Samba SLES 10 PDC, Cannot join domain
I am really hoping someone will be able to help me out with my problem. I have been working at this for a few days now and I am yet to find a solution.
I have a SLES 10 Server and have configured it using YaST2 to be a Samba PDC using LDAP password backend. In fact the whole machine is using LDAP to authenticate users. My problem is that I can not seem to join machines to the domain. The machine account is created using the YaST script add_machine that comes with SLES and I can see it in the ldap database when I do a ldapsearch, but the join still fails. The windows box gives an error saying that the username can not be found. Now I don't know if the error is talking about the root using being used to join the domain, or the machine user not being found after it is created in the database. I have taken a look at the logs (after setting the log level to 3) and I can see that the root user is authenticated and that it says the add_machine script returns 0 saying the machine is added (which I can see in ldap). After that though I am not sure what happens, eventually there is a line saying that the machine has disconnected, but I don't know why. There is also a line that says check_ntlm_password: Checking password for unmapped user []\[]@[BRENTOS] with the new password interface and check_ntlm_password: guest authentication for user [] succeeded Is it normal that the user is blank? I anyone can give me some sort of help on this I would really appriciate it, I am pretty stuck right now. Here is my smb.conf file, it is pretty simple so far: # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2007-02-07 [global] workgroup = mansef printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes add machine script = /sbin/yast /usr/share/YaST2/data/add_machine.ycp %m$ domain logons = Yes domain master = Yes ldap admin dn = cn=administrator,dc=mansef ldap passwd sync = Yes ldap suffix = dc=mansef local master = Yes netbios name = smallfry os level = 65 passdb backend = ldapsam:ldap://localhost smbpasswd preferred master = Yes security = user wins support = Yes log level = 3 ldap group suffix = ou=group ldap idmap suffix = ou=ldmap ldap machine suffix = ou=machines ldap user suffix = ou=people [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root I hope I posted this in the right forum, I know that maybe it could go into the server forum but I think of domains as a network thing. |
I found my problem if anyone is interested. There was a line that was wrong in my ldap config, that was making it only search the people ou, therefore machine accounts were not changed. Changing it to <basedn>?sub fixed the problem.
|
All times are GMT -5. The time now is 05:46 PM. |