On Mon, 2003-11-03 at 01:20, Robert wrote: > I have done this successfully with samba 2.2.8a and an LDAP backend with > openldap. I had difficulty with the regular smbpasswd file in that I was > unable to join. I haven't tried the regular smbpasswd backend in a while > because I made the switch to ldap. Is there anything special I need to do > with the plain old smbpasswd backend.
I haven't used the old smbpasswd backend in a pretty long time either so I wouldn't know... > Have you done the same with samba 3? I'm looking for the equivalent for > samba 3. I created a group called domain-admins, and mapped it with the net > groupmap add command. The ntgroup name is "Domain Admins" and I manually > set the rid to 512. If I add users to the group, but join the domain with > the root account added via smbpasswd, the members of the group are > recognized as domain admins. I still can't join the domain with an account > from that group. I haven't played much with Samba 3 yet, but I'll be installing it when I'll have some time to do so. Jean-Rene Cormier > Please help. > Bob. > > > > "Jean-Rene Cormier" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > My smb.conf is pretty basic, I don't see anything else other than the > > domain admin group that would change that behaviour. > > > > Here's part of my smb.conf: > > > > [global] > > workgroup = DOMAIN > > netbios name = SERVER > > server string = SERVER > > interfaces = 192.168.0.2 127.0.0.1 > > bind interfaces only = Yes > > encrypt passwords = Yes > > passwd program = /usr/bin/passwd %u > > username map = /etc/samba/private/usermap > > unix password sync = Yes > > log file = /var/log/samba/%m > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > > > > name resolve order = wins bcast hosts > > domain admin group = root, admina, adminb > > logon path = \\%N\profiles\%u > > logon drive = I: > > domain logons = Yes > > os level = 35 > > preferred master = Yes > > local master = Yes > > domain master = Yes > > wins support = Yes > > > ldap server = 127.0.0.1 > > ldap port = 389 > > ldap suffix = "dc=domain,dc=com" > > ldap admin dn = "uid=smbadmin,ou=People,dc=domain,dc=com" > > ldap ssl = Yes > > > > Jean-Rene Cormier > > > > On Fri, 2003-10-31 at 11:36, werner maes wrote: > > > I'm glad it works for you :-) > > > can you give some configuration details of smb.conf? > > > > > > I have: domain admin group = root ldaptest. > > > > > > Werner > > > > > > At 11:27 31/10/2003, Jean-Rene Cormier wrote: > > > >I just reformatted a computer and I joined it with my regular username > > > >which doesn't have uid=0 and is not mapped to root either. I thought > > > >that maybe it was because the machine account was already in LDAP so I > > > >booted up another Windows in VMWare and removed it from the domain and > > > >changed the computer name to one that wasn't already in LDAP and I was > > > >able to join it with the same username. I'm using the "domain admin > > > >group" and it seems to be working fine. Running on Samba 2.2.8a btw. > > > > > > > >Jean-Rene Cormier > > > > > > > >On Fri, 2003-10-31 at 10:37, Thiago Lima wrote: > > > > > The user MUST be root, if you want to use another user map it to > root in > > > > > smbusers. > > > > > > > > > > > > > > > regards. > > > > > thiago. > > > > > > > > > > > > > > > > I tried to add a computer to a Samba domain using another account > > > > > > (testuser) than root. > > > > > > I use LDAP for authentication and added the account > > > > > > (testuser) with uid=0 > > > > > > in ldap. If I use this account to add an computer to the > > > > > > domain I get the > > > > > > error: "Access is denied". > > > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
