Hi all,
(i'am beginner)
i have samba 3.0.7 and ldap 2.1.30-3 installed on linux debian sarge
My users account are stored in ldap (ou=people,dc=alsace,dc=iufm,dc=fr)
I used idealx smbldaptools .0.8.5 to :
- populate LDAP (account administrator is created, id administrator gives " uid=0(Administrator) gid=512(Domain Admins) groupes=512(Domain Admins)"
- add my machine accoun (named i-dp-test) by : smbldap-useradd -w i-dp-test
- created some user accounts by : smbldap-useradd -a -m -c "Pat DUBAU" pat
For tests i did :
- pdbvedit -Vl : lists all my users/computers with samba attributes. So OK
- smbclient -L FS1 : prompts me a password, i give the *root's* password then i get :
Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian]
Sharename Type Comment
--------- ---- -------
commun Disk commun aux profs et _tudiants
compta Disk fichiers du service comptable
prothee Disk acc__ prothee
netlogon Disk Network Logon Service
IPC$ IPC IPC Service (Samba 3.0.7-Debian)
ADMIN$ IPC IPC Service (Samba 3.0.7-Debian)
Domain=[DOMI] OS=[Unix] Server=[Samba 3.0.7-Debian] Server Comment
--------- -------
FS1 Samba 3.0.7-Debian Workgroup Master
--------- -------
DOMI FS1
INFORMATIQUE I_AM
MSHOME I_NN
WORKGROUP I-ADMRESEAUMy problem :
when i change the workgroup to domain DOMI on workstation i-dp-test, i'm prompted for user and password, i give *administrator *and his password, but i get the errror message : "The following error occured while attempting to join domain IDOM
The account is not autorized to connect from this station."
Note : The machine is windows XP Sp1
I'm looking for a few days now about that problem, but i can't find out what's wrong.
Thank you for any help
*Here my smn.conf file : *[global] netbios name = FS1 workgroup = DOMI security = user encrypt passwords = no admin users= @"Domain Admins"
interfaces=192.168.251.8 domain logons = Yes os level = 35 preferred master = Yes domain master = Yes
log file = /var/log/samba/%m.log log level = 3 max log size = 5000
add machine script = /usr/local/sbin/smbldap-useradd -w %u"
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
#set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=alsace,dc=iufm,dc=fr ldap admin dn = "cn=admin,dc=alsace,dc=iufm,dc=fr" ldap ssl=no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap idmap suffix = ou=Users ldap passwd sync = Yes #*********************************************************************************** ldap passwd sync = Yes
[commun] comment = commun aux profs et �tudiants volume = commun path = /home/samba/commun guest ok=yes read only = no writeable = yes
[compta] comment = fichiers du service comptable path = /home/samba/fichiers/compta public = yes writeable = yes read only = no create mask = 0750 valid users = @compta
[prothee] comment = acc�s � prothee path=/home/samba/prothee public = yes writeable = yes read only = no create mask = 0750 valid users = "prothee"
[netlogon] path = /home/samba/netlogon browseable = no read only = yes
*Here's me slapd.conf file : * # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on
# Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server argsfile /var/run/slapd.args
# Read slapd.conf(5) for possible values loglevel 256 # Create a replication log in /var/lib/ldap for use by slurpd. replogfile /var/log/ldap.log
# Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_ldbm
####################################################################### # Specific Backend Directives for ldbm: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend ldbm
####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other>
####################################################################### # Specific Directives for database #1, of type ldbm: # Database specific directives apply to this databasse until another # 'database' directive occurs database ldbm
# The base of your directory in database #1 suffix "dc=alsace,dc=iufm,dc=fr" # Where the database file are physically stored for database #1 directory "/var/lib/ldap"
# Indexing options for database #1 index objectClass eq index uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Save the time that the entry gets modified, for database #1 lastmod on
# Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attribute=userPassword
by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write
by anonymous auth
by self write
by * none# Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write
by * read# For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=alsace,dc=iufm,dc=fr" write # by dnattr=owner write
####################################################################### # Specific Directives for database #2, of type 'other' (can be ldbm too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other>
# The base of your directory for database #2 #suffix "dc=debian,dc=org"
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
