LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-09-2003, 10:58 AM   #1
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Rep: Reputation: 15
Samba as windows Domain Server


I already had samba up and running with no problems but now I want to make it a domain login and authentication server.

Windows will recoginze that it is a domain server but when i try to logon it says that i should use a local or user account not a computer account.

Oh I also do not have a clue about the netlogon stuff. here is my config. what else do I need to make this an authentication server.

[global]

workgroup = Matrix
netbios name = Matrix
server string = Samba Server
printcap name = /etc/printcap
load printers = no
printing = lprng
log file = /var/log/samba/%m.log
max log size = 0
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 66
domain master = yes
preferred master = yes
domain logons = yes
logon script = %U.bat
dns proxy = no
map to guest = bad user

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no

[Profiles]
path = /usr/local/samba/profiles
browseable = no
guest ok = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
writable = no
printable = yes


I dont have anything yet for the netlogon or profiles.
I think all of this is correct.
 
Old 07-09-2003, 11:48 PM   #2
leifole
LQ Newbie
 
Registered: Aug 2002
Location: Copenhagen, Denmark
Distribution: Redhat, familiar
Posts: 7

Rep: Reputation: 0
Someone (jamrock) put this link into a thread. I belive it contains what you need. URL: http://www-1.ibm.com/servers/esdd/tu...mba/index.html
 
Old 07-10-2003, 08:12 AM   #3
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
I think you for the above link it does explain alot, but my setup is already beyond the explanations of the link.

Exactly what is netlogon, is it a service I need to install or is it already in samba.

And what about winbind do I need it installed and running. To make samba perform the task of domain controller.

I have ran the testparam and everything is valid. No errors, and No warnings.

So I cannot figure out why my box will not authenticate and login using the domain.

Last edited by jchristman; 07-10-2003 at 08:22 AM.
 
Old 07-10-2003, 11:58 AM   #4
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 68
Moving thread to more appropriate Forum: Linux - Networking

I think your thread will get the attention it needs/deserves here better. If you disagree, please contact me.

Cool
 
Old 07-10-2003, 12:14 PM   #5
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
MasterC, Thank you.
 
Old 07-10-2003, 12:21 PM   #6
ikw38
Member
 
Registered: Nov 2002
Location: Dallas
Distribution: RedHat 8
Posts: 270

Rep: Reputation: 30
What version of Samba are running?
I had the same problem and it is tedious to get it fix.

Also you might want to look at some documentation about Vendow$ joining a Linux Domain- www.samba.org
There is some very good documentation.
When I get home today I will post a copy of my smb.conf that I am currently using- it not 100 % perfect but I can login to the Domain ok.
 
Old 07-10-2003, 12:37 PM   #7
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
I would like to beable to get this to work so when i login I can do it from any location on the network.

Here is the current error I receive from a windows 2k box when trying to get it to login to the domain.

Account used is a computer account. Use your global user account or local user account to access this server.

I have no problems logging into the server and working on the samba shares as a normal user only the domain connection.

I am using Samba-2.2.7a
on RedHat 9.0
 
Old 07-10-2003, 02:28 PM   #8
ikw38
Member
 
Registered: Nov 2002
Location: Dallas
Distribution: RedHat 8
Posts: 270

Rep: Reputation: 30
Go ahead save your sm.conf file for now. Download Samba 3.0beta2 RPM from www.samba.org

But before installing it REMOVE 2.2.7a completly.
Then reinstall 3.0.
Try your smb.conf file see if by cance it might help you working(most likely not).
Maybe by that time I will be home and can send you example file of my smb.conf to help you out.
You are not out of the woods yet.
You also need to read the Documentation that comes with Samba 3 it has so much good information about making sure Samba will work for you. You will find it after extrac the RPM. By the way this documentation is really good reading and easy to understand not that M$ crap.

Good Luck,
ikw38
 
Old 07-11-2003, 01:18 AM   #9
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Please note that Samba 3.0 is a beta release and is not supported in a production environment by the Samba team.

I would recommend using different names for the workgroup and the netbios name.

How did you add your users to the Samba machine? What version of Windows are you using on your clients?
 
Old 07-11-2003, 07:38 AM   #10
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
OK I will change the netbios so it is differant from the workgroup.

I did the sambaadduser. put in the user name and their passwds.

I am using Windows2K pro as my windows clients.

The samba is working for sharing and accessing files. I just cannot get the windows machines to authenticate using it as a domain controller, so that if i want to login on the machine next to me I do not have to a user added to that machine, the network authenticates me and logs me in.

Thanks,

Jason
 
Old 07-11-2003, 09:17 AM   #11
ikw38
Member
 
Registered: Nov 2002
Location: Dallas
Distribution: RedHat 8
Posts: 270

Rep: Reputation: 30
Yes it is in beta I reliaze that - but one thing for sure it works.
I fought 2.2.7a for days on end and it was useless for some reason.
I had someone who works very closely with the Samba team help me get this going that is why recommend 3.
You do realize when it gets to b2 that it is on the verge of full relelase. My guess its that the full one will be relased by September or Oct at latest.
I will post a copy of my SMB.Conf file if anyone is intersted.
 
Old 07-11-2003, 09:21 AM   #12
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
Yes please post a copy for me.

Thanks
 
Old 07-11-2003, 10:57 AM   #13
ikw38
Member
 
Registered: Nov 2002
Location: Dallas
Distribution: RedHat 8
Posts: 270

Rep: Reputation: 30
[global]
workgroup = Samson
netbios name = samuel
server string = Samba PDC running %v
passdb backend = tdbsam, guest
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192
disable spoolss = Yes
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
logon path = \\%L\profiles\%U
logon drive = H:
logon home =
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = lprng
use client driver = Yes

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No

[public]
comment = A public share for vendor docs, etc.
path = /usr/public
read only = No
create mask = 0755
force directory mode = 0755
guest ok = Yes

[temp]
comment = A place to drop off temporary files
path = /tmp
read only = No
create mask = 0755
force directory mode = 0755
guest ok = Yes

[docs]
comment = Main Document Share for important Corporate Documents
path = /doc
read only = No
create mask = 0755
force directory mode = 0755
guest ok = Yes

[homes]
comment = Home directories
valid users = %S
read only = No
create mask = 0755
browseable = No

[profiles]
comment = User Profiles (change path as needed)
path = /var/spool/profiles
read only = No
profile acls = Yes

Remember to delete the old samba completly.
Then install 3
Look up the command to check your version to make sure you are running 3

Good Luck and let me know how you make out
 
Old 07-11-2003, 11:45 AM   #14
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
I have it now connecting and logging into the domain but it
says cannot create profile directory when I login to the machine.
I had not added the machines to samba yet. oops.

Also when you change a machine over to use a domain it is asking for the user with permissions to join the domain. Should there be just one or what is this for.
 
Old 07-11-2003, 02:03 PM   #15
jchristman
Member
 
Registered: Mar 2003
Distribution: Fedora Core 3
Posts: 125

Original Poster
Rep: Reputation: 15
OK I can now get the machines to join the domain but I cannot login to the machine, Its says domain not found.

I think it should do this below but I am not for sure.
-------------------------
plus if I setup the machine to logon to the Domain, then just login using the local machine settings instead of the Domain, It will not see the network of computers but it can browse the Internet.
--------------------------------


All the computesr not set to the domain yet can access the samba shared files.

Here are the settings from testparm -

[global]

workgroup = Workgroup
netbios name = Matrix
server string = Samba Domain Server
hosts allow = 192.168.6. 127.
printcap name = /etc/printcap
load printers = no
printing = lprng
; guest account = pcguest
log file = /var/log/samba/%m.log
max log size = 0
security = user
; password server = <NT-Server-Name>
; password level = 8
; username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
; username map = /etc/samba/smbusers
; include = /etc/samba/smb.conf.%m
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; add machine script = /usr/sbin/useradd -n -g workstation -c Machine -d /dev/null -s /bin/false %u
add user script = /usr/sbin/useradd -d /dev/null -g 100 - /bin/false -M %u
; interfaces = 192.168.12.2/24 192.168.13.2/24
; remote browse sync = 192.168.3.25 192.168.5.255
; remote announce = 192.168.1.255 192.168.2.44
local master = yes
os level = 99
domain master = yes
preferred master = yes
domain logons = yes
logon drive = q:
logon home = \\Matrix\%U
; logon script = %m.bat
; logon script = %U.bat
logon path = \\%L\Profiles\%U
wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; winbind use default domain = yes
dns proxy = no

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0664
directory mode = 0775
# If you want users samba doesn't recognize to be mapped to a guest user
; map to guest = bad user


# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
guest ok = yes
writable = no
share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[Profiles]
path = /etc/samba/profiles
browseable = no
guest ok = yes
profile acls = yes
read only = No

Can anyone tell me what I am doing wrong here.

Last edited by jchristman; 07-16-2003 at 08:19 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba File Server and Windows 2000 domain M_Barbieri Linux - Networking 2 09-22-2005 08:32 AM
samba server in windows 2003 domain aizkorri Linux - Networking 1 04-07-2005 10:36 AM
Samba 3.02 as file-server in Windows domain. allsystems Linux - Networking 4 04-14-2004 08:24 AM
SuSE 9, Samba server and Win2k server domain koskoboy Linux - Networking 3 12-11-2003 06:32 AM
Connecting Samba to Windows 2000 server domain subzero80 Linux - Networking 0 12-01-2003 05:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration