[Samba] Unable to contact RPC server on a new DC
Andrey Repin
anrdaemon at yandex.ru
Tue Nov 7 18:39:57 UTC 2023
Greetings, Luis Peromarta!
> • You should not use idmap declarations in a DC. Domain Controllers use
> idmap.ldb for id-mapping, which is only used on a DC.
> • If using ‘ad' idmap in the AD, you should only use this on the DC:
The thing is, this is a literal copy of the DC1 configuration, which was
working for years, but I had to discontinue it (very old 32-bit base OS,
unable to upgrade).
> idmap_ldb:use rfc2307 = yes
> • I think your workgroup name should be ADS, not DARKDRAGON.
Not related. You can give them any names you like.
> • You don’t need all the winbind lines neither.
> • Your templates declarations are the default for non-ad idmapping. Login
> shell and Unix home directory path can be stored in the RFC2307 attributes when using ‘ad’ idmap.
To my knowledge, most of these settings either irrelevant or default on DC.
I mostly keep them for self-reference.
> I’d start with a simpler configuration like this:
> # Global parameters
> [global]
> dns forwarder = 192.168.1.12
> netbios name = DC2
> realm = ADS.DARKDRAGON.LAN
> server role = active directory domain controller
> workgroup = ADS
> idmap_ldb:use rfc2307 = yes
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
> [netlogon]
> path = /var/lib/samba/sysvol/mad.mater.int/scripts
> read only = No
Will try if there are no better ideas.
--
With best regards,
Andrey Repin
Tuesday, November 7, 2023 21:33:35
Sorry for my terrible english...
More information about the samba
mailing list