I have been trying to get tdbsam working instead of using smbpasswd as the backend. I have done the following:
[list=1][*]Modified smb.conf:
Code:
[global]
security = user
admin users = @smbsysadmin
printer admin = @smbsysadmin
username map = /etc/samba/smbusers
auth methods = guest sam winbind
# problems with:
passdb backend = tdbsam
# working:
# passdb backend = tdbsam smbpasswd
idmap uid = 10000-20000
idmap gid = 10000-20000
template primary group = "Domain Users"
template shell = /bin/bash
...
[*]Setup groups:
Code:
groupadd svnusers
groupadd smbsysadmin
groupadd svndev
useradd -G smbsysadmin,svnusers ... smbadmin
useradd -G smbusers,users ... testuser
net groupmap modify ntgroup="Domain Admins" unixgroup=smbsysadmin
net groupmap modify ntgroup="Domain Users" unixgroup=smbusers
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap add ntgroup="SVN Developers" unixgroup=svndev
[*]Check groups config:
Code:
# groups testuser
testuser : users svndev smbusers
# groups smbadmin
smbadmin : smbsysadmin smbusers
[*]Check net groups: [CODE]#net user info smbadmin -U smbadmin%XXX
Domain Admins
<-- Where is "Domain Users"?
#net user info testuser -U smbadmin%XXX
SVN Developers
<-- Where is "Domain Users"? [/list=1]
Before, I had "Domain Users" mapped to "users". When that was true, I could not execute "pdbedit -a testuser" or "smbpasswd -a testuser" as it printed:
Code:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [testuser] without a primary group RID
When I changed it to use smbusers, the command worked, but it isn't seeming to work perfectly.
When I have "passdb backend = tdbsam smbpasswd" in the smb.conf, I am able to logon to the domain on a WinXP Pro box using testuser. However, if I use "passdb backend = tdbsam", the login fails with the message box
Code:
Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance.
It looks like tdbsam is the preferred backend over smbpasswd, so I would rather stick with that rule. The network I am introducing this PDC is a network with WinXP home, Win98 and WinXP pro computers.
There seems to be lacking documentation on using tdbsam. I'd rather not use ldap, as that is more than I need, and the setup looks like a pain. I am using the samba that is packed with Slackware 10.1 (I have not recompiled it).