Changes below (after correspoding lines):
[global] workgroup = WORKGROUP netbios name = backup #username map = /etc/samba/smbusers
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/useradd -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines %u
Add quotes around your % arguments here. Even though you quote them on the command line that doesn't mean they get to the scripts that way
preferred master = yes domain master = yes local master = yes security = users domain logons = yes os level = 35 logon path = \\%L\profiles\%u logon drive = H: logon home = \\%L\%u\winprofile logon script = /etc/samba/logon/scripts
Unrelated to your issue, but you need to specify an absolute script here, it appears you're just pointing to a directory. Either point to a global script (logon.bat) or maybe a user/group script (%u.bat). This path will also be relative to your netlogon share.
#idmap backend = ldapsam:ldap://localhost
Good to comment this out, but remove it and any idmap related entries.
ldap suffix = dc=sovereign ldap admin dn = "cn=Manager,ou=People,dc=sovereign" ldap ssl = no passdb backend = ldapsam:ldap://localhost ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers
Depending on your nss configuration, change this to ou=People. Search the archives for an explanation, you can search for me if you wish, I've responded more times than I wish to remember.
ldap idmap suffix = ou=Idmap winbind separator = + winbind enum users = yes
These 3 should go bye bye, as well as any other winbind related entries, at least for your PDC.
template homedir = /home/winnt/%D/%U template shell = /bin/bash idmap uid = 10000-20000 idmap gid = 10000-20000
delete 2x.
Here is the ldap-init.ldif # Samba openldap configuration file # ------------------------------------------- # Organization for Samba Base dn: dc=sovereign objectclass: dcObject objectclass: organization dc: sovereign o: sovereign network test description: ldap configuration
# Organizational Role for Directory Management dn: cn=Manager,dc=sovereign objectclass: organizationalRole cn: Manager description: Manager
# Setting up container for users dn: ou=People,dc=sovereign objectclass: top objectclass: organizationalUnit ou: People
# Setting up admin handle for people dn: cn=admin,ou=People,dc=sovereign cn: admin objectclass: top objectclass: organizationalRole objectclass: simpleSecurityObject userPassword: *********************************
# Setting up container for groups dn: ou=Groups,dc=sovereign objectclass: top objectclass: organizationalUnit ou: Groups
# Setting up admin for Groups ou dn: cn=admin,ou=Groups,dc=sovereign cn: admin objectclass: top objectclass: organizationalRole objectclass: simpleSecurityObject userPassword: *********************************
# Setting up container for computers dn: ou=Computers,dc=sovereign objectclass: top objectclass: organizationalUnit ou: Computers
# Setting up admin handle for Computers OU dn: cn=admin,ou=Computers,dc=sovereign cn: admin objectclass: top objectclass: organizationalRole objectclass: simpleSecurityObject userPassword: ***********************************
# Setting up container for idmap dn: ou=Idmap,dc=sovereign objectclass: top objectclass: organizationalUnit ou: Idmap
# Setting up admin for Groups ou dn: cn=admin,ou=Idmap,dc=sovereign cn: admin objectclass: top objectclass: organizationalRole objectclass: simpleSecurityObject userPassword: **********************************
Gentoo box running kernel 2.6.7
I am able to add users and machine accounts. If I use tdbsam net groupmap works.
Curious how you have your nss configured, or if logging on actually works if you haven't toyed with it. Although chances are that if you are running gentoo you toyed with EVERYTHING.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
