Hi there, this is my config, I have a CentOS 5.3 x86_64 full updated
with Xen enabled with Samba 3.5.4 sernet RPMs. I have a virtual machine
running Windows 2008 R2 Foundation running full virtualized on the
same machine.
When i tried to join the Windows 2008 to the domain i get this message:
The following error ocurred attempting to join the domain "MYDOMAIN":
A device attached to the system is not functioning.
The Windows 2008 registry was modified to be able to join the domain as
recommended on internet:
|HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
||HKLM\System\CurrentControlSet\Services\Netlogon\Parameters
DWORD RequireSignOrSeal = 0
DWORD RequireStrongKey = 0
|
This is my config:
smb.conf
[global]
unix charset = ISO8859-1
workgroup = MYDOMAIN
netbios name = pdc
passdb backend = ldapsam:ldap://127.0.0.1
username map = /etc/samba/smbusers
log level = 10
log file = /var/log/samba/%m.log
max log size = 50
name resolve order = hosts lmhost wins bcast
wins support = yes
time server = Yes
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w -i %u
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
ldap password sync = Yes
enable privileges = Yes
logon script = %U.bat OR netlogon.bat
logon path = \\%L\profiles\%U
logon drive = H:
domain logons = Yes
preferred master = Yes
domain master = Yes
ldap admin dn = cn=Administrador,dc=mydomain,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=local
ldap user suffix = ou=Users
ldap ssl = off
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1-2
idmap gid = 1-2
printer admin = Administrador
map acl inherit = Yes
printing = cups
printcap name = CUPS
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Network Profiles Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
create mode = 0600
directory mode = 0700
writable = yes
browseable = No
store dos attributes = Yes
slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/dyngroup.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referralldap://root.openldap.org
pidfile/var/run/openldap/slapd.pid
argsfile/var/run/openldap/slapd.args
# Load dynamic backend modules:
modulepath/usr/lib64/openldap
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client
software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
#Require integrity protection (prevent hijacking)
#Require 112-bit (3DES or better) encryption for updates
#