The Samba 3.0.5rc1 server is configured as a PDC.
[global]
# client code page = 866
# NetBIOS name of that comp
netbios name = TOLTEC
#Name of Domain
workgroup = liin
#Comment
server string = Samba PDC %v
#Interface where samba works
interfaces = 10.0.0.4/24 127.0.0.1/24
bind interfaces only = yes
hosts allow = 10.0.0.
name resolve order = hosts bcast
#DOMAIN CONFIG
encrypt passwords = Yes
domain master = Yes
local master = Yes
prefered master = Yes
security = user
domain logons = yes
# ONLY FOR 2K/XP!
client ntlmv2 auth = Yes
# NO WIN9X IN OUR DOMAIN!!!!!
client lanman auth = no
client plaintext auth = no
#TEst this
disable netbios = no
#OS level!!!
os level = 65
#ALL about Loggin ^)
log level = 10
log file = /var/log/samba/%m.log
max log size = 2000
#WINBIND CONFIG!!!!
winbind separator = +
winbind use default domain = Yes
winbind uid =10000-20000
winbind gid =10000-20000
#If i comment it then
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560)
# winbindd: idmap uid range missing or invalid
#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561)
# winbindd: cannot continue, exiting.
# Could not init idmap -- netlogon proxy only
# strange thing.... on 3.0.4 i don't need to write it
winbind enum users = yes
winbind enum groups = yes
password server= localhost
logon path = \\%L\profiles\%u
logon script = logon.bat
logon drive = H:
# logon home = \\%L\%u\.win_profile\%m
# NO 9X HERE!!!
time server = yes
#LDAP STARTS HERE
passdb backend = ldapsam:ldap://localhost
ldap admin dn = "cn=Manager,dc=liin,dc=org"
ldap server = localhost
ldap port = 389
ldap suffix = dc=liin,dc=org
ldap machine suffix = ou=people
ldap user suffix = ou=people
ldap group suffix = ou=groups
# ldap filter = "(&(uid%=%U)(ObjectClass=sambaSamAccount))"
#LDAP continue
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap//localhost
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
#what is it?
map acl inherit = yes
# printing = cups
# printer admin = Administrator
#IDEALx SCRIPT's Rulezz
add user script = /usr/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
# socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# load printers = No
# dns proxy = No
guest account = nobody
[netlogon]
path = /usr/local/netlogon
writable = no
browsable = no
[profiles]
path = /home/nt-prof
browsable = no
writable = yes
create mask = 0600
directory mask = 0700
guest ok = yes
profile acl = no
[homes]
read only = no
browsable = no
guest ok = no
map archive = yes
When i try to logon WinXP(pro) says:
"Windows cannot find the server profile and is logging you on with a
temporart profile."
or somenthing like that. I have russian copy of winxp.
Next hi says:
"Windows cannot find the local profile and is logging you on with a
temporart profile."
(it because i removed c:\Documents and Settings\Default User)
And now the strange thing begin:
It logons and download default profile from samba netlogon share(!!!)
I waste a week about this problem....
i try tdb backend and all works fine when i back to ldap backend things go wrong
OS RH8
OPENLDAP 2.2.14
Samba tested 3.0.4-3.0.5rc1
Problem n2:
Problem With Winbind(or not?)
[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131)
idmap_init: using 'ldap' as remote backend
[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931)
smbldap_search: base => [ou=Idmap,dc=liin,dc=org], filter =>
[(objectclass=sambaUnixIdPool)], scope => [2]
[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543)
smbldap_open_connection: ldap//localhost
[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546)
ldap_initialize: Time limit exceeded
[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908)
Connection to LDAP Server failed for the 1 try!
