Orn, Here is my smb.conf for a fully functional PDC. Granted that I do not use LDAP on this particular system, but the LDAP part is easy once you get the rest of it working.
My advice to anyone who is building a Samba server is to start with a simple solution and granudally build in the complexities needed. That makes it so much easier to figure out when and where things might be breaking. The migration of the database is a simple matter. If you have "passdb backend = ldapsam:ldap://server.myorg.ext:636, tdbsam" then you can migrate a tdbsam to LDAP by: pdbedit -i tdbsam -e ldapsam pdbedit -g -i tdbsam -e ldapsam My smb.conf file: # Global parameters [global] workgroup = MIDEARTH server string = Samba3 interfaces = eth0, lo bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam pam password change = Yes passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers password level = 8 username level = 8 log level = 1 syslog = 0 log file = /var/log/samba/%m smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupadd %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes utmp = Yes panic action = export DISPLAY=localhost:0; /usr/bin/X11/xterm -e gdb /proc/%d/exe %d || /bin/sleep idmap uid = 15000-20000 idmap gid = 15000-20000 winbind separator = + winbind use default domain = Yes hosts allow = 127., 192.168.1. use sendfile = Yes printing = cups veto files = /*.eml/*.nws/riched20.dll/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ include = /etc/samba/machine.%m [homes] comment = Home Directories read only = No browseable = No Share definitions for [netlogon], [profiles], etc. deleted to reduce size of this message. - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
I've been fighting the same problem myself, and others too, alas with ldap backend. Here's what I've come by, so far, and might be useful to you. 1. You need to provide "admin users" in the global section, and make sure the user there exists in smbpaswd. This is the user, you type in when adding the machine to the domain. You can't use "root" as with 2.x. 2. The script you are using, to add machines ... you need to make sure that it creates the trailing dollar sign to the name. I don't think samba provides the "username$" for the machine at that point, and you need to provide it by issuing "%u$", but check this to be sure. On Sunday 19 October 2003 05:04, [EMAIL PROTECTED] wrote: > after many hours of tries, I am still stuck with a simple: I have Samba > 3.0.1 ore running fine on a red hat 9.0 box (installed from RPM) when I try > to join a domain I get the infamous invalid user name or bad password > error from the Win2K SP2 machines. I am really getting lost here, I have > checked the root password in smbpasswd database and have used the smbpasswd > command, I still get that error. Any help would be greatly appreciated.... > this is my smb.conf as given by testparm > # Global parameters > [global] > workgroup = LPHGROUP > server string = Samba Server > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\\n *ReType*new*UNIX*password* > %n\\n*passwd:*all*authentication*tokens*updated*successfully* username map > = /etc/samba/smbusers > password level = 8 > username level = 8 > unix password sync = Yes > log file = /var/log/samba/log.%m > max log size = 50 > name resolve order = wins lmhosts bcast > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s > /bin/false -M %u logon path = \\\\%L\\Profiles\\%U > domain logons = Yes > os level = 33 > preferred master = Yes > domain master = Yes > dns proxy = No > wins support = Yes > remote announce = 172.16.2.255 > hosts allow = 172.16. > printing = lprng > preserve case = No > short preserve case = No > > [homes] > comment = Home Directories > read only = No > browseable = No > > [netlogon] > comment = Network Logon Service > path = /home/profiles > guest ok = Yes > browseable = No > share modes = No > > [printers] > comment = Temporary file space > path = /tmp > read only = No > guest ok = Yes > printable = Yes > browseable = No > > [public] > comment = Public Stuff > path = /home/samba > write list = @staff > guest ok = Yes
pgp00000.pgp
Description: signature
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
