add machine script unter samba opensuse 11

Dieses Thema im Forum "SuSE / OpenSuSE" wurde erstellt von gnoovy, 01.09.2008.

  1. #1 gnoovy, 01.09.2008
    Zuletzt von einem Moderator bearbeitet: 01.09.2008
    gnoovy

    gnoovy Eroberer

    Dabei seit:
    20.02.2004
    Beiträge:
    73
    Zustimmungen:
    0
    hi leutz,

    habe nun samba V. 3.2.3-0.1.128-1882 installiert und verwende unter add machine script /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ eingetragen. Ein Windows XP-Client Service Pack 3 habe ich über Computername - Netzwerkkennung in die Domäne eingefügt, um den Root-Account auch gleich als lokaler Administrator hinzuzufügen. Hat auch wunderbar geklappt, nur als ich den User root zur lokalen Administratorengruppe hinzugefügt habe bekam ich die Meldung, dass noch keine Vertrauensstellung zwischen Client und Server besteht. Als ich dann nach der Domänenintegration die Integration wiederholt hatte, kam keine Fehlermeldung. Ich denke, dass die Problematik in dem vorhin noch fehlenden Maschinenkonto auf dem Linux-Server bestand. Allerdings hatte ich früher solche Probleme noch nicht. Woran könnte dies noch liegen? Wenn ich die Domänenintegration nicht mit Netzwerkkennung, sondern mit Ändern durchführe, wird ja der Root-Account nicht automatisch zur lokalen Administratorengruppe hinzugefügt werden. Mache ich noch was falsch? Anbei mal meine smb.conf:

    Code:
    # Samba config file created using SWAT
    # from UNKNOWN (i��z��z�P�b�Ⱥ迎/t��z�A���)
    # Date: 2008/08/31 22:48:53
    
