Administrace komentářů

Samba je skvělý SW, bohužel mám pocit, že je se třeba sžít s každou používanou verzí. Používám podobně konfigurovaný server s verzí samby 3.5.6 na Debianu Lenny jen Idmap mam na tdb (žádná zmínka v smb.conf). Winbind by neměl hrát roli v rozdílu mezi Windows 7 a XP, ostatně v logu máte pouze warning. Osobně bych problém spíš očekával ve jmenných servisech (DNS, nmb). Přiložím vám sem můj fungující smb.conf, třeba vám to pomůže. Účty v LDAP včetně počítačových vždy vytvářím předem přes webové rozhraní pomocí ldap account manageru.

# Global parameters
[global]
	workgroup = MELOUNY
	netbios name = HRACH
	security = user
	enable privileges = yes
	interfaces = eth0, lo
	username map = /etc/samba/smbusers
	server string = hrach Samba
	#security = ads
	encrypt passwords = Yes
	#pam password change = no
	obey pam restrictions = No


	# method 2:
	unix password sync = yes
	ldap passwd sync = no
	passwd program = /usr/sbin/smbldap-passwd -u "%u"
	passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

	log level = 0
	syslog = 0
	log file = /var/log/samba/log.%U
	max log size = 100000
	time server = Yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	mangling method = hash2
;	Dos charset = 850
;	Unix charset = LOCALE

	logon script = logon.bat
	logon drive = H:
        logon home = 
        logon path = 

	domain logons = Yes
	domain master = Yes
	os level = 65
	preferred master = Yes
	wins support = yes
	# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
	passdb backend = ldapsam:"ldap://127.0.0.1/"
	ldap admin dn = cn=admin,dc=melouny,dc=eu
	ldap ssl = Off
	ldap suffix = dc=melouny,dc=eu
        ldap group suffix = ou=Groups
        ldap user suffix = ou=People
        ldap machine suffix = ou=Computers
	#ldap idmap suffix = ou=Idmap
        add user script = /usr/sbin/smbldap-useradd -m "%u"
        #ldap delete dn = Yes
        delete user script = /usr/sbin/smbldap-userdel "%u"
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
        #delete group script = /usr/sbin/smbldap-groupdel "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

	# printers configuration
	load printers = Yes
	create mask = 0640
	directory mask = 0750
	#force create mode = 0640
	#force directory mode = 0750
	nt acl support = No
	printing = cups
	printcap name = cups
	deadtime = 10
	guest account = nobody
	map to guest = Bad User
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
	show add printer wizard = yes
	; to maintain capital letters in shortcuts in any of the profile folders:
	preserve case = yes
	short preserve case = yes
	case sensitive = no

[netlogon]
	path = /home/netlogon/
	browseable = No
	read only = yes

[profiles]
	path = /home/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	browseable = No
	guest ok = Yes
	profile acls = yes
	csc policy = disable
	nt acl support = yes
	invalid users = secur
	# next line is a great way to secure the profiles 
	#force user = %U 
	# next line allows administrator to access all profiles 
	#valid users = %U "Domain Admins"

[printers]
        comment = Network Printers
        path = /var/spool/samba
        browseable = No
        guest ok = yes 
        read only  = Yes
        printable = Yes
	use client driver = Yes

[print$]
        path = /home/printers
        guest ok = No
        browseable = Yes
        read only = Yes
        valid users = @"Print Operators"
        write list = @"Print Operators"
        create mask = 0664
        directory mask = 0775

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[public]
comment = testACL
path=/home/public
guest ok = yes
read only = No
browseable = yes
create mode = 0664
directory mask = 0775
nt acl support = yes

[securdata]
comment = Uctujeme
path=/home/Nehoda
read only = no
create mask = 0660
directory mask = 0770
force group = securg
browseable = Yes
guest ok = Yes
valid users = @securg,secur,spravce
nt acl support = yes