[Samba] cannot add new machines to domain
Rubin Bennett
rbennett at thatitguy.com
Thu May 29 13:38:01 GMT 2008
On Thu, 2008-05-29 at 15:21 +0200, David Böhm wrote:
>
> Rubin Bennett schrieb:
> > On Thu, 2008-05-29 at 10:21 +0200, David Böhm wrote:
> >> Hi,
> >>
> >> i have running samba with ldap as a PDC. The PDC works fine, except
> >> adding new computer to the domain. The Computer how was added 2-3 Years
> >> ago works fine, but i cannot add new PCs to the domain.
> >>
> >> The samba log says to remove the paramtere 'algorithmic rid base' and
> >> use 'net groupmap add' and 'net setmaxrid'. The command "net setmaxrid"
> >> is not existent.
> >>
> >> For me it is important to add the new PCs to the Domain. So is there any
> >> way to add the PCs on Server side? Or any other workaround - it does not
> >> matter how.
> >>
> >> I hope you can help me! :)
> >>
> >>
> >> log.smb:
> >> [2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072)
> >> 'algorithmic rid base' is set but a passdb backend without
> >> algorithmic RIDs is chosen.
> >> Please map all used groups using 'net groupmap add', set the maximum
> >> used RID using
> >> 'net setmaxrid' and remove the parameter
> >>
> >>
> >> smb.conf:
> >> [global]
> >> workgroup = FAB
> >> server string = zeus
> >> interfaces = 195.72.98.12/255.255.255.240,
> >> 10.14.45.12/255.255.255.0
> >> map to guest = Bad User
> >> passdb backend = ldapsam
> >> algorithmic rid base = 5000
> >> log level = 1
> >> log file = /var/log/log.smb
> >> smb ports = 139
> >> name resolve order = wins hosts bcast lmhosts
> >> time server = Yes
> >> deadtime = 15
> >> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> >> printcap name = cups
> >> add user script = ldapsmb -a -u "%u"
> >> delete user script = ldapsmb -d -u "%u"
> >> add group script = ldapsmb -a -g "%g"
> >> delete group script = ldapsmb -d -g "%g"
> >> add user to group script = ldapsmb -j -u "%u" -g "%g"
> >> delete user from group script = ldapsmb -r -u "%u" -g "%g"
> >> set primary group script = ldapsmb -m -u "%u" -gid "%g"
> >> add machine script = ldapsmb -a -w "%u" -gid 515
> >> logon script = kix32 fab_login.scr
> >> logon path = \\%L\profiles\%U
> >> logon drive = h:
> >> domain logons = Yes
> >> os level = 65
> >> preferred master = Yes
> >> domain master = Yes
> >> wins support = Yes
> >> ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
> >> ldap group suffix = ou=Groups
> >> ldap machine suffix = ou=People
> >> ldap passwd sync = Yes
> >> ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
> >> ldap ssl = no
> >> ldap user suffix = ou=People
> >> admin users = @ntadmin, root
> >> hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45.,
> >> 10.14.43., 10.14.44., 10.10.57.
> >> printing = cups
> >> print command =
> >> lpq command = %p
> >> lprm command = /usr/bin/lprm -P%p %j
> >> veto files = /*.eml/*.nws/riched20.dll/*.{*}/
> >>
> >>
> >> SW:
> >> Opensuse 10.3 64bit
> >> Samba 3.0.26a
> >> Openldap: 2.3.37
> >>
> >>
> >>
> >>
> >> Best regards,
> >>
> >> - David Böhm
> >>
> > I'm guessing that somewhere along the line you upgraded your server and
> > moved your Samba install to the new box?
> >
> > This has happened to me several times and there are a few items in the
> > config that need to be added for later versions of Samba to work as
> > expected.
> >
> > In the global section, add
> > enable privileges = yes
> >
> > And see if that works.
> >
> > HTH, Rubin
> >
>
> Hi,
>
> your supposition is right. There was a upgrade to a new box.
>
> The option you describe is already set. I don't know why it is not
> listed above. Maybe testparam doesn't dump the complete config?
>
> Here is the config with cat! :)
>
>
> Thx for supporting me!
>
No prob :) It didn't show up because it's a default value in later
versions of Samba and as I recall, testparm only outputs non-defaults.
I'm sure we'll get this, although I have to be honest and tell you I
haven't used LDAP (yet) as a backend.
If you run the add machine script as root on the server, does it work
correctly?
Rubin
> best regards,
>
> David
>
> smb.conf:
> # smb.conf is the main samba configuration file. You find a full commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
> # Date: 2002-09-12
> #
> #
> [global]
> workgroup = FAB
> netbios name = zeus
> server string = zeus
> map to guest = Bad User
> encrypt passwords = yes
> enable privileges = yes
>
> passdb backend = ldapsam
> ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
> ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap machine suffix = ou=People
>
> ldap ssl = no
> ldap passwd sync = yes
>
> add user script = ldapsmb -a -u "%u"
> delete user script = ldapsmb -d -u "%u"
> add machine script = ldapsmb -a -w "%u" -gid 515
> add group script = ldapsmb -a -g "%g"
> delete group script = ldapsmb -d -g "%g"
> add user to group script = ldapsmb -j -u "%u" -g "%g"
> delete user from group script = ldapsmb -r -u "%u" -g "%g"
> set primary group script = ldapsmb -m -u "%u" -gid "%g"
>
> algorithmic rid base = 5000
>
> local master = yes
> preferred master = yes
> os level = 65
> time server = Yes
> unix extensions = Yes
> admin users = @ntadmin root
> log level = 1
> log file = /var/log/log.smb
> load printers = yes
> printing = cups
> printcap name = cups
> lprm command = /usr/bin/lprm -P%p %j
> default devmode = yes
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> wins support = yes
> dns proxy = yes
> name resolve order = wins hosts bcast lmhosts
> veto files = /*.eml/*.nws/riched20.dll/*.{*}/
>
> domain master = yes
> domain logons = yes
> logon script = kix32 fab_login.scr
> logon path = \\%L\profiles\%U
> logon drive = h:
>
> hosts allow =
> 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57.
> interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0
>
> deadtime = 15
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> smb ports = 139
>
>
> plain text document attachment (smb.conf)
> # smb.conf is the main samba configuration file. You find a full commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
> # Date: 2002-09-12
> #
> #
> [global]
> workgroup = FAB
> netbios name = zeus
> server string = zeus
> map to guest = Bad User
> encrypt passwords = yes
> enable privileges = yes
>
> passdb backend = ldapsam
> ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
> ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap machine suffix = ou=People
>
> ldap ssl = no
> ldap passwd sync = yes
>
> add user script = ldapsmb -a -u "%u"
> delete user script = ldapsmb -d -u "%u"
> add machine script = ldapsmb -a -w "%u" -gid 515
> add group script = ldapsmb -a -g "%g"
> delete group script = ldapsmb -d -g "%g"
> add user to group script = ldapsmb -j -u "%u" -g "%g"
> delete user from group script = ldapsmb -r -u "%u" -g "%g"
> set primary group script = ldapsmb -m -u "%u" -gid "%g"
>
> algorithmic rid base = 5000
>
> local master = yes
> preferred master = yes
> os level = 65
> time server = Yes
> unix extensions = Yes
> admin users = @ntadmin root
> log level = 1
> log file = /var/log/log.smb
> load printers = yes
> printing = cups
> printcap name = cups
> lprm command = /usr/bin/lprm -P%p %j
> default devmode = yes
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> wins support = yes
> dns proxy = yes
> name resolve order = wins hosts bcast lmhosts
> veto files = /*.eml/*.nws/riched20.dll/*.{*}/
>
> domain master = yes
> domain logons = yes
> logon script = kix32 fab_login.scr
> logon path = \\%L\profiles\%U
> logon drive = h:
>
> hosts allow = 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57.
> interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0
>
> deadtime = 15
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> smb ports = 139
>
--
Rubin Bennett
RB Technologies
http://thatitguy.com
rbennett at thatitguy.com
(802)223-4448
"They that can give up essential liberty to obtain a little
temporary security deserve neither liberty nor safety"
--Benjamin Franklin, Historical Review of Pennsylvania, 1759
More information about the samba
mailing list