Pdc Nie Mozna Dolączyć Xp Do Domeny Fdc3

[dawidson]

Witam,

Problem polega na tym, odpalilem sambe Pieknie w firmie działa to dlaczego nie w domciu

Ustawiłem ją jako kontroler domeny itd..

Dodałem uzytkownika

smbpasswd -a root

i pieknie dodał stworzył pliki z użytkownikami itd.

 

Plik mam skonfigurowany tak

--------------------------------------------------------------------------- ----------

[global]

 

# workgroup = NT-Domain-Name or Workgroup-Name

netbios name = database

workgroup = test.pl

# server string is the equivalent of the NT Description field

server string = Samba Server %v

interfaces = 192.168.0.50/255.255.255.0

 

# this tells Samba to use a separate log file for each machine

# that connects

log file = /var/log/samba/%m.log

# all log information in one file

log file = /var/log/samba/smbd.log

 

# Put a capping on the size of the log files (in Kb).

max log size = 50

 

 

 

# You may wish to use password encryption. Please read

# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.

# Do not enable this option unless you have read those documents

 

smb passwd file = /etc/samba/smbpasswd

encrypt passwords = yes

 

hosts allow = 192.168.0. 127.

 

# Browser Control Options:

# set local master to no if you don't want Samba to become a master

# browser on your network. Otherwise the normal election rules apply

local master = yes

 

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

os level = 64

 

# Domain Master specifies Samba to be the Domain Master Browser. This

# allows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

domain master = yes

 

# Preferred Master causes Samba to force a local browser election on startup

# and gives it a slightly higher chance of winning the election

preferred master = yes

 

# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations.

domain logons = yes

 

#============================ Share Definitions ==============================

[homes]

comment = Home Directories

browseable = no

writeable = yes

 

# Un-comment the following and create the netlogon directory for Domain Logons

[netlogon]

comment = Network Logon Service

path = /etc/samba/netlogon

guest ok = yes

 

 

 

# Un-comment the following to provide a specific roving profile share

# the default is to use the user's home directory

[Profiles]

path = /samba/profiles

browseable = no

guest ok = yes

 

 

[sambatest]

comment = Katalog udostepniony

path = /sambatest

writeable = yes

guest ok = yes

--------------------------------------------------------------------------- -----

 

Kiedy przezucam sie na maszyne xp i chce dodac ja do domeny to loguje sie jako root

podaje haslo a on mi wyswietla ze nie ma takiego uzytkownika lub zle haslo

 

Juz sie pooddaje przeszukalem cale google chyba

 

Kiedy dodam znowu jeszcze jednego uzytkownika np daw i haslo

to kiedy tym uzytkownikiem chce dodac to mowi ze brak dostepu

 

Co jest nie tak

Jedynie z drugim uzytkownikiem jest wpis w logach ze init print ACCESS_DENIED

Na maszynie xp jest uzytkownik z uprawnieniami admina

Jezeli chodzi o plik smbusers jest wpis root=Administrator Admin

Czy ktos spotkal sie z tym problemem Czego tu brakuje

[ati]

Żeby korzystać z logowania do domeny w Windows 2000/XP/2003 należy posiadać konto zwykłe konto na serwerze będącym podstawowym kontrolerem domeny (PDC) oraz owe konto musi być uaktywnione jako konto SMB. Owe konto SMB posiada inne hasło mimo tego samego loginu jak na zwykłym koncie, gdyż baza haseł miedzy nimi nie jest synchronizowana. Dodatkowo Windows 2000/XP/2003 wymaga posiadania tzw. konta zaufania maszyny. Test to specjalny rodzaj konta na serwerze charakteryzujący się m.in. tym że musi mięć koniecznie tą sama nazwę co nazwa twojego komputera w sieci LAN (tzw. nazwa NetBiosowa) i służy tylko do Logowania do domeny dla Windows 2000/XP/2003 czyli opartych na rodzinie Windows NT.

Jeśli używasz Windows XP musisz pobrać i zaaplikować dla twojego systemu poniższy plik rejestru:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000

dodanie konta zaufania maszyny

/usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

 

Dokładniej poczytaj sobie na banita.pl

[dawidson]

tak jest ok. przeczytałem ale nadal nie znajduje użytkownika

Podczas dąłączenia do domeny jest komunikat

Nie można odnalezc uzytkownika.

 

Zmieniłem plik samby i (_wziołem_ → wziąłem) ORT z firmy taki jaki jest na mandrake? który działa bez problemów:

#======================= Global Settings =====================================

[global]

 

# 1. Server Naming Options:

# workgroup = NT-Domain-Name or Workgroup-Name

workgroup = test.pl

 

# netbios name is the name you will see in "Network Neighbourhood", # but defaults to your hostname ; netbios name = <name_of_this_server>

 

# server string is the equivalent of the NT Description field

server string = Samba Server %v

 

# Message command is run by samba when a "popup" message is sent to it. # The example below is for use with LinPopUp: ; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

 

# 2. Printing Options:

# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK # (as cups is now used in linux-mandrake 7.2 by default) # if you want to automatically load your printer list rather # than setting them up individually then you'll need this

printcap name = cups

load printers = yes

 

