Confused [Was: Upgrade from S3 to a Samba4 DC [with LDAPSAM]]
Andrew Bartlett
abartlet at samba.org
Mon Oct 31 15:38:18 MDT 2011
On Mon, 2011-10-31 at 13:58 -0400, Adam Tauno Williams wrote:
> So I have an S4 instance I've built from an upgrade of a Samba 3
> LDAPSAM domain.
>
> I took an XP workstation off the production network, created the
> Samba4 instance, brought it up on its own network and connected the XP
> workstation. Attempting to login on the XP workstation and it says
> "domain unavailable". Hrmm....
>
> I can get tickets as an 'upgraded' domain user.
> kinit adam at MICORE.US
>
> DNS is working.
> host -t SRV _ldap._tcp.micore.us.
> host -t SRV _kerberos._udp.micore.us.
> host -t A barbel.micore.us.
>
> But -
> Ignoring unknown parameter "server role"
> SID for domain BARBEL is: S-1-5-21-2037442776-3290224752-88127236
> barbel:~ # net getdomainsid
> Ignoring unknown parameter "server role"
> SID for local machine BARBEL is: S-1-5-21-2037442776-3290224752-88127236
> Could not fetch domain SID
> ... should the domain SID be fetchable? Is the upgraded domain
> somehow disabled?
The two errors you list here are actually very closely related. We need
to support the 'server role' parameter in the source3 loadparm code, so
that the 'net' command knows it is a DC, and so does the right thing in
fetching the domain SID (which is to ask sam.ldb).
It should not be a hard job - systems without a 'server role' set with
simply use 'auto' which will work it out using the existing samba3
'domain logons/domain master' combinations. Amitay or I will try to get
to it soon.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list