Tema: SAMBA DOMENAS
Autorius: Vidas Makauskas
Data: 2008-04-30 12:44:04
Turiu problema jungiant WinxXp prie samba 3.026 PDC. Kaip ir viska atlikau 
pagal
"HOWTO Implement Samba as your PDC" 
http://gentoo-wiki.com/HOWTO_Implement_Samba_as_your_PDC
security = user
domain master = yes
wins support = yes
passdb backend = tdbsam
.....

Bet pries tai keletas nukrypimu.
Rankutemis suvedus "useradd -s /bin/false -d /dev/null vidas$" gaunu klaida, 
kad neteisinga "/dev/null" home direktorija.  Google'je apie tai skurdu. 
Vieninteli ka radau, kad perinstaliavus linux'us si klaida dingo. As 
sukuriau /home/MACHINES ir visus masininius loginus siunciu i ten. Ar tai 
sprendimas? Gal butina /etc/passwd vozotis keiciant i /dev/null?
Manuale nurodyta klaidinga smb.conf eilute "add machine script = 
/usr/sbin/useradd -s /bin/false -d /dev/null %u", nes gale paraleista "$"
------- galu gale turiu ---------
server:/var/log/samba # cat /etc/passwd | grep vidas
vidas:x:1000:513:Vidas Makauskas:/home/vidas:/bin/bash
vidas$:x:1004:99:Machines:/home/MACHINES:/bin/false
Idomu ar galeciau visu masininiu vartotoju uid priskirti prie "999"
-------
server:/var/log/samba # net groupmap list
Domain Users (S-1-5-21-2260957153-3739826334-4001973559-513) -> ntusers
Domain Admins (S-1-5-21-2260957153-3739826334-4001973559-512) -> ntadmins
Domain Guests (S-1-5-21-2260957153-3739826334-4001973559-514) -> nobody

WinXp masinoje ivykdziau:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy 
Objects\LocalMachine\Software\Policies\Microsoft\Windows\System]
"LocalProfile"=dword:00000001

Dar google'je radau, kad reikia pakeisti registruose "0" i "1"
KEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\ControlSet\Services\Netlogon\Parameters\requiresignors
eal

Jungiant WinXp prie domeno ivedu "root" ir password ir gaunu "access 
denied".
Tada ukiskai tikrinu is SERVER jungiantis prie VIDAS:
server:/home/vidas # smbclient -U vidas //VIDAS/DOKUMENTAI
Password:
Domain=[VIDAS] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
smb: \> mkdir 11111111
NT_STATUS_ACCESS_DENIED making remote directory \11111111
------------------
server:/home/vidas # smbclient -U vidas //SERVER/MAINAI
Password:
Domain=[GAIRIJA] OS=[Unix] Server=[Samba 3.0.26a-3.5-1616-SUSE-SL10.3]
smb: \> mkdir 11111
Dirba tvarkingai
------------------
Is WinXp taip par nera problemu prisijungti


Dar loguose yra:
[2008/04/30 12:20:51, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/04/30 12:20:51, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
------------
[2008/04/30 12:19:42, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 192.168.1.115. Error 
Connection reset by peer
[2008/04/30 12:19:42, 0] lib/util_sock.c:send_smb(769)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
------------
[2008/04/30 12:29:14, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
  idmap uid range missing or invalid
  idmap will be unable to map foreign SIDs
[2008/04/30 12:29:14, 0] nsswitch/idmap.c:idmap_alloc_init(735)
  ERROR: Initialization failed for alloc backend, deferred!
Manuale nepamineta apie tai. Ar reikia smb.conf papildyti:
idmap uid = 10000-20000
idmap gid = 10000-20000
Ar "tdbsam" atveju sios reiksmes tinka?

Nei viename manuale neuztikau, kad butu naudojamas "dnsmasq" su DDNS. Gal 
butina pakeisti i "named" ir "dhcp"?

Kokia perspektyva prie SAMBA domeno jungti VISTA?