windows 7 unable to join domain
in [Samba]
|
From: Alberto Moreno on 15 Jun 2010 13:50 On Tue, Jun 15, 2010 at 9:57 AM, <tms3(a)tms3.com> wrote: > > > > On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: > > On Mon, Jun 14, 2010 at 11:45 PM, <tms3(a)tms3.com> wrote: > > > > --- Original message --- > Subject: Re: [Samba] windows 7 unable to join domain > From: Alberto Moreno <portsbsd(a)gmail.com> > To: <samba(a)lists.samba.org> > Date: Monday, 14/06/2010 11:03 PM > > On Mon, Jun 14, 2010 at 6:11 PM, <tms3(a)tms3.com> wrote: > > > > > SNIP > > I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5.  I currently have > many Windows XP clients associated with the domain and behaving correctly. > However, I am unable to join a Windows 7 PC.  I receive "The specified > network name is no longer available." > > I've verified that DNS is configured correctly, and as stated XP machines > have no problem joining. > > http://wiki.samba.org/index.php/Windows7 > > There's a reg file that comes with the source code.  Not sure about binary > packages. > > Cheers, > > SNIP > -- > To unsubscribe from this list go to the following URL and read the > instructions:  https://lists.samba.org/mailman/options/samba > > > Like tms3 told u, we have to make some changes to the register before > we join ms 7 to the domain, I already did and works, no issue. > > Another thing I see in your smb.conf: > > security = DOMAIN. > > In my little knowledge about samba, if u have a PDC it must say: > > security = user. > > Went u add a BDC it must say: > > security = DOMAIN. > > I disagree on the last point. > > Security = user is default, so no entry necessary. > > For PDC I use: > >        os level = 64 >        preferred master = Yes >        domain logons =Yes >        domain master = Yes > > For BDC I use (if on separate nodes) > >      �� os level = 64 >        preferred master = Yes >        domain logons =Yes >        domain master = no > > If on same node > >        os level = 60 >        preferred master = Auto >        domain logons =Yes >        domain master = no > > > "In domain security mode, the Samba server has a machine account > (domain security trust account) and causes all authentication requests > to be passed through to the domain controllers. The Samba server is > made into a domain member server by using the following directives in > smb.conf." > > "security = domain" > > Hi. > > I point this because on his smb.conf file he us using security=domain, > by default like u say is =user. > > Oh, not trying to be a snit, just that if you use sec=domain then the BDC > will call the PDC for authing. It will work, it's just that it kinda (IMHO) > makes the BDC sorta useless. And over WAN links wastes bandwidth. > > Cheers, > > > Thanks!!! > > Last thing, smbldap-tools using the base repo from Centos 5.5 depend > on Samba-3.0.x, u must build your own rpm to work with samba3x. > > My two cents. > -- > LIving the dream... > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > -- > LIving the dream... > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > No problem my friend, we are here to learn, thanks for sharing. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Alberto Moreno on 15 Jun 2010 14:00 On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno <portsbsd(a)gmail.com> wrote: > On Tue, Jun 15, 2010 at 9:57 AM,  <tms3(a)tms3.com> wrote: >> >> >> >> On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: >> >> On Mon, Jun 14, 2010 at 11:45 PM, <tms3(a)tms3.com> wrote: >> >> >> >> --- Original message --- >> Subject: Re: [Samba] windows 7 unable to join domain >> From: Alberto Moreno <portsbsd(a)gmail.com> >> To: <samba(a)lists.samba.org> >> Date: Monday, 14/06/2010 11:03 PM >> >> On Mon, Jun 14, 2010 at 6:11 PM, <tms3(a)tms3.com> wrote: >> >> >> >> >> SNIP >> >> I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5.  I currently have >> many Windows XP clients associated with the domain and behaving correctly. >> However, I am unable to join a Windows 7 PC.  I receive "The specified >> network name is no longer available." >> >> I've verified that DNS is configured correctly, and as stated XP machines >> have no problem joining. >> >> http://wiki.samba.org/index.php/Windows7 >> >> There's a reg file that comes with the source code.  