On Aug 9, 10:40*am, hsi...@optusnet.com.au wrote:
> Hi,
>
> I have openSUSE 10.3 with Samba and LDAP as a PDC working perfect. I
> tried to do the same on a new install of openSUSE 11.0 using the same
> procedure and same smb.conf, ldap.conf, slapd.conf and /etc/ldap.conf
> with smbldap-tools 0.9.5, created a new smbldap.conf and
> smbldap_bind.conf, using the supplied configure script from smbldap-
> tools. I followed the same procedure as I did in 10.3 and Workstations
> can be added to the Domain and are registered in Ldap. Unix users can
> authenticated to LDAP, but a user registered in LDAP can not logon to
> a workstation and it gives an error "The system cannot log you on now
> because the Domain XYZ is not available. When I logon on to the
> workstation as a local Administrator I can browse the Domain and a
> user can open folders after login on to the Domain, but this user can
> not logon on the initial workstation logon screen.
> Following is my smb.conf:
> [global]
> workgroup = XWZ
> netbios name = Neptune
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> username map = /etc/samba/smbusers
> guest account = nobody
> map to guest = Bad User
> passdb backend = ldapsam:"ldap://127.0.0.1/"
> ldap admin dn = cn=Manager,dc=xyz,dc=com,dc=au
> ldap suffix = dc=xyz,dc=com,dc=au
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Users
> ldap ssl = No
> add user script = /usr/local/sbin/smbldap-useradd -m "%u"
> add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
> add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
> "%g"
> delete user from group script = /usr/local/sbin/smbldap-groupmod -x
> "%u" "%g"
> set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
> "%u"
> enable privileges = yes
> domain master = yes
> domain logons = yes
> encrypt passwords = yes
> ldap passwd sync = Yes
> log level = 1
> syslog = 0
> log file = /var/log/samba/log.%m
> time server = Yes
> interfaces = 127.0.0.1 192.168.1.5/24
> hosts allow = 192.168.1.0/255.255.255.0
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> SO_RCVBUF=8192 SO_SNDBUF=8192
> wins support = yes
> Dos charset = 850
> Unix charset = ISO8859-1
> os level = 255
> # Where to store NT user profiles? (passdb)
> logon path = \\Neptune\profiles\.msprofile
> # Where to store 9x/ ME roaming profiles
> logon home = \\Neptune\profiles\.9xprofile
>
> logon drive = U:
> logon script = %U.bat
>
> [homes]
> comment = Home Directories
> valid users = %S, %D%w%S
> browseable = No
> read only = No
> directory mask = 0750
> inherit acls = Yes
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> browseable = no
> guest ok = yes
> writable = no
> share modes = no
>
> [profiles]
> comment = Network Profiles Service
> path = %H
> browseable = no
> read only = No
> writeable = yes
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> browseable = No
> guest ok = Yes
> public = Yes
> writeable = No
> read only = Yes
>
> [Share]
> comment = Share Directory
> path = /export/shares
> public = yes
> writeable = yes
> printable = no
> create mask = 0770
> directory mask = 0770
>
> Are there any security changes between 10.3 and 11 which could cause
> this problems and has anyone this working on openSUSE 11?
>
> Thanks and Regards,
> Horst

One more followup, If I logon on as the local Administrator and try to
add a Domain User from the Control Panel/User Accounts I get following
error:
The user could not be added because the following error has occurred:
The trust relationship between this workstation and the primary domain
failed.

Horst