[Samba] Samba member server creates sambaDomainName LDAP entry

Alex Domoradov alex.hha at gmail.com
Sun Jan 29 05:45:17 MST 2012 

I have the following box setup as a file server

# cat /etc/redhat-release
CentOS release 6.2 (Final)

# uname -r
2.6.32-220.4.1.el6.x86_64

# rpm -qa | grep samba
samba-3.5.10-114.el6.x86_64
samba-winbind-clients-3.5.10-114.el6.x86_64
samba-client-3.5.10-114.el6.x86_64
samba-winbind-3.5.10-114.el6.x86_64
samba-common-3.5.10-114.el6.x86_64

I have created a Domain Member Server for a "NT4 style" Samba domain with
an LDAP backend. I have PDC(samba-3.4.15+LDAP) installed on CentOS-5.7.

After joining the domain, the member server creates a sambaDomainName entry
in LDAP that I don't think should be there.

sambaDomainName=FS2

Where FS2 is the netbios name of the domain member server.

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[install]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
dos charset = cp866
unix charset = utf8
display charset = utf8
workgroup = W3
server string = File server 2
security = DOMAIN
passdb backend = ldapsam:"ldap://pdc.w3.lan/"
client NTLMv2 auth = Yes
log level = 3
log file = /var/log/samba/samba.log
max log size = 50000
name resolve order = wins bcast hosts
deadtime = 15
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
load printers = No
printcap name = /dev/null
disable spoolss = Yes
show add printer wizard = No
os level = 8
lm announce = No
local master = No
domain master = No
dns proxy = No
wins server = 192.168.210.104
ldap admin dn = "cn=root,dc=w3,dc=lan"
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=w3,dc=lan
ldap ssl = no
ldap user suffix = ou=users
host msdfs = No
idmap backend = ldap:"ldap://pdc.w3.lan/"
idmap uid = 50000-500000
idmap gid = 50000-500000
winbind trusted domains only = Yes

[install]
comment = Soft deployment
path = /data/install/
valid users = @W3\w3-install
write list = adomoradov


All test on the domain member server works fine

# wbinfo -p
Ping to winbindd succeeded

# wbinfo -t
checking the trust secret for domain W3 via RPC calls succeeded

# wbinfo -u | head -3
root
nobody
adomoradov

# wbinfo -g | head -3
domain admins
domain users
domain guests

# id adomoradov
uid=1017(adomoradov) gid=512(Domain Admins) groups=512(Domain
Admins),513(Domain Users),1027(w3-intdev),1336(w3-svn),1338(w3j-intdev)

# wbinfo -a adomoradov%1234567
plaintext password authentication succeeded
challenge/response password authentication succeeded

Why does my domain member server create a sambaDomainName entry in LDAP?

More information about the samba mailing list