Not sure about binary >> packages. >> >> Cheers, >> >> SNIP >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:  https://lists.samba.org/mailman/options/samba >> >> >> Like tms3 told u, we have to make some changes to the register before >> we join ms 7 to the domain, I already did and works, no issue. >> >> Another thing I see in your smb.conf: >> >> security = DOMAIN. >> >> In my little knowledge about samba, if u have a PDC it must say: >> >> security = user. >> >> Went u add a BDC it must say: >> >> security = DOMAIN. >> >> I disagree on the last point. >> >> Security = user is default, so no entry necessary. >> >> For PDC I use: >> >>        os level = 64 >>        preferred master = Yes >>        domain logons =Yes >>        domain master = Yes >> >> For BDC I use (if on separate nodes) >> >>      �� os level = 64 >>        preferred master = Yes >>        domain logons =Yes >>        domain master = no >> >> If on same node >> >>        os level = 60 >>        preferred master = Auto >>        domain logons =Yes >>        domain master = no >> >> >> "In domain security mode, the Samba server has a machine account >> (domain security trust account) and causes all authentication requests >> to be passed through to the domain controllers. The Samba server is >> made into a domain member server by using the following directives in >> smb.conf." >> >> "security = domain" >> >> Hi. >> >> I point this because on his smb.conf file he us using security=domain, >> by default like u say is =user. >> >> Oh, not trying to be a snit, just that if you use sec=domain then the BDC >> will call the PDC for authing. It will work, it's just that it kinda (IMHO) >> makes the BDC sorta useless. And over WAN links wastes bandwidth. >> >> Cheers, >> >> >> Thanks!!! >> >> Last thing, smbldap-tools using the base repo from Centos 5.5 depend >> on Samba-3.0.x, u must build your own rpm to work with samba3x. >> >> My two cents. >> -- >> LIving the dream... >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> -- >> LIving the dream... >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > > No problem my friend, we are here to learn, thanks for sharing. > > -- > LIving the dream... > U say that u already have some XP clients on your domain, which meant that works. U are trying to add a Windows 7 capable of being able to be part of a Domain, like Ultimate Edition or compatible right? not a Home Edition. U are using ldap on centos, which is working? Because u have XP clients inside the domain, they can see the PDC of your domain? Could u please give us the output of testparm+testparm of your PDC. Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Cain, Marc on 15 Jun 2010 14:40 On Jun 15, 2010, at 1:42 AM, Ciernik Tomas wrote: >> Hi, >> >> I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently have >> many Windows XP clients associated with the domain and behaving correctly. >> However, I am unable to join a Windows 7 PC. I receive "The specified >> network name is no longer available." > >> I've verified that DNS is configured correctly, and as stated XP machines >> have no problem joining. >> >> Per some googling, I've turned off both: >> >> *- Network security:Minimum session security for NTLM SSP (including RPC >> based) Clients* >> - *Network security:Minimum session security for NTLM SSP (including RPC >> based) Servers* >> >> and changed "*Network Security LAN Manager authentication level*" to "*Send >> LM& NTLM use NTLMv2 session security if negotiated*" in the Local >> Security Policies. See: http://wiki.samba.org/index.php/Windows7 for the correct settings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Alberto Moreno on 15 Jun 2010 16:40 On Tue, Jun 15, 2010 at 1:04 PM, delpheye <delpheye(a)gmail.com> wrote: > results of testparm -v: > > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[netlogon]" > Processing section "[profiles]" > Processing section "[public]" > Processing section "[former.employees]" > Processing section "[temp]" > Processing section "[joadmin]" > Processing section "[labs]" > Processing section "[business]" > Loaded services file OK. > WARNING: You have some share names that are longer than 12 characters. > These may not be accessible to some older clients. > (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > [global] >    dos charset = CP850 >    unix charset = UTF-8 >    display charset = LOCALE >    workgroup = DOMAIN.COM >    realm = >    netbios name = DOMAIN-FS >    netbios aliases = >    netbios scope = >    server string = Samba 3.3.8-0.51.el5 >    interfaces = >    bind interfaces only = No >    config backend = file >    security = USER >    auth methods = >    encrypt passwords = Yes >    update encrypted = No >    client schannel = Auto >    server schannel = Auto >    allow trusted domains = Yes >    map to guest = Never >    null passwords = No >    obey pam restrictions = No >    password server = * >    smb passwd file = /var/lib/samba/private/smbpasswd >    