Centos 5.8 Samba PDC, Win7 joining issues
Brett Rowley
browley at owneriq.com
Sun Jul 1 11:14:41 MDT 2012
Hi All,
I have been having quite a time getting Windows 7 machines to join my
Samba + LDAP server. Running Centos 5.8 with Samba 3.5.10. I was able
to set it up initially as a BDC and vampire our users and computers from
out existing Windows 2003 domain. So I'm ready to switch it to PDC
mode. I've followed the Samba chapter 9 guide and ended up with the PDC
config below:
[global]
workgroup = IQ
server string = DC1
netbios name = DC1
passdb backend = ldapsam:ldap://localhost
client NTLMv2 auth = Yes
log level = 256
syslog = 0
log file = /var/log/samba/%m
max log size = 0
smb ports = 139 445
name resolve order = dns wins lmshosts hosts
add user script = /usr/sbin/smbldap-useradd -W '%u'
add group script = /usr/sbin/smbldap-groupadd '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -g '%g' '%u'
passwd program = /usr/sbin/smbldap-passwd %u
logon script = scripts\logon.cmd
logon path = \\%L\profiles\%U
logon drive = X:
logon home = \\%L\%U
domain logons = Yes
domain master = yes
#wins server = 192.168.101.17
wins support= yes
ldap suffix = dc=iq,dc=local
ldap admin dn = cn=root,dc=iq,dc=local
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = yes
ldap ssl = no
ldap timeout = 20
ldap user suffix = ou=People
idmap backend = ldap:ldap://localhost
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = Yes
ea support = Yes
map acl inherit = Yes
First I added the machine as a user, machine as a user, ran the
smbldap-useradd script and added the machine to my machines group (while
keeping the $ at the end of the name). I have made the regedits from
the Samba Windows 7 wiki. I have even gone so far as to put the SRV
records in my local DNS zones. At that point, it still fails saying
that the query returned but "a domain controller for iq.com could not be
contacted". Digging further I found
http://onemansjourneyintolinux.blogspot.com/2008/06/joining-samba-domain.html,
where it seems the solution is to add the NetBios option to my DHCP
server so that NetBios can finish the resolution for the domain
controller query. Here's my problem: my router is my DHCP server and we
cannot move it to the Samba PDC. So, given that, I've tried enabling
NetBIOS on my Win7 machine gone into the network adapter settings and
pointed it at my Samba server. I then fired up wireshark. It looks
like the NetBios request is not looking for the DC1 name above, it's
looking for iq.com. Therefore, the NetBios query fails. So here's my
question: how would I go about manually adding a name to resolve through
Samba NetBios? Would it be through LMSHosts file? Otherwise, is there
another way to go about this without NetBios? Thanks in advance.
More information about the samba-technical
mailing list