HELP W/ SAMBA PLEASE

[sardiskan]

I am trying to get my gentoo box to be a PDC for my domain. Everying seems to work fine, except that when a win comptuer tries to join the domain, it will be rejected unless I go through and add the machine account to the linux box. I would have to run this command for every box.

[stamperb]

I'm stuck with the exact same situation. Everything else works awesome but the auto creation of the machine accounts. Must be looking at the same document from ibm . I'm activly seraching and if i find anything i'll post here.
Thanks,

[stamperb]

OK i think i have something here. Found it a few threads down in my search.
1. rather than add user script use add machine script.
2. the -M doesn't seem to be necisarry. Might be a gentoo thing??

Man adduser says:
-M RedHat added the CREATE_HOME option in login.defs in their ver-
sion of shadow-utils (which makes -m the default, with new -M
option to turn it off). Unfortunately, this changes the way
useradd works (it can be run by scripts expecting some standard
behaviour), compared to other Unices and other Linux distribu-
tions, and also adds a lot of confusion.

so in total (i've not had a chance to give this a shot yet but will tonight when i get home.

add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines %u

I found this here
https://forums.gentoo.org/viewtopic.php?t=211074&highlight=samba+pdc
The only thing he doesn't do is add the -g machines which is a group add for the new user and shouldn't make any difference. I'll attempt this tonight when i get home from work and see if that fixes the problem.

[sardiskan]

Hey cool, I'll give that a try, thanks for your assistance.
_________________
Unless a grain of wheat falls to the ground and dies, it remains only a single seed.

[stamperb]

Couple more notes.
1 - hopefully you can rename this thread to solved!! I've made this change on my setup and it worked the machine accounts using the line above get created just fine.

2 - My setup uses roaming profiles. When logging in i get the desktop.ini opening up in the notepad window. Its no big deal but annoying. So i've added:
hide files = /desktop.ini/
To my Profiles share in the smb.conf. This seems to solve that issue.

3 - the next issue was with the net groupmap stuff:
The Samba 3 by example says to use:
net groupmap modify ntgroup="Domain Admins" unixgroup=root

Makes since but if i do this for whatever reason when i add a user to the Root group they cannot login to the domain on the windows pc's.

Instead i created a group called admins and ran:
net groupmap modify ntgroup="Domain Admins" unixgroup=admins

When i log in w/ anyone who is a part of the admins group i have the ability to go in and change the domain/computername stuff. If the user does not have the admin group they don't get that option. Just my visible difference here. I'm not sure if this is correct or not but at this point i'm not concerened its working.

I played around messing with settings and deleting accounts and re-creating accounts enough that i think the above holds true.

Windows is anything but SMART so when these changes are made (the net groupmap stuff) i believe removing and re-adding the machines to the domain may be in order.

I eventually will hope to post a how-to on the gentoo-wiki page on the Samba PDC + Gentoo.