Samba as windows Domain Server
I already had samba up and running with no problems but now I want to make it a domain login and authentication server.
Windows will recoginze that it is a domain server but when i try to logon it says that i should use a local or user account not a computer account. Oh I also do not have a clue about the netlogon stuff. here is my config. what else do I need to make this an authentication server. [global] workgroup = Matrix netbios name = Matrix server string = Samba Server printcap name = /etc/printcap load printers = no printing = lprng log file = /var/log/samba/%m.log max log size = 0 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 66 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat dns proxy = no map to guest = bad user [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no [Profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no writable = no printable = yes I dont have anything yet for the netlogon or profiles. I think all of this is correct. |
Someone (jamrock) put this link into a thread. I belive it contains what you need. URL: http://www-1.ibm.com/servers/esdd/tu...mba/index.html
|
I think you for the above link it does explain alot, but my setup is already beyond the explanations of the link.
Exactly what is netlogon, is it a service I need to install or is it already in samba. And what about winbind do I need it installed and running. To make samba perform the task of domain controller. I have ran the testparam and everything is valid. No errors, and No warnings. So I cannot figure out why my box will not authenticate and login using the domain. |
Moving thread to more appropriate Forum: Linux - Networking
:) I think your thread will get the attention it needs/deserves here better. If you disagree, please contact me. Cool |
MasterC, Thank you.
|
What version of Samba are running?
I had the same problem and it is tedious to get it fix. Also you might want to look at some documentation about Vendow$ joining a Linux Domain- www.samba.org There is some very good documentation. When I get home today I will post a copy of my smb.conf that I am currently using- it not 100 % perfect but I can login to the Domain ok. |
I would like to beable to get this to work so when i login I can do it from any location on the network.
Here is the current error I receive from a windows 2k box when trying to get it to login to the domain. Account used is a computer account. Use your global user account or local user account to access this server. I have no problems logging into the server and working on the samba shares as a normal user only the domain connection. I am using Samba-2.2.7a on RedHat 9.0 |
Go ahead save your sm.conf file for now. Download Samba 3.0beta2 RPM from www.samba.org
But before installing it REMOVE 2.2.7a completly. Then reinstall 3.0. Try your smb.conf file see if by cance it might help you working(most likely not). Maybe by that time I will be home and can send you example file of my smb.conf to help you out. You are not out of the woods yet. You also need to read the Documentation that comes with Samba 3 it has so much good information about making sure Samba will work for you. You will find it after extrac the RPM. By the way this documentation is really good reading and easy to understand not that M$ crap. Good Luck, ikw38 |
Please note that Samba 3.0 is a beta release and is not supported in a production environment by the Samba team.
I would recommend using different names for the workgroup and the netbios name. How did you add your users to the Samba machine? What version of Windows are you using on your clients? |
OK I will change the netbios so it is differant from the workgroup.
I did the sambaadduser. put in the user name and their passwds. I am using Windows2K pro as my windows clients. The samba is working for sharing and accessing files. I just cannot get the windows machines to authenticate using it as a domain controller, so that if i want to login on the machine next to me I do not have to a user added to that machine, the network authenticates me and logs me in. Thanks, Jason |
Yes it is in beta I reliaze that - but one thing for sure it works.
I fought 2.2.7a for days on end and it was useless for some reason. I had someone who works very closely with the Samba team help me get this going that is why recommend 3. You do realize when it gets to b2 that it is on the verge of full relelase. My guess its that the full one will be relased by September or Oct at latest. I will post a copy of my SMB.Conf file if anyone is intersted. |
Yes please post a copy for me.
Thanks |
[global]
workgroup = Samson netbios name = samuel server string = Samba PDC running %v passdb backend = tdbsam, guest log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 disable spoolss = Yes add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u logon path = \\%L\profiles\%U logon drive = H: logon home = domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes idmap uid = 15000-20000 idmap gid = 15000-20000 printing = lprng use client driver = Yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [public] comment = A public share for vendor docs, etc. path = /usr/public read only = No create mask = 0755 force directory mode = 0755 guest ok = Yes [temp] comment = A place to drop off temporary files path = /tmp read only = No create mask = 0755 force directory mode = 0755 guest ok = Yes [docs] comment = Main Document Share for important Corporate Documents path = /doc read only = No create mask = 0755 force directory mode = 0755 guest ok = Yes [homes] comment = Home directories valid users = %S read only = No create mask = 0755 browseable = No [profiles] comment = User Profiles (change path as needed) path = /var/spool/profiles read only = No profile acls = Yes Remember to delete the old samba completly. Then install 3 Look up the command to check your version to make sure you are running 3 Good Luck and let me know how you make out |
I have it now connecting and logging into the domain but it
says cannot create profile directory when I login to the machine. I had not added the machines to samba yet. oops. Also when you change a machine over to use a domain it is asking for the user with permissions to join the domain. Should there be just one or what is this for. |
OK I can now get the machines to join the domain but I cannot login to the machine, Its says domain not found.
I think it should do this below but I am not for sure. ------------------------- plus if I setup the machine to logon to the Domain, then just login using the local machine settings instead of the Domain, It will not see the network of computers but it can browse the Internet. -------------------------------- All the computesr not set to the domain yet can access the samba shared files. Here are the settings from testparm - [global] workgroup = Workgroup netbios name = Matrix server string = Samba Domain Server hosts allow = 192.168.6. 127. printcap name = /etc/printcap load printers = no printing = lprng ; guest account = pcguest log file = /var/log/samba/%m.log max log size = 0 security = user ; password server = <NT-Server-Name> ; password level = 8 ; username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd ; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* pam password change = yes ; username map = /etc/samba/smbusers ; include = /etc/samba/smb.conf.%m obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; add machine script = /usr/sbin/useradd -n -g workstation -c Machine -d /dev/null -s /bin/false %u add user script = /usr/sbin/useradd -d /dev/null -g 100 - /bin/false -M %u ; interfaces = 192.168.12.2/24 192.168.13.2/24 ; remote browse sync = 192.168.3.25 192.168.5.255 ; remote announce = 192.168.1.255 192.168.2.44 local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes logon drive = q: logon home = \\Matrix\%U ; logon script = %m.bat ; logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes ; wins server = w.x.y.z ; wins proxy = yes ; winbind use default domain = yes dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 # If you want users samba doesn't recognize to be mapped to a guest user ; map to guest = bad user # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = yes writable = no share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles] path = /etc/samba/profiles browseable = no guest ok = yes profile acls = yes read only = No Can anyone tell me what I am doing wrong here. |
All times are GMT -5. The time now is 12:07 PM. |