samba - Jan 2004 - Samba 3.0 PDC+LDAP Help in Fedora Core 1

Hello,

I am hoping someone will offer some help.  I'm currently trying to setup a
samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've read
loads of documentation, including

http://www.hilinski.net/samba/ldap_PDC_samba.doc
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
http://samba.idealx.org/samba-ldap-howto.pdf

As well as tons of posts in the mailing list archives, but I still cannot
get this combination to work.

As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf password
to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct SID
and ldap dn.  I've populated my ldap database using smbldap-populate.pl,
everything shows up correctly.  I've gone in to the ldap db and fixed
roots uid and gid as well as its sambaSID so that it can act as
administrator.  As far as I can tell, its setup correctly.

However, when I go to join a W2k Workstation client, I get "The user name
could not be found.".  Thats using root-testing combination from my config
files.  Samba does automatically create the machine account, that looks
fine.  But it refuses to join the machine.  Yes, I'm aware of the registry
hack for XP,W2K machines, and that has also been changed.


The weird thing is from that client, who I cannot join, I can view shares
on the PDC using root-testing user pass combination, so I know the
authentication is working correctly through ldap.  So what does that
user name not found error really mean?

Does anyone see anything obviously wrong in my config files that would
cause this?  I've cut them into the post below.  I would appreciate any
help as I'm just tired of reading and just can't seem to get past adding
a machine.  Thanks for any help...

Jason


--- begin ldap.conf ----

HOST 127.0.0.1
BASE dc=test,dc=edu

---- end ldap.conf ----


--- begin slapd.conf ----

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba.schema

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
database bdb
suffix "dc=test,dc=edu"
rootdn "cn=root,dc=test,dc=edu"
rootpw testing

directory /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub

---- end slapd.conf ----


---- begin smb.conf ----
[global]
passdb backend = ldapsam
ldap suffix = "dc=test,dc=edu"
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = "cn=root,dc=test,dc=edu"
ldap ssl = no
idmap backend = ldap:ldap://127.0.0.1
passwd chat debug = Yes
passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
delete user script = /usr/local/sbin/smbldap-userdel.pl %u
add group script = /usr/local/sbin/smbldap-groupadd.pl %g
delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g
set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
workgroup = TEST
netbios name = donald
comment = test samba pdc
security = user
null passwords = yes
encrypt passwords = yes
logon script=logon.bat
logon drive logon path domain master = yes
domain logons = yes
preferred master = yes
os level = 33
wins support = yes
wins proxy = no
log file = /var/log/samba/%m.log
public = No
browseable = yes
writable = No

; necessary share for domain controller
[netlogon]
path = /netlogon
locking = no
read only = yes
write list = ntadmin

;test share
[tmp]
writeable = yes
public = yes
path = /tmp

[profiles]
path = /profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700

---- end smb.conf ---

Can you put user and computer account in the same tree.

change in smb.conf

    ldap machine suffix = ou=User

also change you smbldap_conf.pm file also.


----- Original Message ----- 
From: "Jason P Holland" <jholland@cs.selu.edu>
To: <samba@lists.samba.org>
Sent: Friday, January 09, 2004 3:08 PM
Subject: [Samba] Samba 3.0 PDC+LDAP Help in Fedora Core 1

>
> Hello,
>
> I am hoping someone will offer some help.  I'm currently trying to
setup a
> samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've
read
> loads of documentation, including
>
> http://www.hilinski.net/samba/ldap_PDC_samba.doc
> http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> http://samba.idealx.org/samba-ldap-howto.pdf
>
> As well as tons of posts in the mailing list archives, but I still cannot
> get this combination to work.
>
> As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf
password
> to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct
SID
> and ldap dn.  I've populated my ldap database using
smbldap-populate.pl,
> everything shows up correctly.  I've gone in to the ldap db and fixed
> roots uid and gid as well as its sambaSID so that it can act as
> administrator.  As far as I can tell, its setup correctly.
>
> However, when I go to join a W2k Workstation client, I get "The user
name
> could not be found.".  Thats using root-testing combination from my
config
> files.  Samba does automatically create the machine account, that looks
> fine.  But it refuses to join the machine.  Yes, I'm aware of the
registry
> hack for XP,W2K machines, and that has also been changed.
>
>
> The weird thing is from that client, who I cannot join, I can view shares
> on the PDC using root-testing user pass combination, so I know the
> authentication is working correctly through ldap.  So what does that
> user name not found error really mean?
>
> Does anyone see anything obviously wrong in my config files that would
> cause this?  I've cut them into the post below.  I would appreciate any
> help as I'm just tired of reading and just can't seem to get past
adding
> a machine.  Thanks for any help...
>
> Jason
>
>
> --- begin ldap.conf ----
>
> HOST 127.0.0.1
> BASE dc=test,dc=edu
>
> ---- end ldap.conf ----
>
>
> --- begin slapd.conf ----
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/samba.schema
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> database bdb
> suffix "dc=test,dc=edu"
> rootdn "cn=root,dc=test,dc=edu"
> rootpw testing
>
> directory /var/lib/ldap
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
>
> ---- end slapd.conf ----
>
>
> ---- begin smb.conf ----
> [global]
> passdb backend = ldapsam
> ldap suffix = "dc=test,dc=edu"
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=root,dc=test,dc=edu"
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> passwd chat debug = Yes
> passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u
%g
> set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> workgroup = TEST
> netbios name = donald
> comment = test samba pdc
> security = user
> null passwords = yes
> encrypt passwords = yes
> logon script=logon.bat
> logon drive > logon path > domain master = yes
> domain logons = yes
> preferred master = yes
> os level = 33
> wins support = yes
> wins proxy = no
> log file = /var/log/samba/%m.log
> public = No
> browseable = yes
> writable = No
>
> ; necessary share for domain controller
> [netlogon]
> path = /netlogon
> locking = no
> read only = yes
> write list = ntadmin
>
> ;test share
> [tmp]
> writeable = yes
> public = yes
> path = /tmp
>
> [profiles]
> path = /profiles
> read only = no
> writeable = yes
> create mask = 0600
> directory mask = 0700
>
> ---- end smb.conf ---
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

Hi

it took some time for me to set this up to.

some hints:
-check with
net getlocalsid
if the host sid is the same as the sid in ldap
-check with
net groumap list
is the groupmapping is correct.
-check with
pdbedit -L -v -u username
for each user, if samba can reslove the sid and group sid's correctly
I noticed, that if you have one sid (group or user) twice, you
can have much trouble..
-don`t use a groupname which is equal to a username (no problem in unix,
but in windows)
-I have a groupmap
which maps
Administrator to root.
Because of the fact, that root and nobody are already in /etc/passwd
 I added a tbdsam backend, which only contains
root and nobody with the correct SID's
(I don't know, if this is the right way)
(If you do so, uncomment the user add script in smb.conf
for adding root and nobody to the tdb backend with pdbedit -b ....)
(The reason for the stuff is, that I dont want root and nobody
in /etc/passwd and ldap)
-set the debug level to 10 and watch the logs...)
-check if the smbldap-adduser skript has
allready added a machine.
The skript adds the posix attributes for the account and sambe shouls add
the rest..
-don't use filter in /etc/ldap.conf
I used to filter out the computers there (in order to not get them with
getent passwd etc) but smbldap determines the next free UID with
this. So a UID might be used twice.

-Finally I modified the smbldap-tool smbldap-useradd skript,
but I am not sure, if this is really necessary.
I am off work know.
If the above won't help you. let me know, and I sent you my modifications.

Greetings

Hansj?rg
Jason P Holland sagte:
>
> Hello,
>
> I am hoping someone will offer some help.  I'm currently trying to
setup a
> samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've
read
> loads of documentation, including
>
> http://www.hilinski.net/samba/ldap_PDC_samba.doc
> http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> http://samba.idealx.org/samba-ldap-howto.pdf
>
> As well as tons of posts in the mailing list archives, but I still cannot
> get this combination to work.
>
> As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf
password
> to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct
SID
> and ldap dn.  I've populated my ldap database using
smbldap-populate.pl,
> everything shows up correctly.  I've gone in to the ldap db and fixed
> roots uid and gid as well as its sambaSID so that it can act as
> administrator.  As far as I can tell, its setup correctly.
>
> However, when I go to join a W2k Workstation client, I get "The user
name
> could not be found.".  Thats using root-testing combination from my
config
> files.  Samba does automatically create the machine account, that looks
> fine.  But it refuses to join the machine.  Yes, I'm aware of the
registry
> hack for XP,W2K machines, and that has also been changed.
>
>
> The weird thing is from that client, who I cannot join, I can view shares
> on the PDC using root-testing user pass combination, so I know the
> authentication is working correctly through ldap.  So what does that
> user name not found error really mean?
>
> Does anyone see anything obviously wrong in my config files that would
> cause this?  I've cut them into the post below.  I would appreciate any
> help as I'm just tired of reading and just can't seem to get past
adding
> a machine.  Thanks for any help...
>
> Jason
>
>
> --- begin ldap.conf ----
>
> HOST 127.0.0.1
> BASE dc=test,dc=edu
>
> ---- end ldap.conf ----
>
>
> --- begin slapd.conf ----
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/samba.schema
>
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> database bdb
> suffix "dc=test,dc=edu"
> rootdn "cn=root,dc=test,dc=edu"
> rootpw testing
>
> directory /var/lib/ldap
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
>
> ---- end slapd.conf ----
>
>
> ---- begin smb.conf ----
> [global]
> passdb backend = ldapsam
> ldap suffix = "dc=test,dc=edu"
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=root,dc=test,dc=edu"
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> passwd chat debug = Yes
> passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u
> %g
> set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> workgroup = TEST
> netbios name = donald
> comment = test samba pdc
> security = user
> null passwords = yes
> encrypt passwords = yes
> logon script=logon.bat
> logon drive > logon path > domain master = yes
> domain logons = yes
> preferred master = yes
> os level = 33
> wins support = yes
> wins proxy = no
> log file = /var/log/samba/%m.log
> public = No
> browseable = yes
> writable = No
>
> ; necessary share for domain controller
> [netlogon]
> path = /netlogon
> locking = no
> read only = yes
> write list = ntadmin
>
> ;test share
> [tmp]
> writeable = yes
> public = yes
> path = /tmp
>
> [profiles]
> path = /profiles
> read only = no
> writeable = yes
> create mask = 0600
> directory mask = 0700
>
> ---- end smb.conf ---
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
Dr. Hansj?rg Maurer
itsystems Deutschland AG
Linprunstr. 10
D-80335 M?nchen
Ph/Fax +49 89 52 04 68-41/-59

Hello,

I originally ran into this problem when trying to use "administrator"
mapped to root account. I finally settled on using root user in LDAP.
Everything works for joining W2kand XP clients to domain.

LDAP entry for uid=root :

sn: root
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 0
uid: root
uidNumber: 0
sambaPwdLastSet: 1068914615
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 1068914615
sambaPwdMustChange: 2147483647
sambaHomePath: \\whs1\root
sambaHomeDrive: H:
sambaLMPassword: E3B4E05BE6A182C9E13B8B8F6853DCAC
sambaNTPassword: F4858C7E53BB628AE91E0TE9DB6CD467
sambaAcctFlags: [U          ]
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-1000
loginShell: /bin/bash
gecos: Netbios root user
homeDirectory: /root
userPassword::
e1NNRDV9RmhIS2VJWnpFdkxpMG5PYTAzK3BKbWNRWDFVPQ=sambaPrimaryGroupSID:
S-1-5-21-1129281578-1295143107-3311307472-512

Running net groupmap list on PDC among other mappings I get:

...
domain_admins (S-1-5-21-1129281578-1295143107-3311307472-512) -> root
computers (S-1-5-21-1129281578-1295143107-3311307472-515) -> dcomputers
domain_users (S-1-5-21-1129281578-1295143107-3311307472-513) -> dusers
...

In /etc/group :
...
root:x:0:root
dusers:x:500:
domadmins:x:501:
dcomputers:x:502:
...


Applicable line in smb.conf :

add machine script = /usr/local/samba/bin/smbpasswd -a -m %u

This root account works to machines to domain. The machine accounts need
to be in /etc/passwd also.

ex:
useradd -d /dev/null -s /bin/false -m -c "Computer" whs-0106$

Now I can join comouter "whs-0106" to domain with user root when I
right
click on "My Computer"

LDAP entry for workstation "whs-0106"

dn: uid=whs-0106$,ou=Computers,dc=tow,dc=net
uid: whs-0106$
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-3942
sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-515
displayName: WHS-0106$
sambaAcctFlags: [W          ]
objectClass: sambaSamAccount
objectClass: account
sambaPwdCanChange: 1071606889
sambaPwdMustChange: 2147483647
sambaLMPassword: D1921171A5BFAAEE0B4786D995AB9B91
sambaNTPassword: D1921171A5BFAAEE0B4786D995AB9B91
sambaPwdLastSet: 1071606889

It's been suggested by I believe John Terpstra, to put machine accounts
and users into one container object in LDAP due to a problem with
searching for computers. I haven't had any problems with this in fact
I'm experimenting with dividing the domain into logical groups by
building, in my case.

ex. :

ou=HighSchool,dc=tow,dc=net
ou=Users,ou=HighSchool,dc=tow,dc=net
ou=Computers,ou=HighSchool,dc=tow,dc=net

ou=MinotElementarySchool,dc=tow,dc=net
ou=Users,ou=MinotElementarySchool,dc=tow,dc=net
ou=Computers,ou=MinotElementarySchoo,dc=tow,dc=net

ou=DecasElementarySchool,dc=tow,dc=net
ou=Users,ou=DecasElementarySchool,dc=tow,dc=net
ou=Computers,ou=DecasElementarySchoo,dc=tow,dc=net

Anyway, this is beyond what you asked but I was on a roll. Hope this
helps.



On Fri, 2004-01-09 at 15:08, Jason P Holland wrote:
> Hello,
> 
> I am hoping someone will offer some help.  I'm currently trying to
setup a
> samba 3 PDC with LDAP authentication backend in Fedora core 1.  I've
read
> loads of documentation, including
> 
> http://www.hilinski.net/samba/ldap_PDC_samba.doc
> http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html
> http://samba.idealx.org/samba-ldap-howto.pdf
> 
> As well as tons of posts in the mailing list archives, but I still cannot
> get this combination to work.
> 
> As for the setup, I've installed Openldap 2.1.22, Samba 3.0.0,
> smbldap-tools-0.8.2.  I've run smbpasswd -w to add my slapd.conf
password
> to the secrets.tdb file.  I've setup smbldap_conf.pl with my correct
SID
> and ldap dn.  I've populated my ldap database using
smbldap-populate.pl,
> everything shows up correctly.  I've gone in to the ldap db and fixed
> roots uid and gid as well as its sambaSID so that it can act as
> administrator.  As far as I can tell, its setup correctly.
> 
> However, when I go to join a W2k Workstation client, I get "The user
name
> could not be found.".  Thats using root-testing combination from my
config
> files.  Samba does automatically create the machine account, that looks
> fine.  But it refuses to join the machine.  Yes, I'm aware of the
registry
> hack for XP,W2K machines, and that has also been changed.
> 
> 
> The weird thing is from that client, who I cannot join, I can view shares
> on the PDC using root-testing user pass combination, so I know the
> authentication is working correctly through ldap.  So what does that
> user name not found error really mean?
> 
> Does anyone see anything obviously wrong in my config files that would
> cause this?  I've cut them into the post below.  I would appreciate any
> help as I'm just tired of reading and just can't seem to get past
adding
> a machine.  Thanks for any help...
> 
> Jason
> 
> 
> --- begin ldap.conf ----
> 
> HOST 127.0.0.1
> BASE dc=test,dc=edu
> 
> ---- end ldap.conf ----
> 
> 
> --- begin slapd.conf ----
> 
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/samba.schema
> 
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> database bdb
> suffix "dc=test,dc=edu"
> rootdn "cn=root,dc=test,dc=edu"
> rootpw testing
> 
> directory /var/lib/ldap
> index objectClass eq
> index cn pres,sub,eq
> index sn pres,sub,eq
> index uid pres,sub,eq
> index displayName pres,sub,eq
> index uidNumber eq
> index gidNumber eq
> index memberUid eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index sambaDomainName eq
> index default sub
> 
> ---- end slapd.conf ----
> 
> 
> ---- begin smb.conf ----
> [global]
> passdb backend = ldapsam
> ldap suffix = "dc=test,dc=edu"
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=root,dc=test,dc=edu"
> ldap ssl = no
> idmap backend = ldap:ldap://127.0.0.1
> passwd chat debug = Yes
> passwd program =/usr/local/sbin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
Never used the IDEALX scripts. Right now I use a shell script to batch
add computers and users.

> add machine script = /usr/local/sbin/smbldap-useradd.pl -w %m
> add user script = /usr/local/sbin/smbldap-useradd.pl -a %u
> delete user script = /usr/local/sbin/smbldap-userdel.pl %u
> add group script = /usr/local/sbin/smbldap-groupadd.pl %g
> delete group script = /usr/local/sbin/smbldap-groupdel.pl %g
> add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g
> delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u
%g
> set primary group script = /usr/local/sbin/smbldap-usermod.pl -G %g %u
> workgroup = TEST
> netbios name = donald
> comment = test samba pdc
> security = user
> null passwords = yes
> encrypt passwords = yes
> logon script=logon.bat
> logon drive > logon path > domain master = yes
> domain logons = yes
> preferred master = yes
> os level = 33
> wins support = yes
> wins proxy = no
> log file = /var/log/samba/%m.log
> public = No
> browseable = yes
> writable = No
> 
> ; necessary share for domain controller
> [netlogon]
> path = /netlogon
> locking = no
> read only = yes
> write list = ntadmin
> 
> ;test share
> [tmp]
> writeable = yes
> public = yes
> path = /tmp
> 
> [profiles]
> path = /profiles
> read only = no
> writeable = yes
> create mask = 0600
> directory mask = 0700
> 
> ---- end smb.conf ---
One other thing I found that would cause problems adding a computer to a
domain. Duplicate names. If you use ghost disk imaging this is a common
problem.

-- 
Kent L. Nasveschuk <kent@wareham.k12.ma.us>