Don't use the 'Sign or Seal' registry modification. Samba 3.x work
perfectly without this modification (This modification can be useful for
Samba 2.x). The problem is surely than your machine account don't exist
or you don't enter the good admin password. Try to add this account
manually without the scripts with smbpasswd and with ldapadd. Try to use
phpDLAPAdmin to create user and machine account for samba3+ldap.
I suggest you, on the global section, to revove all these lines
client plaintext auth = Yes
client lanman auth = Yes
lanman auth = No
ntlm auth = Yes
password level = 0
#admin users = manager, root, mikee, jrc, bdhein
admin users =
usershare allow guests = yes
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes
allow trusted domains = Yes
And on the netlogon section change
writable = Yes
for
writable = No or read only = yes
Trust me you don't want people write in this share. :-)
Robert
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/18/2006 09:23 AM, Mike escreveu:
Morning,
I have three machines, two xp and one win2k, that join the
samba pdc fine. I have tried to join others to this same
samba pdc using the same accounts for authentication without
success. The xp machine first says the user does not exist,
I click ok and go back to the screen for the domain account
authorized to join the domain and press ok (or next) again
and this time the xp box says the user already exists.
I think something is having an issue with the machine$
accounts in ldap. I added a '-t 5' in smb.conf to the
smbadd-useradd command for adding a machine. I could
tell a longer time before the first messages (missing user)
is returned, but I still have the same final situation with
the xp box not being a part of the samba pdc.
Any chances that the "Sign or Seal" problem still exists?
Any ideas?
Mike
[...]
------------------------------------ /etc/samba/smb.conf
# Samba config file created using SWAT
# from 10.1.2.43 (10.1.2.43)
# Date: 2006/08/03 15:11:35
[global]
security = USER
client plaintext auth = Yes
client lanman auth = Yes
encrypt passwords = Yes
lanman auth = No
ntlm auth = Yes
password level = 0
guest account = nobody
#admin users = manager, root, mikee, jrc, bdhein
admin users =
hosts allow = 10.1.2., 10.1.3.
cups options = raw
wins support = yes
usershare allow guests = yes
workgroup = PWI
netbios aliases = loghost, mailhost, backuphost, ldaphost
server string = Samba Server (%h)
logon drive = P:
logon home = \\%N\%U
logon path = \\%N\%U\profile
logon script = /etc/samba/login.bat
ldap suffix = dc=company,dc=com
ldap admin dn = cn=manager,dc=company,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap ssl = off
ldapsam:trusted = Yes
ldap timeout = 15
utmp directory = /var/run
wtmp directory = /var/log
utmp = Yes
password server = ldaphost.company.com
passdb backend = ldapsam:ldap://ldaphost.company.com
ldap passwd sync = Yes
#unix password sync = Yes
#passwd program = /usr/sbin/smbldap-passwd %u
#passwd chat = "Changing * password*for*\nNew password*" %n\n "*Retype new
password*" %n\n"
#passwd chat debug = Yes
os level = 66
preferred master = Yes
local master = Yes
domain master = Yes
domain logons = Yes
allow trusted domains = Yes
dns proxy = No
# log level = 255
# log level = 4
# log level = 3 ldap:10 passdb:10 auth:10 winbind:10
log level = 3
log file = /var/log/samba/%m.log
max log size = 500
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536
SO_SNDBUF=65536
#add user script = /usr/sbin/smbldap-useradd -m '%u'
add user script = /usr/sbin/smbldap-useradd -a -A 1 -B 1 -s /bin/bash -c "%u" -d /home/%u
-C "\\\\%h\\%u" -D 'H:' -M "[EMAIL PROTECTED]" %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
#add machine script = /usr/sbin/smbldap-useradd -w '%u'
#add machine script = /usr/sbin/smbldap-useradd -w -A 0 -B 0 -s /bin/false -c
"%u machine account" -d /dev/null %u
add machine script = /usr/sbin/smbldap-useradd -w -i '%u' -t 5
[netlogon]
path = /etc/samba/netlogon
browseable = No
writable = Yes
[homes]
comment = Home Directories
read only = No
guest ok = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[company]
comment = Company Corporate Files
path = /opt/company
create mask = 0765
browseable = Yes
printable = No
[Backups]
comment = Backup files are stored here
path = /opt/backups
browseable = Yes
printable = No
[Data]
comment = Storage for support and other data.
path = /opt/data
browseable = Yes
printable = No
[Cygwin]
comment = Company Cygwin Repositiory
path = /opt/cygwin
browseable = Yes
printable = No
guest ok = Yes
guest only = No
writeable = No
read only = Yes
------------------------------------ /etc/samba/smb.conf
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFD+6JCj65ZxU4gPQRAtFGAJ41tQuXbHjubugQ8f4p/U30A7l+dQCgwo8W
hCqQWgEaJ/puJ/9qFje2T0k=
=YM5+
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
