[NTLUG:Discuss] Making a spam shield server

. Daniel xdesign at hotmail.com
Tue Feb 13 11:57:02 CST 2007 

Well, I added the information from your generic config to my own, changing 
names where appropriate and such.  I'm doing all this work from Webmin.  
(Is that a bad idea?  I dunno.  I just edited the conf file by hand 
anyway.)  But when I did the "bind to domain" thing, I got the following 
back:

---
Binding to domain with command /usr/bin/net join -U Administrator ..

[2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
  Unknown parameter encountered: "usershare allow guests"
[2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
  Ignoring unknown parameter "usershare allow guests"
[2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
  Unknown parameter encountered: "usershare max shares"
[2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
  Ignoring unknown parameter "usershare max shares"
[2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
  Unknown parameter encountered: "winbind refresh tickets"
[2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
  Ignoring unknown parameter "winbind refresh tickets"
[2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
  Unknown parameter encountered: "winbind offline logon"
[2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
  Ignoring unknown parameter "winbind offline logon"
Administrator's password: 
[2007/02/13 11:43:45, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password Administrator at HUCKABEE-INC.COM failed: Cannot 
find KDC for requested realm
[2007/02/13 11:43:45, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm
Joined domain HUCK-FW.

.. failed! See the output above for the reason why.
---

Webmin reports I have Samba version 3.010149 working.

I'm assuming I need a newer version of samba maybe?  Or maybe there's some 
patch needed since the winbind options mentioned above are not recognized.  


After commenting out the lines that were unrecognized and did "Bind to 
domain" again, the following resulted:

---
Binding to domain with command /usr/bin/net join -U Administrator ..

Administrator's password: 
[2007/02/13 11:53:54, 0] libads/kerberos.c:ads_kinit_password(146)
  kerberos_kinit_password Administrator at HUCKABEE-INC.COM failed: Cannot 
find KDC for requested realm
[2007/02/13 11:53:54, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Cannot find KDC for requested realm
Joined domain HUCK-FW.

.. failed! See the output above for the reason why.
---

So I guess the big question is how to get over this hurdle.


>. Daniel wrote:
> > By all means, ZAP!
> >
>
>I have made the smb.conf file pretty generic... I'll post another with
>the script that automatically creates the home directory if
>it's not there already when the user accesses their share for the
>first time.  Alternatively there is a pam modules that makes
>the user's home dir the first time they log in (e.g. ssh).
>


>
>[global]
>	workgroup = TEN
>	realm = THEENDLESSNOW.COM
>	security = ADS
>	map to guest = Bad User
>	username map = /etc/samba/smbusers
>	printcap name = cups
>	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s 
/bin/false %m$
>	logon path = \\%L\profiles\.msprofile
>	logon drive = P:
>	logon home = \\%L\%U\.9xprofile
>	preferred master = No
>	local master = No
>	domain master = No
>	wins server = eth0:192.168.1.1
>	usershare allow guests = Yes
>	usershare max shares = 100
>	idmap uid = 10000-20000
>	idmap gid = 10000-20000
>	template homedir = /raid1/home/%D/%U
>	template shell = /bin/bash
>	winbind use default domain = Yes
>	winbind refresh tickets = yes
>	cups options = raw
>	include = /etc/samba/dhcp.conf
>	winbind offline logon = yes
>
>[homes]
>	comment = Home Directories
>	path = /raid1/home/%D/%S
>	valid users = %S, %D%w%S
>	read only = No
>	inherit acls = Yes
>	browseable = No
>	root preexec = /usr/local/sbin/mkwinbind_home "%D" "%u" "%g" "%H"
>
>[profiles]
>	comment = Network Profiles Service
>	path = %H
>	read only = No
>	create mask = 0600
>	directory mask = 0700
>	store dos attributes = Yes
>
>[users]
>	comment = All users
>	path = /raid1/home
>	read only = No
>	inherit acls = Yes
>	veto files = /aquota.user/groups/shares/
>
># [groups]
>#	comment = All groups
>#	path = /raid1/home/groups
>#	read only = No
>#	inherit acls = Yes
>
># [printers]
>#	comment = All Printers
>#	path = /var/tmp
>#	create mask = 0600
>#	printable = Yes
>#	browseable = No
>#
># [print$]
>#	comment = Printer Drivers
>#	path = /var/lib/samba/drivers
>#	write list = @ntadmin, root
>#	force group = ntadmin
>#	create mask = 0664
>#	directory mask = 0775


>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
いよいよVista発売!メッセンジャーもアップグレードしよう 
http://messenger.live.jp/vista/

More information about the Discuss mailing list