Hey.
I'm trying to move my existing MS-AD over to SAMBA, the place I'm
working for is changing all servers from MS to Debian, but all the
clients is still a mixed environment for now.
We have MAC, *NIX, and Windows clients, so its imported that everything
keeps running in the same or almost the same way as before the change but.
When I try to join a Windows Vista Ultimate ore Windows XP Pro to the
domain it takes 30 sec and then it says "The machine account dos not
exist" but as I understand that is what
"add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"" has to
do right ?
I have pasted my config + log from OpenLDAP and SAMBA, can anybody see
what I have don wrung
# cat /etc/samba/smb.conf
-
# Defining domain name, hostname
[global]
workgroup = MY-DOMAIN
netbios name = HDS-Linux - PDC
server string = Debian Samba-PDC %v
name resolve order = host bcast
hosts allow = 192.168.1. 192.168.2. 127.
wins support = yes
# Network settings #
#interfaces = 192.168.5.11
#username map = /etc/samba/smbusers
# Security #
security = ads
realm = MY-DOMAIN
nt acl support = Yes
enable privileges = yes
encrypt passwords = Yes
obey pam restrictions = Yes
password server = my-server.my-domain
#min passwd length = 5
#pam password change = no
# method 1:
#unix password sync = no
#ldap passwd sync = yes
# method 2:
unix password sync = No
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Skift kode: *\n Ny kode*" %n\n "*Gentag ny kode*"
%n\n"
# Log #
log level = 1
syslog = 1
log file = /var/log/samba/samba_my-domain.log
max log size = 10
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
# Logon scripts #
logon script = scripts/logon.bat
logon path = \\%L\profile\%U
logon drive = H:
logon home = \\%L\%u
# Server settings #
time server = Yes
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
# Winbind settings #
winbind use default domain = yes
winbind separator = %
winbind uid = 1-21000
winbind gid = 1-21000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
# LDAP settings #
# passdb backend = ldapsam:"ldap://ldap1.company.com
ldap://ldap2.company.com";
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=domain,dc=dk
ldap suffix = dc=domain,dc=dk
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
idmap uid = 1-21000
idmap gid = 1-21000
ldap ssl = No
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w -i "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%u" "%g"
# printers configuration #
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
#force create mode = 0640
#force directory mode = 0750
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
comment = Roaming Profiles
#path = /var/lib/samba/profiles
path = /home/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U "Domain Admins"
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /home/spool/
browseable = No
read only =