samba - Oct 2008 - pdc

Hi  

 

I configured samba as a PDC and I could successfully register my windows xp
sp3 client to my domain controller.  When I login locally to the client (XP)
and I browse my network I see my domain and I can browse the network shared
(if I need to login, the password is accepted)

 

Now  when I try to login via the PDC I get the following error: "the system
cannot log you on due to the following error: one or more arguments are
invalid"

 

My configuration is the following:

[global]

                name resolve order = wins lmhosts hosts

                passwd chat debug = yes

                idmap gid = 10000-15000

                passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

                passwd program = /usr/bin/passwd %u

                dns proxy = no

                netbios name = LINUXDC01

                idmap uid = 10000-15000

                #logon script = scripts/logon.bat

                workgroup = LOCALDOMAIN.BE

                debug level = 10

                os level = 64

                security = user

                usershare allow guests = yes

                add machine script = /usr/sbin/useradd -s /bin/false -d
/var/llib/nobody %u

                max log size = 1000

                delete user script = /usr/sbin/userdel -r%u

                log level = 3

                add group script = /usr/sbin/groupadd %g

                delete group script = /usr/sbin/groupdel %g

                add user to group script = /usr/sbin/usermod -G %g %u

                logon drive = U:

                username map = /etc/samba/smbusers

                domain master = yes

                local master = yes

                passdb backend = tdbsam

                logon home = \\%L\%U

                wins support = yes

                server string = %h server (Samba, Ubuntu)

                unix password sync = yes

                logon path = \\%L\profile\%U

                add user script = /usr/sbin/useradd -m %u

                syslog = 1

                panic action = /usr/share/samba/panic-action %d

                preferred master = yes

                domain logons = yes

                pam password change = yes

                enable privileges = yes

 

                log file = /var/log/samba/log.%m

                max log size = 100000

                #socket options = TCP_NODELAY

                #obey pam restrictions = yes

                #map to guest = bad user

                #encrypt passwords = true

 

                

 [homes]

   comment = Home Directories

   browseable = no

   valid users = %S

   read only = no

 

 [netlogon]

   comment = Network Logon Service

   admin users = Administrator 

   valid users = %U

   path = /home/samba/netlogon

   guest ok = yes

   read only = yes

   share modes = no

 

 [profiles]

   comment = Users profiles

   path = /home/samba/profiles

   valid users = %U

   guest ok = no

   browseable = no

   create mask = 0600

   directory mask = 0700

   writeable = yes

 

 

Does anybody has an idea on how to solve this.

 

Best regards

 

steven

Steven Geerts wrote:
> Hi  
>
>
>
>                 add machine script = /usr/sbin/useradd -s /bin/false -d
> /var/llib/nobody %u
>
>   
Isnt this a typo (/var/llib).

Regards
Brent Clark

On Friday October 24 2008 11:50:53 Steven Geerts wrote:
>                 workgroup = LOCALDOMAIN.BE
Are "." valid in workgroup names?

I remember having problems with mine, so I changed the dot to a "_"

I think your mixing with netbios name.  

How do you specify otherwise whether your domain is .com or .be, or ...

Best regards

steven

-----Original Message-----
From: Norberto Bensa [mailto:nbensa@gmail.com] 
Sent: maandag 27 oktober 2008 10:58
To: samba@lists.samba.org; steven.geerts@softathome.com
Subject: Re: [Samba] pdc

On Friday October 24 2008 11:50:53 Steven Geerts wrote:
>                 workgroup = LOCALDOMAIN.BE
Are "." valid in workgroup names?

I remember having problems with mine, so I changed the dot to a "_"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steven Geerts wrote:
> I think your mixing with netbios name.
> 
> How do you specify otherwise whether your domain is .com or .be, or ...
In the case of Active Directory you do so by specifying the "realm"
option in your smb.conf, the workgroup parameter should be filled with
the netbios representation of your domain.
Regards,

Jelmer Jaarsma
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkFk/kACgkQ3bV1+S5veEi5lwCeIXBM701QwpmAkfyqfVpVulcr
9XAAnRdsOxTUU6AJDBDdNjTdmxQcQr/o
=klAC
-----END PGP SIGNATURE-----

Jason,

I don't know who are you replying to.


Quoting "Jason A. Nunnelley" <jason@jasonn.com>:
> Norberto Bensa wrote:
>> On Friday October 24 2008 11:50:53 Steven Geerts wrote:
>>>                workgroup = LOCALDOMAIN.BE
>>
>> Are "." valid in workgroup names?
>>
>> I remember having problems with mine, so I changed the dot to a
"_"
>
> It depends on if .be is the TLD, and in many cases I would think this
> is not what you mean to do.  If it's a local domain, I'd make it
just
> localdomain.  If you're using just a LAN network, the .whatever TLD is
> not necessary and will likely promote confusion in your network.  Some
> folks add .local, but some systems automatically do that in their add
> scripts (Windows).
>
> Be mindful about this.
>
> Keep in mind that blah.some.tld makes blah a different domain than
> some.tld, so if you put a dot in any name (before the tld) you're
> establishing a unique domain.
>
>
> -- 
>
>
> Jason A. Nunnelley
> JasonN.com is my website - all opinions expressed were mine at some point.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.