    [global]
    dos charset = CP850
    unix charset = UTF-8
    display charset = LOCALE
    workgroup = LINUXNET.LOCAL
    realm =
    netbios name = LINUX-SERVER01
    netbios aliases =
    netbios scope =
    server string = Samba 3.2.3-0.1.128-1882-SUSE-SL11.0
    interfaces = eth0
    bind interfaces only = Yes
    config backend = file
    security = USER
    auth methods =
    encrypt passwords = Yes
    update encrypted = No
    client schannel = Auto
    server schannel = Auto
    allow trusted domains = Yes
    map to guest = Bad User
    null passwords = No
    obey pam restrictions = No
    password server = *
    smb passwd file = /etc/samba/smbpasswd
    private dir = /etc/samba
    passdb backend = smbpasswd
    algorithmic rid base = 1000
    root directory =
    guest account = nobody
    enable privileges = Yes
    pam password change = No
    passwd program =
    passwd chat = *new*password* %n\n *new*password* %n\n *changed*
    passwd chat debug = No
    passwd chat timeout = 2
    check password script =
    username map = /etc/samba/smbusers
    password level = 0
    username level = 0
    unix password sync = No
    restrict anonymous = 0
    lanman auth = No
    ntlm auth = Yes
    client NTLMv2 auth = No
    client lanman auth = No
    client plaintext auth = No
    preload modules =
    use kerberos keytab = No
    log level = 0
    syslog = 1
    syslog only = No
    log file =
    max log size = 5000
    debug timestamp = Yes
    debug prefix timestamp = No
    debug hires timestamp = No
    debug pid = No
    debug uid = No
    debug class = No
    enable core files = Yes
    smb ports = 445 139
    large readwrite = Yes
    max protocol = NT1
    min protocol = CORE
    min receivefile size = 0
    read raw = Yes
    write raw = Yes
    disable netbios = No
    reset on zero vc = No
    acl compatibility = auto
    defer sharing violations = Yes
    nt pipe support = Yes
    nt status support = Yes
    announce version = 4.9
    announce as = NT
    max mux = 50
    max xmit = 16644
    name resolve order = lmhosts wins host bcast
    max ttl = 259200
    max wins ttl = 518400
    min wins ttl = 21600
    time server = Yes
    unix extensions = Yes
    use spnego = Yes
    client signing = auto
    server signing = No
    client use spnego = Yes
    client ldap sasl wrapping = plain
    enable asu support = No
    svcctl list =
    deadtime = 0
    getwd cache = Yes
    keepalive = 300
    lpq cache time = 30
    max smbd processes = 0
    paranoid server security = Yes
    max disk size = 0
    max open files = 10000
    socket options = TCP_NODELAY
    use mmap = Yes
    hostname lookups = No
    name cache timeout = 660
    ctdbd socket =
    cluster addresses =
    clustering = No
    load printers = Yes
    printcap cache time = 750
    printcap name = cups
    cups server =
    iprint server =
    disable spoolss = No
    addport command =
    enumports command =
    addprinter command =
    deleteprinter command =
    show add printer wizard = Yes
    os2 driver map =
    mangling method = hash2
    mangle prefix = 1
    max stat cache size = 256
    stat cache = Yes
    machine password timeout = 604800
    add user script =
    rename user script =
    delete user script =
    add group script =
    delete group script =
    add user to group script =
    delete user from group script =
    set primary group script =
    add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
    shutdown script =
    abort shutdown script =
    username map script =
    logon script =
    logon path =
    logon drive =
    logon home =
    domain logons = Yes
    os level = 20
    lm announce = Auto
    lm interval = 60
    preferred master = No
    local master = Yes
    domain master = Auto
    browse list = Yes
    enhanced browsing = Yes
    dns proxy = Yes
    wins proxy = No
    wins server =
    wins support = No
    wins hook =
    kernel oplocks = Yes
    lock spin time = 200
    oplock break wait time = 0
    ldap admin dn =
    ldap delete dn = No
    ldap group suffix =
    ldap idmap suffix =
    ldap machine suffix =
    ldap passwd sync = no
    ldap replication sleep = 1000
    ldap suffix =
    ldap ssl = no
    ldap timeout = 15
    ldap connection timeout = 2
    ldap page size = 1024
    ldap user suffix =
    ldap debug level = 0
    ldap debug threshold = 10
    eventlog list =
    add share command =
    change share command =
    delete share command =
    config file =
    preload =
    lock directory = /var/lib/samba
    pid directory = /var/run/samba
    utmp directory =
    wtmp directory =
    utmp = No
    default service =
    message command =
    get quota command =
    set quota command =
    remote announce =
    remote browse sync =
    socket address = 0.0.0.0
    homedir map = auto.home
    afs username map =
    afs token lifetime = 604800
    log nt token command =
    time offset = 0
    NIS homedir = No
    registry shares = No
    usershare allow guests = Yes
    usershare max shares = 0
    usershare owner only = Yes
    usershare path = /var/lib/samba/usershares
    usershare prefix allow list =
    usershare prefix deny list =
    usershare template share =
    panic action =
    host msdfs = Yes
    passdb expand explicit = No
    idmap domains =
    idmap backend =
    idmap alloc backend =
    idmap cache time = 900
    idmap negative cache time = 120
    idmap uid =
    idmap gid =
    template homedir = /home/%D/%U
    template shell = /bin/false
    winbind separator = \
    winbind cache time = 300
    winbind enum users = No
    winbind enum groups = No
    winbind use default domain = No
    winbind trusted domains only = No
    winbind nested groups = Yes
    winbind expand groups = 1
    winbind nss info = template
    winbind refresh tickets = No
    winbind offline logon = No
    winbind normalize names = No
    winbind rpc only = No
    comment =
    path =
    username =
    invalid users =
    valid users =
    admin users =
    read list =
    write list =
    printer admin =
    force user =
    force group =
    read only = Yes
    acl check permissions = Yes
    acl group control = No
    acl map full control = Yes
    create mask = 0744
    force create mode = 00
    security mask = 0777
    force security mode = 00
    directory mask = 0755
    force directory mode = 00
    directory security mask = 0777
    force directory security mode = 00
    force unknown acl user = No
    inherit permissions = No
    inherit acls = No
    inherit owner = No
    guest only = No
    administrative share = No
    guest ok = No
    only user = No
    hosts allow = 192.168.178.
    hosts deny =
    allocation roundup size = 1048576
    aio read size = 0
    aio write size = 0
    aio write behind =
    ea support = No
    nt acl support = Yes
    profile acls = No
    map acl inherit = No
    afs share = No
    smb encrypt = auto
    block size = 1024
    change notify = Yes
    directory name cache size = 100
    kernel change notify = Yes
    max connections = 0
    min print space = 0
    strict allocate = No
    strict sync = No
    sync always = No
    use sendfile = No
    write cache size = 0
    max reported print jobs = 0
    max print jobs = 1000
    printable = No
    printing = cups
    cups options = raw
    print command =
    lpq command = %p
    lprm command =
    lppause command =
    lpresume command =
    queuepause command =
    queueresume command =
    printer name =
    use client driver = No
    default devmode = Yes
    force printername = No
    printjob username = %U
    default case = lower
    case sensitive = Auto
    preserve case = Yes
    short preserve case = Yes
    mangling char = ~
    hide dot files = Yes
    hide special files = No
    hide unreadable = No
    hide unwriteable files = No
    delete veto files = No
    veto files =
    hide files =
    veto oplock files =
    map archive = Yes
    map hidden = No
    map system = No
    map readonly = yes
    mangled names = Yes
    store dos attributes = No
    dmapi support = No
    browseable = Yes
    blocking locks = Yes
    csc policy = manual
    fake oplocks = No
    locking = Yes
    oplocks = Yes
    level2 oplocks = Yes
    oplock contention limit = 2
    posix locking = Yes
    strict locking = Auto
    share modes = Yes
    dfree cache time = 0
    dfree command =
    copy =
    include = /etc/samba/dhcp.conf
    preexec =
    preexec close = No
    postexec =
    root preexec =
    root preexec close = No
    root postexec =
    available = Yes
    volume =
    fstype = NTFS
    set directory = No
    wide links = Yes
    follow symlinks = Yes
    dont descend =
    magic script =
    magic output =
    delete readonly = No
    dos filemode = No
    dos filetimes = Yes
    dos filetime resolution = No
    fake directory create times = No
    vfs objects =
    msdfs root = No
    msdfs proxy =
    
