[Samba] Samba + LDAP Windows Join Domain

Hello all,

=20

I have been working on this issue for some time and I know I am close to =
a
solution. =20

=20

I am currently running samba 3.0.13. I have set the samba server up as =
a
NT4 Domain controller and I have also integrated my LDAP configuration =
with
samba. When I try to join the samba domain from any Windows 2000 or =
Windows
XP machine I get the error message "The user could not be found". My
smbldap-tools scripts are working in the sense that the Machine Add =
script
is adding the machinename$ domain account. I have read several =
different
Samba Windows Join Domain documents and have tried different variations =
of
my config's to see if I can resolve this issue.

=20

I know my Samba LDAP configuration is good as I am able to authenticate =
to
SMB file shares on the samba server with groups mapped to my LDAP =
database.
I am also seeing successful LDAP binds as well in the logs. =20

=20

Any pointers on things I may be able to try would be great. =20

=20

Configs as follows:

# Global parameters

[global]

workgroup =3D MYDOMAIN

realm =3D MYDOMAIN.COM

server string =3D Samba Server %v

interfaces =3D 192.168.0.8/16

min password length =3D 3

map to guest =3D Bad User

passdb backend =3D ldapsam:ldap://myldapsvr/

enable privileges =3D Yes

passwd program =3D /usr/sbin/smbldap-passwd

username map =3D /etc/samba/smbusers

client NTLMv2 auth =3D No

client lanman auth =3D No

client plaintext auth =3D No

syslog =3D 7

log file =3D /var/log/samba/log.%m

max log size =3D 100000

smb ports =3D 135 445

min protocol =3D NT1

time server =3D Yes

deadtime =3D 10

socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192

add user script =3D /usr/sbin/smbldap-useradd -m '%u'

delete user script =3D /usr/sbin/smbldap-userdel '%u'

add group script =3D /usr/sbin/smbldap-groupadd -p '%g' &&
/usr/sbin/smbldap-groupshow %g|awk '/^gidNumber:/ {print $2}'

delete group script =3D /usr/sbin/smbldap-groupdel '%g'

add user to group script =3D /usr/sbin/smbldap-groupmod -m '%u' =
'%g'

delete user from group script =3D /usr/sbin/smbldap-groupmod -x =
'%u'
'%g'

set primary group script =3D /usr/sbin/smbldap-usermod -g '%g' =
'%u'

add machine script =3D /usr/sbin/smbldap-useradd -w -d /dev/null =
-c
'Machine Account' -s /bin/false '%u'

logon script =3D logon.bat

logon path =3D

logon drive =3D H:

logon home =3D

domain logons =3D Yes

os level =3D 65

preferred master =3D Yes

domain master =3D Yes

dns proxy =3D No

wins support =3D Yes

ldap admin dn =3D cn=3DManager,dc=3Dmydomain,dc=3Dcom

ldap delete dn =3D Yes

ldap group suffix =3D ou=3DGroups

ldap idmap suffix =3D ou=3DUsers

ldap machine suffix =3D ou=3DComputers

ldap passwd sync =3D Yes

ldap suffix =3D dc=3Dmydomain,dc=3Dcom

ldap ssl =3D no

ldap user suffix =3D ou=3DUsers

printer admin =3D @adm, root

create mask =3D 0755

directory mask =3D 0750

hosts allow =3D 192.168., 127.

nt acl support =3D No

case sensitive =3D No

dont descend =3D /proc,/dev,/etc,/lib,/lost+found,/initrd

=20

[printers]

comment =3D All Printers

path =3D /var/spool/samba

create mask =3D 0700

guest ok =3D Yes

printable =3D Yes

browseable =3D No

=20

[print$]

path =3D /var/lib/samba/printers

write list =3D @adm, root

inherit permissions =3D Yes

guest ok =3D Yes

=20

[admin]

path =3D /

valid users =3D @adm, root, jtaylor

admin users =3D @adm, root, jtaylor

read only =3D No

browseable =3D No

=20

Thank you all

=20

James Taylor

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba