Hello,
I have an openldap PDC on CentOs 5.4, with WXP workstations and domain member servers, all working fine.
CentOS 5.4 : samba 3.0.33-3.14.el5.
I just tried to make another domain member server using CentOS 6.3. For the test on a lenovo PC, I installed the iso, make yum update, so I have :
Kernel-2.6.32-279.5.2.el6.x86_64
Samba 3.5.10-125.el6.x86_64
I made the smb.conf, nsswitch, (config files are bellow), testparm, net rpc join. It’s ok, getent passwd show all the users stored in the ldap, but :
- the domain member server does not appear in the windows explorer, I have to type \\my_member to get it. Then I can create files in it.
- when I reboot the domain member server, the access is denied, I have to stop smb, nmb and winbind and make a new net rpc join.
For my tests, I disabled selinux and iptables.
The wins.dat on the pdc contains :
"MY_MEMBER#00" 1347196784 xx.xx.xx.15 64R
"MY_MEMBER#03" 1347196784 xx.xx.xx.15 64R
"MY_MEMBER#20" 1347196784 xx.xx.xx.15 64R
In srvmgr.exe on w xp, my_member is : windows NT workstation or server, with a grey icon. The others domain member servers are fully windows NT server.
My_member and DOM are not the real names. The originals have a length < 15 characters.
Maybe my question is obsolete. The better solution could be a new PDC with CentOs 6.3
Thanks.
The configuration files :
/etc/samba/smb.conf :
[global]
workgroup = DOM
realm = DOM useful only for ADS ?
server string = Samba Member %v
security = DOMAIN
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 18
local master = No
dns proxy = No
wins server = 10.xx.xx.xx
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
admin users = "@Admins du domaine"
[my_member
comment = Home Directories
path = /home/dom/my_member
read only = No
vfs objects = recycle
vfs_recycle: noversions = *.doc|*.xls|*.ppt
vfs_recycle: excludedir = /tmp|/temp|/trash
vfs_recycle: exclude = *.tmp|*.temp|*.obj|~$*|*.$$$
vfs_recycle: maxsize = 0
vfs_recycle: touch = yes
vfs_recycle:versions =
vfs_recycle: mode = KEEP_DIRECTORIES|VERSIONS
vfs_recycle: path = .recycle/%u
recycle:keeptree = True
recycle:touch = True
/etc/nsswitch.conf :
passwd: files winbind
shadow: files winbind
group: files winbind
/etc/pam.d/samba :
#%PAM-1.0
auth required pam_winbind.so
auth required pam_nologin.so
auth include system-auth
account required pam_winbind.so
account include system-auth
session include system-auth
password include system-auth
all the lib have been copied from /lib64/security to /lib/security
/etc/pam.d/system-auth-ac :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
# auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
# account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
/etc/hosts :
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.xx.xx.xx my_member
/etc/sysconfig/authconfig :
FORCELEGACY = yes