Hi
I want windows machines to automatically be added into samba when they
try to attach to the domain. Had various problems with root account not
being accepted.
Can anyone spot anything glaringly obviously wrong in my config that
follows.
Cheers
[global]
name resolve order = wins bcast hosts
ldap ssl = no
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
idmap gid = 500-550
admin users = root
obey pam restrictions = no
client schannel = no
passwd program = /usr/bin/passwd %u
dns proxy = No
netbios name = sss-server
writeable = yes
printing = lprng
idmap uid = 500-2000
logon script = user.bat
workgroup = domain
debug level = 3
os level = 65
getwd cache = yes
log file = /var/log/samba/%m.log
guest account = root
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
sync always = yes
map to guest = never
null passwords = yes
domain master = Yes
encrypt passwords = yes
public = yes
realm = domain
wins support = true
netbios aliases = sss-server
server string = sss-server
add user script = /usr/sbin/useradd -g machines -c NTMachine
-d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
domain logons = Yes
pam password change = Yes
# DOMAIN ADMIN GROUP added to allow root as local admin
domain admin group = root
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[netlogon]
comment = Network Logon Service
share modes = No
public = yes
path = /usr/local/samba/netlogon
[Profiles]
nt acl support = yes
browseable = no
delete readonly = yes
path = /usr/local/samba/profiles
force group = root
force user = root
comment = Network Profiles Service
create mode = 0600
directory mode = 0700
[root_dir]
comment = root dir mark only
delete readonly = yes
path = /
[data]
force user = root
comment = Data Directory
path = /home/data/
force group = root
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Evan Ingram wrote: | Hi | | I want windows machines to automatically be added into samba when they | try to attach to the domain. Had various problems with root account not | being accepted. | | Can anyone spot anything glaringly obviously wrong in my config that | follows. | add user script = /usr/sbin/useradd -g machines -c NTMachine | -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$ Add user script should only add the unix account. Don't call smbpasswd here. smbd will fill in the information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIFyz7IR7qMdg1EfYRAp3QAJ9pepvD8KtoOSXqyK4f2W1XLTwzpQCdGnlw GCxzFdhtjyMGSbN8hEdUxqA=eaGq -----END PGP SIGNATURE-----
The add user script is only for adding users, not machines and it
shouldn't call smbpassword. The script only needs to handle the OS task
of adding the user. Samba will add the Samba stuff itself.
To add machines you want an "add machines script" specified.
Depending on what you are trying to do you can also have other scripts
specified. A full set for a Linux box could be:
add user script = /usr/sbin/useradd "%u" -n -g domusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u"
"%g"
delete user from group script = /usr/bin/gpasswd -d "%u"
"%g"
add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)"
-M -d /nohome -s /bin/false -g machines "%u"
add share command = /usr/local/samba/modify_samba_config.py
delete share command = /usr/local/samba/modify_samba_config.py
On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote:> Hi
>
> I want windows machines to automatically be added into samba when they
> try to attach to the domain. Had various problems with root account not
> being accepted.
>
> Can anyone spot anything glaringly obviously wrong in my config that
> follows.
> Cheers
>
>
>
>
> [global]
> name resolve order = wins bcast hosts
> ldap ssl = no
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> idmap gid = 500-550
> admin users = root
> obey pam restrictions = no
> client schannel = no
> passwd program = /usr/bin/passwd %u
> dns proxy = No
> netbios name = sss-server
> writeable = yes
> printing = lprng
> idmap uid = 500-2000
> logon script = user.bat
> workgroup = domain
> debug level = 3
> os level = 65
> getwd cache = yes
> log file = /var/log/samba/%m.log
> guest account = root
> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> sync always = yes
> map to guest = never
> null passwords = yes
> domain master = Yes
> encrypt passwords = yes
> public = yes
> realm = domain
> wins support = true
> netbios aliases = sss-server
> server string = sss-server
> add user script = /usr/sbin/useradd -g machines -c NTMachine
> -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
> domain logons = Yes
> pam password change = Yes
> # DOMAIN ADMIN GROUP added to allow root as local admin
> domain admin group = root
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> [netlogon]
> comment = Network Logon Service
> share modes = No
> public = yes
> path = /usr/local/samba/netlogon
>
> [Profiles]
> nt acl support = yes
> browseable = no
> delete readonly = yes
> path = /usr/local/samba/profiles
> force group = root
> force user = root
> comment = Network Profiles Service
> create mode = 0600
> directory mode = 0700
>
> [root_dir]
> comment = root dir mark only
> delete readonly = yes
> path = /
>
> [data]
> force user = root
> comment = Data Directory
> path = /home/data/
> force group = root
>
--
Mike Brady
PGP ID: 0x9C777DA4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20080430/384e90f3/attachment.bin