Hello all,
I have been working on this issue for some time and I know I am close to a solution. I am currently running samba 3.0.13. I have set the samba server up as a NT4 Domain controller and I have also integrated my LDAP configuration with samba. When I try to join the samba domain from any Windows 2000 or Windows XP machine I get the error message "The user could not be found". My smbldap-tools scripts are working in the sense that the Machine Add script is adding the machinename$ domain account. I have read several different Samba Windows Join Domain documents and have tried different variations of my config's to see if I can resolve this issue. I know my Samba LDAP configuration is good as I am able to authenticate to SMB file shares on the samba server with groups mapped to my LDAP database. I am also seeing successful LDAP binds as well in the logs. Any pointers on things I may be able to try would be great. Configs as follows: # Global parameters [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = Samba Server %v interfaces = 192.168.0.8/16 min password length = 3 map to guest = Bad User passdb backend = ldapsam:ldap://myldapsvr/ enable privileges = Yes passwd program = /usr/sbin/smbldap-passwd username map = /etc/samba/smbusers client NTLMv2 auth = No client lanman auth = No client plaintext auth = No syslog = 7 log file = /var/log/samba/log.%m max log size = 100000 smb ports = 135 445 min protocol = NT1 time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' && /usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -c 'Machine Account' -s /bin/false '%u' logon script = logon.bat logon path = logon drive = H: logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap ssl = no ldap user suffix = ou=Users printer admin = @adm, root create mask = 0755 directory mask = 0750 hosts allow = 192.168., 127. nt acl support = No case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /var/lib/samba/printers write list = @adm, root inherit permissions = Yes guest ok = Yes [admin] path = / valid users = @adm, root, jtaylor admin users = @adm, root, jtaylor read only = No browseable = No Thank you all James Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba