I have a Samba PDC with LDAP running on a CentOs 4.4 machine. When I
first had it all configured, everything worked fine, but now for some
reason, login scripts will not run on the client (even though they have
access to the shares the login script is trying to map) and I cannot
join client machines to the domain automatically using the Windows XP
Network Identification Wizard. When I try to join a workstation to the
domain I get an error that tells me the "user name could not be
found".
If I add the machine manually through LDAP Account Manager, then I can
join the machine to the domain. Also, when I join the machine and setup
the user, their home directory is mapped correctly to the drive letter I
selected (in this case U:) and the login script will appear on the
desktop, but it errors out claiming that the username is not found and
it prompts the user for their username and password, but if they enter
it in, it won't authenticate them, yet they can browse the network
shares and access them through network neighborhood as well as map
shares to drive letters manually. Here is my conf file:
[global]
#============General Settings===========
unix charset = LOCALE
workgroup = mydomain
netbios name = myserver
server string = Domain Controller running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
interfaces = eth1, lo
bind interfaces only = yes
os level = 35
#========Domain Settings=============== preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
#=========Security===================== encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
# obey pam restrictions = yes
# check password script = /usr/local/sbin/crackcheck -d /usr/lib/cracklib_dict
#---------------LDAP----------------
passdb backend = ldapsam:ldap://127.0.0.1/
ldap passwd sync = Yes
ldap suffix = dc=mydomain,dc=com
ldap admin dn = cn=Manager,dc=mydomain,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://127.0.0.1/
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /etc/smbldap-tools/smbldap-useradd -m "%u"
#delete user script = /etc/smbldap-tools/smbldap-userdel "%u"
add machine script = /etc/smbldap-tools/smbldap-useradd -w "%u"
add group script = /etc/smbldap-tools/smbldap-groupadd -p "%g"
#delete group script = /etc/smbldap-tools/smbldap-groupdel "%g"
add user to group script = /etc/smbldap-tools/smbldap-groupmod -m
"%u" "%g"
delete user from group script = /etc/smbldap-tools/smbldap-groupmod -x
"%u" "%g"
set primary group script = /etc/smbldap-tools/smbldap-usermod -g "%g"
"%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 1
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
#=========Shares======== template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
read only = no
write list = %U
create mask = 0600
directory mask = 0700
force user = %U
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
writeable = yes
browseable = no
profile acls = yes
[netlogon]
path = /var/lib/samba/netlogon
guest ok = yes
locking = no
--
*Jason Baker
*/IT Coordinator/
*Glastender Inc.*
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE- Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------