Il giorno mer, 03/12/2008 alle 10.27 -0800, Robinson, Eric ha scritto:
> What does 'net ads testjoin' say? Sounds like the trust is broken.
> Whevever we've seen those errors, we've fixed them by remove and
> rejoining the computer to the domain.
>
> --
> Eric Robinson
on the samba domain controller I run:
net ads testjoin
[2008/12/04 15:49:47, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Join to domain is not valid: No logon servers
but strangely now all seems to work,
testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
unix charset = LOCALE
workgroup = CPE
netbios name = CPE-PDC
server string = Samba PDC
passdb backend = ldapsam:ldap://ldap.cpe.it
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=cpe,dc=it
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=cpe,dc=it
ldap user suffix = ou=Users
idmap backend = ldap:ldap://ldap.cpe.it
idmap uid = 10000-20000
idmap gid = 10000-20000
printer admin = Administrator
map acl inherit = Yes
[netlogon]
comment = Network Logon Service
path = /home/dati/samba/netlogon/
browseable = No
locking = No
share modes = No
[profiles]
path = /home/dati/samba/profiles
valid users = %U
admin users = "@Domain Admins"
read only = No
guest ok = Yes
profile acls = Yes
case sensitive = No
preserve case = No
short preserve case = No
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
browseable = No
csc policy = disable
[homes]
comment = Cartella Personale
valid users = %S
read only = No
hide files = /.bash*/.profile/
browseable = No
any hints?
thanks
Nicola
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Mailing List SVR
> Sent: Wednesday, December 03, 2008 2:07 AM
> To: Samba List
> Subject: [Samba] NT_STATUS_ACCESS_DENIED
>
> Hi all,
>
> I have a samba PDC (with ldap), all ok for several months since today
> users experience very slow login, in my log I have :
>
> [2008/12/03 11:00:18, 0]
> auth/auth_util.c:create_builtin_administrators(792)
> create_builtin_administrators: Failed to create Administrators
> [2008/12/03 11:00:18, 0] auth/auth_util.c:create_builtin_users(758)
> create_builtin_users: Failed to create Users
>
> net sam createbuiltingroup Users
>
> give
>
> NT_STATUS_ACCESS_DENIED
>
> and
>
> wbinfo -g
> Error looking up domain groups
>
>
> until yesterday all was ok, what can be the origin of this problems? I
> think isn't a configuration issue, I repeat myself the same
> configuration is working since several months,
>
> a google search give several results with similar problems but seems
> none is able to solve
>
> thanks for your help,
>
> regards
> Nicola
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
> Disclaimer - December 3, 2008
> This email and any files transmitted with it are confidential and intended
> solely for Mailing List SVR,Samba List. If you are not the named addressee
> you should not disseminate, distribute, copy or alter this email. Any views
> or opinions presented in this email are solely those of the author and might
> not represent those of . Warning: Although has taken reasonable precautions
> to ensure no viruses are present in this email, the company cannot accept
> responsibility for any loss or damage arising from the use of this email or
> attachments.
> This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