private dir = /var/lib/samba/private >    passdb backend = ldapsam:ldap://127.0.0.1 >    algorithmic rid base = 1000 >    root directory = >    guest account = nobody >    enable privileges = Yes >    pam password change = No >    passwd program = /usr/bin/passwd '%u' >    passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" > %n\n "*updated successfully*" >    passwd chat debug = No >    passwd chat timeout = 2 >    check password script = >    username map = /etc/samba/smbusers >    password level = 0 >    username level = 0 >    unix password sync = Yes >    restrict anonymous = 0 >    lanman auth = No >    ntlm auth = Yes >    client NTLMv2 auth = No >    client lanman auth = No >    client plaintext auth = No >    preload modules = >    use kerberos keytab = No >    log level = 5 >    syslog = 1 >    syslog only = No >    log file = >    max log size = 5000 >    debug timestamp = Yes >    debug prefix timestamp = No >    debug hires timestamp = No >    debug pid = No >    debug uid = No >    debug class = No >    enable core files = Yes >    smb ports = 445 139 >    large readwrite = Yes >    max protocol = NT1 >    min protocol = CORE >    min receivefile size = 0 >    read raw = Yes >    write raw = Yes >    disable netbios = No >    reset on zero vc = No >    acl compatibility = auto >    defer sharing violations = Yes >    nt pipe support = Yes >    nt status support = Yes >    announce version = 4.9 >    announce as = NT >    max mux = 50 >    max xmit = 16644 >    name resolve order = wins bcast hosts >    max ttl = 259200 >    max wins ttl = 518400 >    min wins ttl = 21600 >    time server = No >    unix extensions = Yes >    use spnego = Yes >    client signing = auto >    server signing = No >    client use spnego = Yes >    client ldap sasl wrapping = plain >    enable asu support = No >    svcctl list = >    deadtime = 0 >    getwd cache = Yes >    keepalive = 300 >    lpq cache time = 30 >    max smbd processes = 0 >    paranoid server security = Yes >    max disk size = 0 >    max open files = 10000 >    socket options = TCP_NODELAY >    use mmap = Yes >    hostname lookups = No >    name cache timeout = 660 >    ctdbd socket = >    cluster addresses = >    clustering = No >    load printers = Yes >    printcap cache time = 750 >    printcap name = cups >    cups server = >    cups connection timeout = 30 >    iprint server = >    disable spoolss = No >    addport command = >    enumports command = >    addprinter command = >    deleteprinter command = >    show add printer wizard = Yes >    os2 driver map = >    mangling method = hash2 >    mangle prefix = 1 >    max stat cache size = 256 >    stat cache = Yes >    machine password timeout = 604800 >    add user script = /usr/sbin/smbldap-useradd -m "%u" >    rename user script = >    delete user script = /usr/sbin/smbldap-userdel "%u" >    add group script = /usr/sbin/smbldap-groupadd -p "%g" >    delete group script = /usr/sbin/smbldap-groupdel "%g" >    add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" >    delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" >    set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" >    add machine script = /usr/sbin/smbldap-useradd -w "%u" >    shutdown script = >    abort shutdown script = >    username map script = >    logon script = logon.bat >    logon path = \\domain-fs\profiles\%u >    logon drive = H: >    logon home = \\domain-fs\%U >    domain logons = Yes >    init logon delayed hosts = >    init logon delay = 100 >    os level = 64 >    lm announce = Auto >    lm interval = 5 >    preferred master = Yes >    local master = Yes >    domain master = Yes >    browse list = Yes >    enhanced browsing = Yes >    dns proxy = Yes >    wins proxy = No >    wins server = >    wins support = Yes >    wins hook = >    kernel oplocks = Yes >    lock spin time = 200 >    oplock break wait time = 0 >    ldap admin dn = cn=root,dc=domain,dc=com >    ldap delete dn = Yes >    ldap group suffix = ou=Groups >    ldap idmap suffix = ou=Idmap >    ldap machine suffix = ou=Computers >    ldap passwd sync = no >    ldap replication sleep = 1000 >    ldap suffix = dc=domain,dc=com >    ldap ssl = no >    ldap ssl ads = No >    ldap timeout = 15 >    ldap connection timeout = 2 >    ldap page size = 1024 >    ldap user suffix = ou=Users >    ldap debug level = 0 >    ldap debug threshold = 10 >    eventlog list = >    add share command = >    change share command = >    delete share command = >    config file = >    preload = >    lock directory = /var/lib/samba >    pid directory = /var/run >    utmp directory = >    wtmp directory = >    utmp = No >    default service = >    message command = >    get quota command = >    set quota command = >    remote announce = >    remote browse sync = >    socket address = 0.0.0.0 >    homedir map = auto.home >    afs username map = >    afs token lifetime = 604800 >    log nt token command = >    time offset = 0 >    NIS homedir = No >    registry shares = No >    usershare allow guests = No >    usershare max shares = 0 >    usershare owner only = Yes >    usershare path = /var/lib/samba/usershares >    usershare prefix allow list = >    usershare prefix deny list = >    usershare template share = >    panic action = >    host msdfs = Yes >    passdb expand explicit = No >    idmap backend = tdb >    idmap alloc backend = >    idmap cache time = 604800 >    idmap negative cache time = 120 >    idmap uid = 10000-20000 >    idmap gid = 10000-20000 >    template homedir = /home/%D/%U >    template shell = /bin/false >    winbind separator = \ >    winbind cache time = 300 >    winbind reconnect delay = 30 >    winbind enum users = No >    winbind enum groups = No >    winbind use default domain = No >    winbind trusted domains only = No >    winbind nested groups = Yes >    winbind expand groups = 1 >    winbind nss info = template >    winbind refresh tickets = No >    winbind offline logon = No >    winbind normalize names = No >    winbind rpc only = No >    comment = >    path = >    username = >    invalid users = >    valid users = >    admin users = >    read list = >    write list = >    printer admin = >    force user = >    force group = >    read only = Yes >    acl check permissions = Yes >    acl group control = No >    acl map full control = Yes >    create mask = 0744 >    force create mode = 00 >    security mask = 0777 >    force security mode = 00 >    directory mask = 0755 >    force directory mode = 00 >    directory security mask = 0777 >    force directory security mode = 00 >    force unknown acl user = No >    inherit permissions = No >    inherit acls = No >    inherit owner = No >    guest only = No >    administrative share = No >    guest ok = No >    only user = No >    hosts allow = >    hosts deny = >    allocation roundup size = 1048576 >    aio read size = 0 >    aio write size = 0 >    aio write behind = >    ea support = No >    nt acl support = Yes >    profile acls = No >    map acl inherit = No >    afs share = No >    smb encrypt = auto >    block size = 1024 >    change notify = Yes >    directory name cache size = 100 >    kernel change notify = Yes >    max connections = 0 >    min print space = 0 >    strict allocate = No >    strict sync = No >    sync always = No >    use sendfile = No >    write cache size = 0 >    max reported print jobs = 0 >    max print jobs = 1000 >    printable = No >    printing = cups >    cups options = >    print command = >    lpq command = %p >    lprm command = >    lppause command = >    lpresume command = >    queuepause command = >    queueresume command = >    printer name = >    use client driver = No >    default devmode = Yes >    force printername = No >    printjob username = %U >    default case = lower >    case sensitive = Auto >    preserve case = Yes >    short preserve case = Yes >    mangling char = ~ >    hide dot files = Yes >    hide special files = No >    hide unreadable = No >    hide unwriteable files = No >    delete veto files = No >    veto files = >    hide files = >    veto oplock files = >    map archive = Yes >    map hidden = No >    map system = No >    map readonly = yes >    mangled names = Yes >    store dos attributes = No >    dmapi support = No >    browseable = Yes >    blocking locks = Yes >    csc policy = manual >    fake oplocks = No >    locking = Yes >    oplocks = Yes >    level2 oplocks = Yes >    oplock contention limit = 2 >    posix locking = Yes >    strict locking = Auto >    share modes = Yes >    dfree cache time = 0 >    dfree command = >    copy = >    include = >    preexec = >    preexec close = No >    postexec = >    root preexec = >    root preexec close = No >    root postexec = >    available = Yes >    volume = >    fstype = NTFS >    set directory = No >    wide links = Yes >    follow symlinks = Yes >    dont descend = >    magic script = >    magic output = >    delete readonly = No >    dos filemode = No >    dos filetimes = Yes >    dos filetime resolution = No >    fake directory create times = No >    vfs objects = >    msdfs root = No >    msdfs proxy = > > [homes] >    comment = Home Directories >    valid users = %S >    read only = No >    browseable = No > > [netlogon] >    comment = Network Logon Service >    path = /home/netlogon >    guest ok = Yes > > [profiles] >    comment = Network Profiles Share >    path = /data/profiles >    read only = No >    create mask = 0600 >    directory mask = 0700 >    hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ >    store dos attributes = Yes >    browseable = No > > [public] >    path = /data/public >    valid users = "@Domain Users" >    read only = No >    create mask = 0755 >    guest ok = Yes > > [former.employees] >    path = /data/former.employees >    valid users = "@Domain Users" >    read only = No >    create mask = 0755 >    guest ok = Yes > > [temp] >    path = /data/temp >    valid users = "@Domain Users" >    read only = No >    create mask = 0755 >    guest ok = Yes > > > [joadmin] >    comment = Jo Admin >    path = /data/jo-admin >    valid users = joxxx >    write list = "@domain users" >    read only = No >    create mask = 0775 >    directory mask = 0775 > > [labs] >    comment = Labs Data >    path = /data/labs >    valid users = "@Domain Users" >    write list = "@Domain Users" >    read only = No >    create mask = 0775 >    directory mask = 0770 >    guest ok = Yes > > [business] >    comment = Business Docs >    path = /data/Business >    valid users = "@Business Users" >    read only = No >    create mask = 0775 >    directory mask = 0775 > > > On Tue, Jun 15, 2010 at 12:52 PM, Alberto Moreno <portsbsd(a)gmail.com> wrote: >> >> On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno <portsbsd(a)gmail.com> >> wrote: >> > On Tue, Jun 15, 2010 at 9:57 AM,  <tms3(a)tms3.com> wrote: >> >> >> >> >> >> >> >> On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote: >> >> >> >> On Mon, Jun 14, 2010 at 11:45 PM, <tms3(a)tms3.com> wrote: >> >> >> >> >> >> >> >> --- Original message --- >> >> Subject: Re: [Samba] windows 7 unable to join domain >> >> From: Alberto Moreno <portsbsd(a)gmail.com> >> >> To: <samba(a)lists.samba.org> >> >> Date: Monday, 14/06/2010 11:03 PM >> >> >> >> On Mon, Jun 14, 2010 at 6:11 PM, <tms3(a)tms3.com> wrote: >> >> >> >> >> >> >> >> >> >> SNIP >> >> >> >> I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5.  I currently >> >> have >> >> many Windows XP clients associated with the domain and behaving >> >> correctly. >> >> However, I am unable to join a Windows 7 PC.  I receive "The specified >> >> network name is no longer available." >> >> >> >> I've verified that DNS is configured correctly, and as stated XP >> >> machines >> >> have no problem joining. >> >> >> >> http://wiki.samba.org/index.php/Windows7 >> >> >> >> There's a reg file that comes with the source code.  Not sure about >> >> binary >> >> packages. >> >> >> >> Cheers, >> >> >> >> SNIP >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions:  https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> Like tms3 told u, we have to make some changes to the register before >> >> we join ms 7 to the domain, I already did and works, no issue. >> >> >> >> Another thing I see in your smb.conf: >> >> >> >> security = DOMAIN. >> >> >> >> In my little knowledge about samba, if u have a PDC it must say: >> >> >> >> security = user. >> >> >> >> Went u add a BDC it must say: >> >> >> >> security = DOMAIN. >> >> >> >> I disagree on the last point. >> >> >> >> Security = user is default, so no entry necessary. >> >> >> >> For PDC I use: >> >> >> >>        os level = 64 >> >>        preferred master = Yes >> >>        domain logons =Yes >> >>        domain master = Yes >> >> >> >> For BDC I use (if on separate nodes) >> >> >> >>      �� os level = 64 >> >>        preferred master = Yes >> >>        domain logons =Yes >> >>        domain master = no >> >> >> >> If on same node >> >> >> >>        os level = 60 >> >>        preferred master = Auto >> >>        domain logons =Yes >> >>        domain master = no >> >> >> >> >> >> "In domain security mode, the Samba server has a machine account >> >> (domain security trust account) and causes all authentication requests >> >> to be passed through to the domain controllers. The Samba server is >> >> made into a domain member server by using the following directives in >> >> smb.conf." >> >> >> >> "security = domain" >> >> >> >> Hi. >> >> >> >> I point this because on his smb.conf file he us using security=domain, >> >> by default like u say is =user. >> >> >> >> Oh, not trying to be a snit, just that if you use sec=domain then the >> >> BDC >> >> will call the PDC for authing. It will work, it's just that it kinda >> >> (IMHO) >> >> makes the BDC sorta useless. And over WAN links wastes bandwidth. >> >> >> >> Cheers, >> >> >> >> >> >> Thanks!!! >> >> >> >> Last thing, smbldap-tools using the base repo from