I am in the process of implementing a new SAMBA install Version 3.6.3-34.12.1-2797-SUSE-SL12.1-x86_64 on OpenSuse 12.1 I am using LDAP as my backend and LAM to manage my LDAP accounts. Thing were going well until recently. Suddenly any newly created user can not logon (win7). Any accounts that I created prior to last week can still logon to the workstation.
The only changes I recall making involve add machine script. I moved from using useradd to using smbldap-useradd so machine accounts would only be created in LDAP and not locally. Also, in yast, I changed the LDAP client Naming Context from ou=users,dc=nctschools,dc=org to dc=nctschools,dc=org to allow the local LDAP client to find machine accounts, as they are not created in the user context. However, I don't believe any of these changes could be causing the "group policy client service failed the logon. Access denied" error I am receiving. I could be wrong though. Any help would be GREAT. Thanks Here is my smb.conf [global] workgroup = NEVSD map to guest = Bad User passdb backend = ldapsam:ldap://SAMBA1.nctschools.org log level = 3 log file = /var/log/samba/log.%m printcap name = cups add machine script = /usr/sbin/smbldap-useradd -t 1 -w -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = \\%L\profiles\%U logon drive = P: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Administrator,dc=nctschools,dc=org ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Machines ldap passwd sync = yes ldap suffix = dc=nctschools,dc=org ldap user suffix = ou=Users idmap config * : backend = ldap:ldap://SAMBA1.nctschools.org cups options = raw [homes] comment = Home Directories valid users = %S, %D%w%S read only = No inherit acls = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes -- Shawn Dakin (CNE) Director of Technology Newcomerstown Schools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba