Here is the PDC's smb.conf:
[global]
netbios name= servsso
workgroup = prodesan.com.br
log file= /var/log/samba/%m.log
max log size= 500
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %
n\n *passwd:*all*authentication*tokens*updated*successfully*
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = yes
os level= 180
preferred master= yes
domain master = yes
security= user
guest ok= no
invalid users = bin daemon sys man postfix mail ftp
admin users = root
encrypt passwords = yes
logon script = scripts\logon.bat
ldap ssl= no
printing= lprng
hide dot files = yes
time server = yes
log level = 2
passdb backend = ldapsam:ldap://127.0.0.1
ldap passwd sync = yes
ldap delete dn = Yes
ldap admin dn = cn=admin,dc=prodesan,dc=com,dc=br
ldap suffix = dc=prodesan,dc=com,dc=br
ldap machine suffix = ou=computadores
ldap user suffix = ou=pessoas
ldap group suffix = ou=grupos
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %
g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
And here is the member server's smb.conf:
[global]
workgroup = prodesan.com.br
realm = PRODESAN.COM.BR
preferred master = no
netbios name = Servproducao
server string = Servproducao
security = domain
encrypt passwords = true
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
printcap name = cups
printing = cups
idmap uid = 1-2
idmap gid = 1-2
passdb backend = ldapsam:ldap://192.168.131.104
ldap passwd sync = yes
ldap delete dn = Yes
ldap admin dn = cn=admin,dc=prodesan,dc=com,dc=br
ldap suffix = dc=prodesan,dc=com,dc=br
ldap machine suffix = ou=computadores
ldap user suffix = ou=pessoas
ldap group suffix = ou=grupos
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://192.168.131.104
idmap uid = 1-2
idmap gid = 1-2
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
On Tue, 19 Jun 2007 14:18:58 -0400, Chris Smith wrote
On Tuesday 19 June 2007, Sandra wrote:
[2007/06/19 14:27:41, 0] utils/net_ads.c:ads_startup(191)
ads_connect: No results returned
Creation of workstation account failed
Unable to join domain PRODESAN.COM.BR.
Correct me if I'm wrong as I have no experience with ldap setups but
AFAIK Samba domains are NetBIOS domains which are flat, not
hierarchical. If so your domain name should be something more like
PRODESAN and not PRODESAN.COM.BR.
Also you didn't post your smb.conf but I'm curious about the use of
ads_connect, which seems like you're trying to work with an AD
domain instead of a NetBIOS (Samba) domain. So I'm wondering if you
have something other than security - user in the PDC's smb.conf
and security - domain in the member servers smb.conf.
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
Sandra Nascimento
Analista de Suporte
[EMAIL PROTECTED]
(13)3229.8000 Ramal 135/176
--
Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.