# It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx, cups

printing = cups

 

# Samba 2.2 supports the Windows NT-style point-and-print feature. To # use this, you need to be able to upload print drivers to the samba # server. The printer admins (or root) may install drivers onto samba. # Note that this feature uses the print$ share, so you will need to

# enable it below.

# printer admin = @<group> <user>

printer admin = @adm

# This should work well for winbind:

; printer admin = @"Domain Admins"

 

# 3. Logging Options:

# this tells Samba to use a separate log file for each machine # that connects

log file = /var/log/samba/log.%m

 

# Put a capping on the size of the log files (in Kb).

max log size = 50

 

# Set the log (verbosity) level (0 <= log level <= 10)

; log level = 3

 

 

# Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # Allow users to map to guest:

map to guest = bad user

 

# Security mode. Most people will want user level security. See # security_level.txt for details.

security = user

# Use password server option only with security = server or security = domain # When using security = domain, you should use password server = *

; password server = <NT-Server-Name>

; password server = *

 

 

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

 

 

 

 

template homedir = /home/%D/%U

 

 

# 5. Browser Control and Networking Options:

# Most people will find that this option gives better performance. # See speed.txt and the manual pages for details

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

 

 

# Configure remote browse list synchronisation here

# request announcement to, or browse list sync from:

# a specific host or from / to a whole subnet (see below)

; remote browse sync = 192.168.3.25 192.168.5.255

# Cause this host to announce itself to local subnets here

; remote announce = 192.168.1.255 192.168.2.44

 

# set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply

local master = yes

 

# OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable

os level = 65

 

# Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job

domain master = yes

 

# Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election

preferred master = yes

 

# 6. Domain Control Options:

# Enable this if you want Samba to be a domain logon server for

# Windows95 workstations or Primary Domain Controller for WinNT and Win2k

domain logons = yes

 

# if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine)

logon script = %m.bat

# run a specific logon batch file per username

logon script = %U.bat

 

# Where to store roaming profiles for WinNT and Win2k

# %L substitutes for this servers netbios name, %U is username

# You must uncomment the [Profiles] share below

logon path = \\%L\Profiles\%U

 

# Where to store roaming profiles for Win9x. Be careful with this as it also # impacts where Win2k finds it's /HOME share

logon home = \\%L\%U\.profile

 

 

# The add user script is used by a domain member to add local user accounts # that have been authenticated by the domain controller, or when adding # users via the Windows NT Tools (ie User Manager for Domains).

 

# Scripts for file (passwd, smbpasswd) backend:

add user script = /usr/sbin/useradd -s /bin/false '%u'

delete user script = /usr/sbin/userdel '%s'

add user to group script = /usr/bin/gpasswd -a '%u' '%g'

delete user from group script = /usr/bin/gpasswd -d '%u' '%g'

set primary group script = /usr/sbin/usermod -g '%g' '%u'

add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'

delete group script = /usr/sbin/groupdel '%g'

 

 

 

# The add machine script is use by a samba server configured as a domain # controller to add local machine accounts when adding machines to the domain. # The script must work from the command line when replacing the macros, # or the operation will fail. Check that groups exist if forcing a group. # Script for domain controller for adding machines:

add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u # Script for domain controller with LDAP backend for adding machines (please # configure in /etc/samba/smbldap_conf.pm first):

; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u

 

# Domain groups:

# Domain groups are now configured by using the 'net groupmap' tool

 

# Samba Password Database configuration:

# Samba now has runtime-configurable password database backends. Multiple # passdb backends may be used, but users will only be added to the first one # Default:

passdb backend = smbpasswd guest

 

dns proxy = no

 

dos charset = 852

unix charset = ISO8859-2

 

 

#============================ Share Definitions ============================== [homes]

comment = Home Directories

browseable = no

 

# Un-comment the following and create the netlogon directory for Domain Logons [netlogon]

comment = Network Logon Service

path = /var/lib/samba/netlogon

guest ok = yes

writable = no

 

#Uncomment the following 2 lines if you would like your login scripts to #be created dynamically by ntlogon (check that you have it in the correct #location (the default of the ntlogon rpm available in contribs)

root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon

root postexec = rm -f /var/lib/samba/netlogon/%U.bat

 

# Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [Profiles]

path = /etc/samba/profiles

browseable = no

guest ok = yes

# This script can be enabled to create profile directories on the fly # You may want to turn off guest acces if you enable this, as it # hasn't been thoroughly tested.

root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \

then mkdir -pm700 $PROFILE; chown %u.%g $PROFILE;fi

# =====================================

# print command: see above for details.

# =====================================

print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.

 

[pdf-generator]

path = /var/tmp

guest ok = No

printable = Yes

comment = PDF Generator (only valid users)

#print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &

print command = /usr/share/samba/scripts/print-pdf %s ~%u //%L/%u %m %I "%J" &

 

 

 

# a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. [pchome]

comment = PC Directories

path = /usr/pc/%m

public = no

writable = yes

 

# A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. [interbase]

[sambatest]

comment = arix pliki

path = /sambatest

public = yes

; only guest = yes

writable = yes

admin users=arix

create mask = 777

directory mask = 777

force create mode = 777

; printable = no