[NTLUG:Discuss] Making a spam shield server

Chris Cox cjcox at acm.org
Tue Feb 13 13:11:57 CST 2007 

. Daniel wrote:
> Well, I added the information from your generic config to my own, changing 
> names where appropriate and such.  I'm doing all this work from Webmin.  
> (Is that a bad idea?  I dunno.  I just edited the conf file by hand 
> anyway.)  But when I did the "bind to domain" thing, I got the following 
> back:

For some of those options, you may need a newer samba/winbind....
perhaps there are some compilation options that aren't there as
well??).  Not sure.  I just use the stuff that comes with
SUSE (SLES or openSUSE).

> 
> ---
> Binding to domain with command /usr/bin/net join -U Administrator ..
> 
> [2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
>   Unknown parameter encountered: "usershare allow guests"
> [2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
>   Ignoring unknown parameter "usershare allow guests"
> [2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
>   Unknown parameter encountered: "usershare max shares"
> [2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
>   Ignoring unknown parameter "usershare max shares"
> [2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
>   Unknown parameter encountered: "winbind refresh tickets"
> [2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
>   Ignoring unknown parameter "winbind refresh tickets"
> [2007/02/13 11:43:45, 0] param/loadparm.c:map_parameter(2443)
>   Unknown parameter encountered: "winbind offline logon"
> [2007/02/13 11:43:45, 0] param/loadparm.c:lp_do_parameter(3131)
>   Ignoring unknown parameter "winbind offline logon"
> Administrator's password: 
> [2007/02/13 11:43:45, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password Administrator at HUCKABEE-INC.COM failed: Cannot 
> find KDC for requested realm
> [2007/02/13 11:43:45, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Cannot find KDC for requested realm
> Joined domain HUCK-FW.
> 
> .. failed! See the output above for the reason why.
> ---
> 
> Webmin reports I have Samba version 3.010149 working.
> 
> I'm assuming I need a newer version of samba maybe?  Or maybe there's some 
> patch needed since the winbind options mentioned above are not recognized.  
> 
> 
> After commenting out the lines that were unrecognized and did "Bind to 
> domain" again, the following resulted:
> 
> ---
> Binding to domain with command /usr/bin/net join -U Administrator ..
> 
> Administrator's password: 
> [2007/02/13 11:53:54, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password Administrator at HUCKABEE-INC.COM failed: Cannot 
> find KDC for requested realm
> [2007/02/13 11:53:54, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Cannot find KDC for requested realm
> Joined domain HUCK-FW.
> 
> .. failed! See the output above for the reason why.
> ---
> 
> So I guess the big question is how to get over this hurdle.
> 
> 
>> . Daniel wrote:
>>> By all means, ZAP!
>>>
>> I have made the smb.conf file pretty generic... I'll post another with
>> the script that automatically creates the home directory if
>> it's not there already when the user accesses their share for the
>> first time.  Alternatively there is a pam modules that makes
>> the user's home dir the first time they log in (e.g. ssh).
>>
> 
> 
>> [global]
>> 	workgroup = TEN
>> 	realm = THEENDLESSNOW.COM
>> 	security = ADS
>> 	map to guest = Bad User
>> 	username map = /etc/samba/smbusers
>> 	printcap name = cups
>> 	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s 
> /bin/false %m$
>> 	logon path = \\%L\profiles\.msprofile
>> 	logon drive = P:
>> 	logon home = \\%L\%U\.9xprofile
>> 	preferred master = No
>> 	local master = No
>> 	domain master = No
>> 	wins server = eth0:192.168.1.1
>> 	usershare allow guests = Yes
>> 	usershare max shares = 100
>> 	idmap uid = 10000-20000
>> 	idmap gid = 10000-20000
>> 	template homedir = /raid1/home/%D/%U
>> 	template shell = /bin/bash
>> 	winbind use default domain = Yes
>> 	winbind refresh tickets = yes
>> 	cups options = raw
>> 	include = /etc/samba/dhcp.conf
>> 	winbind offline logon = yes
>>
>> [homes]
>> 	comment = Home Directories
>> 	path = /raid1/home/%D/%S
>> 	valid users = %S, %D%w%S
>> 	read only = No
>> 	inherit acls = Yes
>> 	browseable = No
>> 	root preexec = /usr/local/sbin/mkwinbind_home "%D" "%u" "%g" "%H"
>>
>> [profiles]
>> 	comment = Network Profiles Service
>> 	path = %H
>> 	read only = No
>> 	create mask = 0600
>> 	directory mask = 0700
>> 	store dos attributes = Yes
>>
>> [users]
>> 	comment = All users
>> 	path = /raid1/home
>> 	read only = No
>> 	inherit acls = Yes
>> 	veto files = /aquota.user/groups/shares/
>>
>> # [groups]
>> #	comment = All groups
>> #	path = /raid1/home/groups
>> #	read only = No
>> #	inherit acls = Yes
>>
>> # [printers]
>> #	comment = All Printers
>> #	path = /var/tmp
>> #	create mask = 0600
>> #	printable = Yes
>> #	browseable = No
>> #
>> # [print$]
>> #	comment = Printer Drivers
>> #	path = /var/lib/samba/drivers
>> #	write list = @ntadmin, root
>> #	force group = ntadmin
>> #	create mask = 0664
>> #	directory mask = 0775
> 
> 
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
> 
> _________________________________________________________________
> いよいよVista発売!メッセンジャーもアップグレードしよう 
> http://messenger.live.jp/vista/ 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
>

More information about the Discuss mailing list