    [profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    create mask = 0600
    directory mask = 0700
    store dos attributes = Yes
    
    [users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
    
    [groups]
    comment = All groups
    path = /home/groups
    read only = No
    inherit acls = Yes
    
    [printers]
    comment = All Printers
    path = /var/tmp
    create mask = 0600
    printable = Yes
    browseable = No
    
    [print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin, root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775
    
    [Daten]
    path = /daten
    read only = No
    
    [test]
    path = /etc
    
     
  2. Anzeige

    Schau dir mal diese Kategorie an. Dort findest du bestimmt etwas.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
  3. marce

    marce Kaiser

    Dabei seit:
    01.08.2007
    Beiträge:
    1.054
    Zustimmungen:
    8
  4. gnoovy

    gnoovy Eroberer

    Dabei seit:
    20.02.2004
    Beiträge:
    73
    Zustimmungen:
    0
    hi leutz,

    also habe, glaube ich, meine Probleme selbst gelöst. Konnte automatisch die Root-Administratorengruppe der lokalen Windows-Administratorengruppe zuordnen:

    net groupmap add rid=512 ntgroup=“root“ unixgroup=“ntadmin“

    Nach einem Clientneustart konnte ich in der lokalen Administratorengruppe die Gruppe linuxnet.local\root auffinden. Im Gerätemanager hat er mir keine Einschränkungsmeldung gebracht. Hier könnte ich nun auch Hardware hinzufügen / deinstallieren.

    Durch obigen Befehl kann ich auch ganz normal über Computername - Ändern den Client zur Domäne integrieren und muss nicht über Netzwerkkennungen gehen. Habe testweise den Maschinenaccount aus smbpasswd und group entfernt und den Client neu in die Domäne integriert. Keine Fehlermeldungen.

    Nun nur noch eine Frage: Wisst Ihr, ob die lokale Administratorengruppe von Windows XP immer die Rid 512 hat?
     
Thema:

add machine script unter samba opensuse 11

Die Seite wird geladen...

add machine script unter samba opensuse 11 - Ähnliche Themen

  1. Virtual Machine unter KVM verschieben

    Virtual Machine unter KVM verschieben: Ich habe in der Anleitung zur KVM (Kernel-based Virtual Machine) bei ubuntuusers.de und auch an anderen Orten gelesen, dass die image Datei also...
  2. Steam Machines werden ab Oktober ausgeliefert

    Steam Machines werden ab Oktober ausgeliefert: Valve hat bekanntgegeben, dass Steam Machines, Steam Controller und Steam Link ab sofort vorbestellt werden können und ab Oktober ausgeliefert...
  3. Valve: Steam Machine startet erst 2015

    Valve: Steam Machine startet erst 2015: Wie der Hersteller Valve in seinem Blog bekannt gab, wird das Unternehmen den Start des Steam Machine-Projekts auf 2015 verschieben. Betroffen von...
  4. Valve stellt Anbieter der ersten Steam-Machines vor

    Valve stellt Anbieter der ersten Steam-Machines vor: Valve-Chef Gabe Newell hat auf der zur Zeit in Las Vegas stattfindenden CES 2014 die ersten Hersteller der Steam Machines persönlich präsentiert....
  5. Valve verschickt erste Steam-Machines

    Valve verschickt erste Steam-Machines: Wie Valve im Blog des Unternehmens bekannt gab, sind die ersten Prototypen der »Steam-Machines« fertig und werden nun an die ausgewählten Spieler...