Am 02.08.2011 14:54, schrieb J. Echter:
Am 02.08.2011 14:40, schrieb Julien Celle:
Le 02/08/2011 14:22, J. Echter a écrit :
Am 02.08.2011 14:06, schrieb Julien Celle:
pdbedit output indicates that the profile is stored on '\\pdc...' and
that the user is defined on the domain 'BDC'.
oh i forgot, profiles are on \\pdc.
cheers.
Hi,
There may be a problem trying to access your profiles on \\pdc while
authenticating against \\bdc. Your users try to access a share
without giving your PDC credentials it can validate. Try moving your
profile for your user test to \\bdc\profile...
You could also post your whole smb.conf for your BDC.
Cheers,
Julien.
first both of my configs...
BDC:
[global]
domain master = no
domain logons = yes
passdb backend = ldapsam:ldap://mule
idmap backend = ldap:ldap://mule
idmap uid = 10000-15000
idmap gid = 10000-15000
ldap suffix = dc=workgroup,dc=local
ldap user suffix = ou=smb-usr
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap admin dn = cn=admin,dc=workgroup,dc=local
ldap ssl = no
ldap passwd sync = yes
printing = bsd
netbios name = BDC
server string = BDC (%h)
workgroup = workgroup
interfaces = eth0,lo
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody
logon path = \\pdc\profile\%U
logon script = %U.bat
logon drive = H:
panic action = /usr/share/samba/panic-action %d
PDC:
[global]
printing = bsd
netbios name = PDC
server string = PDC (%h)
workgroup = workgroup
interfaces = eth0,lo
security = user
encrypt passwords = true
map to guest = bad user
guest account = nobody
## LDAP
passdb backend = ldapsam:ldap://127.0.0.1
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 10000-15000
idmap gid = 10000-15000
ldap suffix = dc=workgroup,dc=local
ldap user suffix = ou=smb-usr
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmap
ldap admin dn = cn=admin,dc=workgroup,dc=local
ldap ssl = no
ldap passwd sync = yes
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add user script = /usr/sbin/smbldap-useradd -a '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -a '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\pdc\profile\%U
logon script = %U.bat
logon drive = H:
panic action = /usr/share/samba/panic-action %d
atm i have domain logons = no, to avoid negative interaction with my
running pdc. hope this helps.
ok, what i know now :)
there get's a second domain added to ldap directory if i, for example,
add an user on pdc and do a pdbedit -v an-user i have a second
SambaDomainName in my ldap tree. This one is called the same as my bdc
is configured in its smb.conf.
is it forbidden to name the server bdc or similar? i have set workgroup
= workgroup in smb.conf on pdc and bdc.
im lost with this...
thanks
juergen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba