[Samba] samba windows domain controller - Samba

This is a discussion on [Samba] samba windows domain controller - Samba ; Hi I want windows machines to automatically be added into samba when they try to attach to the domain. Had various problems with root account not being accepted. Can anyone spot anything glaringly obviously wrong in my config that follows. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] samba windows domain controller

  1. [Samba] samba windows domain controller

    Hi

    I want windows machines to automatically be added into samba when they
    try to attach to the domain. Had various problems with root account not
    being accepted.

    Can anyone spot anything glaringly obviously wrong in my config that
    follows.
    Cheers




    [global]
    name resolve order = wins bcast hosts
    ldap ssl = no
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n
    *passwd:*all*authentication*tokens*updated*success fully*
    idmap gid = 500-550
    admin users = root
    obey pam restrictions = no
    client schannel = no
    passwd program = /usr/bin/passwd %u
    dns proxy = No
    netbios name = sss-server
    writeable = yes
    printing = lprng
    idmap uid = 500-2000
    logon script = user.bat
    workgroup = domain
    debug level = 3
    os level = 65
    getwd cache = yes
    log file = /var/log/samba/%m.log
    guest account = root
    socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    sync always = yes
    map to guest = never
    null passwords = yes
    domain master = Yes
    encrypt passwords = yes
    public = yes
    realm = domain
    wins support = true
    netbios aliases = sss-server
    server string = sss-server
    add user script = /usr/sbin/useradd -g machines -c NTMachine
    -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
    domain logons = Yes
    pam password change = Yes
    # DOMAIN ADMIN GROUP added to allow root as local admin
    domain admin group = root

    [homes]
    comment = Home Directories
    valid users = %S
    read only = No
    create mask = 0664
    directory mask = 0775
    browseable = No
    [netlogon]
    comment = Network Logon Service
    share modes = No
    public = yes
    path = /usr/local/samba/netlogon

    [Profiles]
    nt acl support = yes
    browseable = no
    delete readonly = yes
    path = /usr/local/samba/profiles
    force group = root
    force user = root
    comment = Network Profiles Service
    create mode = 0600
    directory mode = 0700

    [root_dir]
    comment = root dir mark only
    delete readonly = yes
    path = /

    [data]
    force user = root
    comment = Data Directory
    path = /home/data/
    force group = root

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] samba windows domain controller

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Evan Ingram wrote:
    | Hi
    |
    | I want windows machines to automatically be added into samba when they
    | try to attach to the domain. Had various problems with root account not
    | being accepted.
    |
    | Can anyone spot anything glaringly obviously wrong in my config that
    | follows.

    | add user script = /usr/sbin/useradd -g machines -c NTMachine
    | -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$


    Add user script should only add the unix account. Don't call smbpasswd
    here. smbd will fill in the information.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (Darwin)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIFyz7IR7qMdg1EfYRAp3QAJ9pepvD8KtoOSXqyK4f2W 1XLTwzpQCdGnlw
    GCxzFdhtjyMGSbN8hEdUxqA=
    =eaGq
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] samba windows domain controller

    The add user script is only for adding users, not machines and it
    shouldn't call smbpassword. The script only needs to handle the OS task
    of adding the user. Samba will add the Samba stuff itself.

    To add machines you want an "add machines script" specified.

    Depending on what you are trying to do you can also have other scripts
    specified. A full set for a Linux box could be:
    add user script = /usr/sbin/useradd "%u" -n -g domusers
    delete user script = /usr/sbin/userdel "%u"
    add group script = /usr/sbin/groupadd "%g"
    delete group script = /usr/sbin/groupdel "%g"
    add user to group script = /usr/bin/gpasswd -a "%u" "%g"
    delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
    add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
    -M -d /nohome -s /bin/false -g machines "%u"
    add share command = /usr/local/samba/modify_samba_config.py
    delete share command = /usr/local/samba/modify_samba_config.py

    On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote:
    > Hi
    >
    > I want windows machines to automatically be added into samba when they
    > try to attach to the domain. Had various problems with root account not
    > being accepted.
    >
    > Can anyone spot anything glaringly obviously wrong in my config that
    > follows.
    > Cheers
    >
    >
    >
    >
    > [global]
    > name resolve order = wins bcast hosts
    > ldap ssl = no
    > passwd chat = *New*password* %n\n *Retype*new*password* %n\n
    > *passwd:*all*authentication*tokens*updated*success fully*
    > idmap gid = 500-550
    > admin users = root
    > obey pam restrictions = no
    > client schannel = no
    > passwd program = /usr/bin/passwd %u
    > dns proxy = No
    > netbios name = sss-server
    > writeable = yes
    > printing = lprng
    > idmap uid = 500-2000
    > logon script = user.bat
    > workgroup = domain
    > debug level = 3
    > os level = 65
    > getwd cache = yes
    > log file = /var/log/samba/%m.log
    > guest account = root
    > socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    > sync always = yes
    > map to guest = never
    > null passwords = yes
    > domain master = Yes
    > encrypt passwords = yes
    > public = yes
    > realm = domain
    > wins support = true
    > netbios aliases = sss-server
    > server string = sss-server
    > add user script = /usr/sbin/useradd -g machines -c NTMachine
    > -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
    > domain logons = Yes
    > pam password change = Yes
    > # DOMAIN ADMIN GROUP added to allow root as local admin
    > domain admin group = root
    >
    > [homes]
    > comment = Home Directories
    > valid users = %S
    > read only = No
    > create mask = 0664
    > directory mask = 0775
    > browseable = No
    > [netlogon]
    > comment = Network Logon Service
    > share modes = No
    > public = yes
    > path = /usr/local/samba/netlogon
    >
    > [Profiles]
    > nt acl support = yes
    > browseable = no
    > delete readonly = yes
    > path = /usr/local/samba/profiles
    > force group = root
    > force user = root
    > comment = Network Profiles Service
    > create mode = 0600
    > directory mode = 0700
    >
    > [root_dir]
    > comment = root dir mark only
    > delete readonly = yes
    > path = /
    >
    > [data]
    > force user = root
    > comment = Data Directory
    > path = /home/data/
    > force group = root
    >

    --
    Mike Brady
    PGP ID: 0x9C777DA4

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQBIF2nU6xLAi5x3faQRArJmAKCW3cA4ybsbQd9SMfzCYi l2MtQbjACeKLJf
    coYEwzPu09aaQFb6vYcsUwo=
    =iyoM
    -----END PGP SIGNATURE-----


+ Reply to Thread