[Samba] Samba member server creates sambaDomainName LDAP entry
Alex Domoradov
alex.hha at gmail.com
Sun Jan 29 14:08:13 MST 2012
Thanks Andrew, I have removed passdb backend from smb.conf and deleted all
tdb files on the member server. I again rejoined member server to the
domain. After that all works fine
# net rpc join -U adomoradov MEMBER
Enter adomoradov's password:
Joined domain W3.
# smbpasswd -w 1234567
Setting stored password for "cn=root,dc=w3,dc=lan" in secrets.tdb
# net getdomainsid
SID for local machine FS2 is: S-1-5-21-734847482-1323587187-1959668561
SID for domain W3 is: S-1-5-21-250625134-237382211-2379110221
# net rpc info -U adomoradov
Enter adomoradov's password:
Domain Name: W3
Domain SID: S-1-5-21-250625134-237382211-2379110221
Sequence number: 1327870393
Num users: 398
Num domain groups: 39
Num local groups: 0
# ldapsearch -H ldap://pdc.w3.lan/ -LLL -x -b 'dc=w3,dc=lan'
'objectClass=sambaDomain'
dn: sambaDomainName=W3,dc=w3,dc=lan
sambaRefuseMachinePwdChange: 0
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaSID: S-1-5-21-250625134-237382211-2379110221
sambaDomainName: W3
sambaLockoutDuration: 15
sambaLockoutObservationWindow: 10
sambaLockoutThreshold: 0
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaMinPwdAge: 0
sambaForceLogoff: -1
sambaNextRid: 1281
sambaAlgorithmicRidBase: 1000
gidNumber: 1353
sambaMaxPwdAge: -1
sambaPwdHistoryLength: 0
uidNumber: 1878
On Sun, Jan 29, 2012 at 10:31 PM, Andrew Bartlett <abartlet at samba.org>wrote:
> On Sun, 2012-01-29 at 14:45 +0200, Alex Domoradov wrote:
> > I have the following box setup as a file server
>
> > After joining the domain, the member server creates a sambaDomainName
> entry
> > in LDAP that I don't think should be there.
> >
> > sambaDomainName=FS2
> >
> > Where FS2 is the netbios name of the domain member server.
>
> > security = DOMAIN
> > passdb backend = ldapsam:"ldap://pdc.w3.lan/"
>
> This is the why the entry is created. You have pointed your member
> server at the LDAP backend of the DC. The member server started to
> write it's own information there. Simply remove this line and use a
> local passdb for the local users - communication between Samba member
> servers and Samba3 DCs is not over LDAP.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
>
More information about the samba
mailing list