Hi Paul, Finally, I got a new hard disk and reinstalled my XP workstation. I'm now able to join the domain correctly. I've also been able to add my printer driver on the PDC. So, everything is working great now.
Here's my smb.conf for those who would like a working configuration of a PDC with LDAP smb.conf ======== [global] workgroup = cyberspicace netbios name = fs01 server string = fs01 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 wins support = yes ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes domain logons = yes ;security and logging settings security = user encrypt passwords = yes unix password sync = yes passdb backend = ldapsam:ldap://<servername.domain> username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 ;security - interface interfaces = eth0 192.168.1.0/24 lo 127/8 bind interfaces only = yes ;services name resolve order = wins bcast hosts time server = yes load printers = yes printcap name = cups printing = cups show add printer wizard = yes ;various scripts passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' %g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x %u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' %u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: ;access admin users = @Domain\ Admins printer admin = root, @Domain\ Admins ;ldap backend ldap suffix = dc=<domainname>,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap admin dn = cn=Manager,dc=<domainname>,dc=com map acl inherit = Yes include = /etc/samba/shares.conf ----- Where shares.conf is having [IPC$] path = /tmp hosts allow = 192.168.1.0/24, 127.0.0.1 hosts deny = 0.0.0.0/0 [homes] comment = Home Directories ;valid users = %S writable = yes browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no locking = no [profiles] comment = Profile Share path = /home/samba/profiles writable = yes profile acls = yes browseable = no guest ok = yes [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = yes public = yes writable = no printable = yes use client driver = no browseable = no [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = administrator, root ----- This is a really long config file but it's working. Thank you for your help. It has been really appreciated. Etienne -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Etienne-Hugues Fortin Sent: June 10, 2004 08:50 To: Paul Gienger Cc: [EMAIL PROTECTED] Subject: Re: [Samba] security = ads: problem join XP Pro? Hi Paul, > Where are you getting with adding the machines? You should get a posix > user added with machinename$ for the uid, then that user will be > modified to include the sambaSamAccount data. That's what I got when I tried joining the domain while security was set to domain. However, I've not been able to retest this with security set to user as you suggested. My test workstation hard disk crashed yesterday. I'm expecting my replacement drive tomorrow so I should be able to test this during the weekend. > I would suggest these for 'official' resources: > http://us2.samba.org/samba/docs/man/howto/samba-pdc.html* > *and > http://us2.samba.org/samba/docs/man/guide/ > ** I'll have a look at those. Until now, I've use the Samba by example and that's where I got the security = ads which seems to be the cause of my problem. > there are a couple of comments below: Yes, the smbldap-tools are installed and working. I've also setted the secret with smbpasswd -w. As I said, the join worked after I tried security = domain. I'm pretty sure it will work as well with security = user. I just have to wait for my new hard disk... I'll keep you posted as soon as I'm having tested it. Have a nice day. Etienne-Hugues -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