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646)
fcntl_lock 7 13 0 1 1
[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681)
fcntl_lock: Lock call successful
I use idealx smbldap-populate to fill ldap directory
ds_shadof@uni-altai.ru wrote:>The Samba 3.0.5rc1 server is configured as a PDC. > ><snip>>#WINBIND CONFIG!!!! > winbind separator = + > winbind use default domain = Yes > winbind uid =10000-20000 > winbind gid =10000-20000 >#If i comment it then >#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(560) ># winbindd: idmap uid range missing or invalid >#[2004/07/14 01:30:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(561) ># winbindd: cannot continue, exiting. ># Could not init idmap -- netlogon proxy only ># strange thing.... on 3.0.4 i don't need to write it > winbind enum users = yes > winbind enum groups = yes > >Firstoff, is there someplace that people get confused about the use of winbind/idmap? It is strictly for use ONLY with a windows AD server as your primary directory... well I guess maybe it would be used if you wanted to do some kind of wierd authentication against a different samba server, but why?!?! Anyways, start by removing all your idmap entries and that will clear up some log entries.> password server= localhost > >This one too. This is for authenticating against some other server, like if you were simply a member of a domain using domain security. <snip>>#LDAP STARTS HERE > passdb backend = ldapsam:ldap://localhost > ldap admin dn = "cn=Manager,dc=liin,dc=org" > ldap server = localhost > ldap port = 389 > ldap suffix = dc=liin,dc=org > ldap machine suffix = ou=people > ldap user suffix = ou=people > ldap group suffix = ou=groups ># ldap filter = "(&(uid%=%U)(ObjectClass=sambaSamAccount))" >#LDAP continue > ldap idmap suffix = ou=Idmap > idmap backend = ldap:ldap//localhost > idmap uid = 10000 - 20000 > idmap gid = 10000 - 20000 > >The 4 lines above should go too. <snip the rest of smb.conf>>When i try to logon WinXP(pro) says: >"Windows cannot find the server profile and is logging you on with a temporart profile." > or somenthing like that. I have russian copy of winxp. >Next hi says: >"Windows cannot find the local profile and is logging you on with a temporart profile." >(it because i removed c:\Documents and Settings\Default User) > > >Problem n2: >Problem With Winbind(or not?) > >[2004/07/14 01:59:55, 3] sam/idmap.c:idmap_init(131) > idmap_init: using 'ldap' as remote backend >[2004/07/14 01:59:55, 5] lib/smbldap.c:smbldap_search(931) > smbldap_search: base => [ou=Idmap,dc=liin,dc=org], filter => [(objectclass=sambaUnixIdPool)], scope => [2] >[2004/07/14 01:59:55, 10] lib/smbldap.c:smbldap_open_connection(543) > smbldap_open_connection: ldap//localhost >[2004/07/14 01:59:55, 0] lib/smbldap.c:smbldap_open_connection(546) > ldap_initialize: Time limit exceeded >[2004/07/14 01:59:55, 1] lib/smbldap.c:smbldap_retry_open(908) > Connection to LDAP Server failed for the 1 try! > >Looks like you're failing to connect to your local server. You've got some confusion because of the multiple specifications here. Notice that this failure is complaining about being able to connect to ldap//localhost (see the missing colon?) You need to roto-till your smb.conf then try again. Get the idmap stuff out and see if your errors are more specific. Assuming you do all that and still have issues: Have you verified that your ldap setup is correct? That is: does your system authenticate fine against ldap or are you just trying to store samba in ldap? If you're just setting up one linux server then ldap is overkill for both system auth and samba, in that case stick to tdb.>[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1646) > fcntl_lock 7 13 0 1 1 >[2004/07/14 01:59:55, 8] lib/util.c:fcntl_lock(1681) > fcntl_lock: Lock call successful > >I use idealx smbldap-populate to fill ldap directory > > >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com
>now it is >password server= * > > >I guess I may be alone here judging by the smb.conf files posted to this list, but I usually get rid of any unneeded configuration options, and for your setup, this is unneeded.>My main problem is roaming profiles that > > >>When i try to logon WinXP(pro) says: >>"Windows cannot find the server profile and is logging you on with a temporary profile." >>or something like that. I have russian copy of winxp. >>Next hi says: >>"Windows cannot find the local profile and is logging you on with a temporart profile." >>(it because i removed c:\Documents and Settings\Default User) >>And now the strange thing begin: >>It logons and download default profile from samba netlogon share(!!!) >> >> > >It's looks like i am not alone with my problem >https://bugzilla.samba.org/show_bug.cgi?id=1506 > >Someone with name Guenther Deschner solved this problem, but left not enough info how to fix it. > >Please stay on list, since apparently somebody didn't leave enough info the last time this came up, maybe we'll get it fixed for you and help someone else... Well given the issues they're having, how is your group setup? Do you get fast group listings or is there a delay? I've personally had issues when the logging in user couldn't map their home dir (H:) because it didn't exist on the server. Just taking a shot in the dark here. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com