Centos 5.5 depend >> >> on Samba-3.0.x, u must build your own rpm to work with samba3x. >> >> >> >> My two cents. >> >> -- >> >> LIving the dream... >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> >> >> -- >> >> LIving the dream... >> >> -- >> >> To unsubscribe from this list go to the following URL and read the >> >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> >> > >> > No problem my friend, we are here to learn, thanks for sharing. >> > >> > -- >> > LIving the dream... >> > >> >> U say that u already have some XP clients on your domain, which meant >> that works. >> >> U are trying to add a Windows 7 capable of being able to be part of a >> Domain, like Ultimate Edition or compatible right? not a Home Edition. >> >> U are using ldap on centos, which is working? Because u have XP >> clients inside the domain, they can see the PDC of your domain? >> >> Could u please give us the output of testparm+testparm of your PDC. >> >> Thanks!!! >> >> -- >> LIving the dream... >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions:  https://lists.samba.org/mailman/options/samba > This is my smb.conf which I had setup this week, I have here Windows XP+Windows 7 UE. [global] unix charset = UTF8 workgroup = BOMBOM server string = PDC Server interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://172.16.5.152/ pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/usermap password level = 6 unix password sync = Yes log level = 1 log file = /var/log/samba/%m.log max log size = 500 name resolve order = wins hosts bcast lmhost socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %m logon path = logon home = domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=bombom,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=bombom,dc=com ldap ssl = no ldap user suffix = ou=Users host msdfs = No idmap backend = ldap:ldap://172.16.5.152 idmap uid = 10000-20000 idmap gid = 10000-20000 hosts allow = 172.16.0.0/16, 127. hosts deny = 0.0.0.0 map acl inherit = Yes map archive = No[netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes locking = No [homes] comment = Home Directories valid users = %S read only = No browseable = No [Public] comment = Public Folder path = /opt/public read only = No create mask = 0775 directory mask = 0775 guest ok = Yes [IT] path = /opt/it valid users = @it write list = @BOMBOM\it force group = @BOMBOM\it read only = No force create mode = 0770 directory mask = 0770 [Account] path = /opt/account valid users = @account write list = @BOMBOM\accounts force group = @BOMBOM\account read only = No force create mode = 0770 directory mask = 0770 map readonly = no store dos attributes = Yes This is my account for the windows 7 client: pdbedit -Lv bom-win7ue$ Unix username: bom-win7ue$ NT username: bom-win7ue$ Account Flags: [W ] User SID: S-1-5-21-506473411-1786020119-2248725859-1002 Primary Group SID: S-1-5-21-506473411-1786020119-2248725859-515 Full Name: BOM-WIN7UE$ Home Directory: HomeDir Drive: Logon Script: Profile Path: Domain: BOMBOM Account desc: Computer Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Mon, 14 Jun 2010 07:33:00 PDT Password can change: Mon, 14 Jun 2010 07:33:00 PDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF net groupmap list Domain Admins (S-1-5-21-506473411-1786020119-2248725859-512) -> Domain Admins Domain Users (S-1-5-21-506473411-1786020119-2248725859-513) -> Domain Users Domain Guests (S-1-5-21-506473411-1786020119-2248725859-514) -> Domain Guests Domain Computers (S-1-5-21-506473411-1786020119-2248725859-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators it (S-1-5-21-506473411-1786020119-2248725859-3007) -> it account (S-1-5-21-506473411-1786020119-2248725859-3009) -> account My domain groups are there. smbclient -L \\pdc-srv -U test1 Enter test1's password: Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (PDC Server) Contabilidad Disk Sistemas Disk Public Disk Public Folder netlogon Disk Network Logon Service test1 Disk Home Directories Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5] Server Comment --------- ------- BOM-WIN7UE Windows 7 Domain PIM-WINXPA vbWinXP PDC-SRV PDC Server Workgroup Master --------- ------- BOMBOM PDC-SRV I didn't disable anything from windows 7 like the firewall, I just make the change to the register on windows 7 like the wiki told us, restart windows 7 and done, I could add the client to the domain. Hope this file help to find the issue, u could setup a vm with windows 7 and start from scratch. See u latter!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Pages: 1 2 Prev: [Samba] windows 7 unable to join domain Next: [Samba] samba to update DDNS |