.msprofile >>> logon drive = P: >>> logon home = \\%L\%U\.9xprofile >>> domain logons = Yes >>> os level = 65 >>> preferred master = Yes >>> domain master = Yes >>> wins support = Yes >>> ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri >>> ldap group suffix = ou=group >>> ldap idmap suffix = ou=Idmap >>> ldap machine suffix = ou=Machines >>> ldap passwd sync = yes >>> ldap suffix = dc=mediaservice-test,dc=pri >>> ldap ssl = no >>> ldap user suffix = ou=people >>> usershare allow guests = Yes >>> idmap backend = ldap:ldap://afs-test.mediaservice-test.pri >>> idmap uid = 1000-60000 >>> idmap gid = 1000-60000 >>> cups options = raw >>> >>> [homes] >>> comment = Home Directories >>> valid users = %S, %D%w%S >>> read only = No >>> inherit acls = Yes >>> browseable = No >>> >>> [profiles] >>> comment = Network Profiles Service >>> path = %H >>> read only = No >>> create mask = 0600 >>> directory mask = 0700 >>> store dos attributes = Yes >>> >>> [users] >>> comment = All users >>> path = /home >>> read only = No >>> inherit acls = Yes >>> veto files = /aquota.user/groups/shares/ >>> >>> [groups] >>> comment = All groups >>> path = /home/groups >>> read only = No >>> inherit acls = Yes >>> >>> [printers] >>> comment = All Printers >>> path = /var/tmp >>> create mask = 0600 >>> printable = Yes >>> browseable = No >>> >>> [print$] >>> comment = Printer Drivers >>> path = /var/lib/samba/drivers >>> write list = @ntadmin, root >>> force group = ntadmin >>> create mask = 0664 >>> directory mask = 0775 >>> >>> [netlogon] >>> comment = Network Logon Service >>> path = /var/lib/samba/netlogon >>> write list = root >>> >>> If i try to join a windows xp into the domain i have this results: >>> >>> [2010/09/27 14:58:52.229946, 0] >>> lib/util_sock.c:1432(get_peer_addr_internal) >>> getpeername failed. Error was Transport endpoint is not connected >>> [2010/09/27 14:58:52.233371, 2] smbd/reply.c:536(reply_special) >>> netbios connect: name1=MEDIADC 0x20 name2=TESTAFS 0x0 >>> [2010/09/27 14:58:52.233498, 2] smbd/reply.c:547(reply_special) >>> netbios connect: local=mediadc remote=testafs, name type = 0 >>> [2010/09/27 14:58:52.234068, 2] >>> smbd/sesssetup.c:1390(setup_new_vc_session) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2010/09/27 14:58:52.233647, 0] lib/util_sock.c:675(write_data) >>> [2010/09/27 14:58:52.234876, 0] >>> lib/util_sock.c:1432(get_peer_addr_internal) >>> getpeername failed. Error was Transport endpoint is not connected >>> write_data: write failure in writing to client 0.0.0.0. Error >>> Connection reset by peer >>> [2010/09/27 14:58:52.236855, 0] smbd/process.c:79(srv_send_smb) >>> Error writing 4 bytes to client. -1. (Transport endpoint is not >>> connected) >>> [2010/09/27 14:58:52.238615, 2] >>> smbd/sesssetup.c:1390(setup_new_vc_session) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2010/09/27 14:58:52.239888, 2] >>> lib/smbldap.c:950(smbldap_open_connection) >>> smbldap_open_connection: connection opened >>> [2010/09/27 14:58:52.242954, 2] >>> passdb/pdb_ldap.c:572(init_sam_from_ldap) >>> init_sam_from_ldap: Entry found for user: Administrator >>> [2010/09/27 14:58:52.295749, 2] auth/auth.c:304(check_ntlm_password) >>> check_ntlm_password: authentication for user [Administrator] -> >>> [Administrator] -> [Administrator] succeeded >>> [2010/09/27 14:58:52.780610, 0] >>> rpc_server/srv_netlog_nt.c:669(_netr_ServerAuthenticate3) >>> _netr_ServerAuthenticate: no challenge sent to client TESTAFS >>> [2010/09/27 14:58:53.337111, 2] >>> smbd/sesssetup.c:1390(setup_new_vc_session) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2010/09/27 14:58:53.338938, 2] >>> smbd/sesssetup.c:1390(setup_new_vc_session) >>> setup_new_vc_session: New VC == 0, if NT4.x compatible we would close >>> all old resources. >>> [2010/09/27 14:58:53.339808, 2] >>> lib/smbldap.c:950(smbldap_open_connection) >>> smbldap_open_connection: connection opened >>> [2010/09/27 14:58:53.342371, 2] >>> passdb/pdb_ldap.c:572(init_sam_from_ldap) >>> init_sam_from_ldap: Entry found for user: Administrator >>> [2010/09/27 14:58:53.347683, 2] auth/auth.c:304(check_ntlm_password) >>> check_ntlm_password: authentication for user [Administrator] -> >>> [Administrator] -> [Administrator] succeeded >>> [2010/09/27 14:58:53.812728, 2] >>> rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain) >>> Returning domain sid for domain MEDIADC -> >>> S-1-5-21-1949818787-1514111066-129980733 >>> [2010/09/27 14:58:53.814002, 2] >>> rpc_server/srv_samr_nt.c:4124(_samr_LookupDomain) >>> Returning domain sid for domain MEDIADC -> >>> S-1-5-21-1949818787-1514111066-129980733 >>> >>> As it seems all works fine, but windows give an error like "Access >>> Denied" and the computer is not added to the domain. >>> >>> What can be the problem? How to debug it? >>> Read about prexec and postexec in the samba howto. In my case I run a script the first time a user login and his share is created.
Greetings Daniel >>> Any hint is welcome... >>> >>> Cordially, >>> >>> Claudio Prono. >>> >>> >>> >> > > -- > -------------------------------------------------------------------------------- > Claudio Prono OPST > System Developer > Gsm: +39-349-54.33.258 > @PSS Srl Tel: +39-011-32.72.100 > Via San Bernardino, 17 Fax: +39-011-32.46.497 > 10141 Torino - ITALY http://atpss.net/disclaimer > -------------------------------------------------------------------------------- > PGP Key - http://keys.atpss.net/c_prono.asc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
