problems with samba as domin member in rpc samba domain

Rowland Penny repenny241155 at gmail.com
Fri Mar 11 13:29:16 UTC 2016 

On 11/03/16 12:40, Bartłomiej Solarz-Niesłuchowski wrote:
> W dniu 2016-03-11 o 13:15, Rowland Penny pisze:
>> On 11/03/16 11:38, Bartłomiej Solarz-Niesłuchowski wrote:
>>> Good morning!
>>>
>>> I have problems with domain (fedora 23 x64).
>>>
>>> Let's have:
>>> samba 4.3.4 as domain master (NT4 domain! - no ADS)
>>> samba 4.3.4 as domain member
>>>
>>> if I use:  net rpc testjoin
>>> no answer
>>> if i try to join domain:
>>>  net join -U root
>>> Enter root's password:
>>> Failed to join domain: failed to find DC for domain WSISIZ.EDU.PL
>>>
>>> BUT if on domain member I downgrade samba to version 4.2.9
>>> everything start working.
>>>
>>> Does somebody saw this problem?
>>>
>>> Best Regards
>>>
>>
>>
>> Can we please see your smb.conf files ?
>>
>> Rowland
>>
>>
> domain server:
> [global]
>          unix charset = UTF8
>          workgroup = WSISIZ.EDU.PL
>          allow trusted domains = No
>          passdb backend = ldapsam:"ldaps://mythodea.wsisiz.edu.pl/ 
> ldaps://portraits.wsisiz.edu.pl/"
>          check password script = /usr/local/sbin/crackcheck -s -d 
> /usr/lib64/cracklib_dict
>          map untrusted to domain = Yes
>          max log size = 1650065408
>          debug pid = Yes
>          debug uid = Yes
>          server max protocol = SMB2
>          max protocol = SMB2
>          protocol = SMB2
>          time server = Yes
>          unix extensions = No
>          deadtime = 60
>          hostname lookups = Yes
>          printcap cache time = 600
>          printcap name = cups
>          add user script = /usr/local/sbin/smbldap-useradd -m "%u"
>          add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>          add user to group script = /usr/local/sbin/smbldap-groupmod 
> -m "%u" "%g"
>          delete user from group script = 
> /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
>          set primary group script = /usr/local/sbin/smbldap-usermod -g 
> "%g" "%u"
>          add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w 
> "%u"
>          logon script = login.bat
>          logon drive = z:
>          logon home = \\%N\%U\profile
>          domain logons = Yes
>          os level = 128
>          preferred master = Yes
>          domain master = Yes
>          wins proxy = Yes
>          wins support = Yes
>          ldap admin dn = cn=Manager,dc=wsisiz,dc=edu,dc=pl
>          ldap delete dn = Yes
>          ldap group suffix = ou=Groups
>          ldap idmap suffix = ou=Idmap
>          ldap machine suffix = ou=Computers
>          ldap passwd sync = yes
>          ldap suffix = dc=wsisiz,dc=edu,dc=pl
>          ldap ssl = no
>          ldap user suffix = ou=Users
>          remote browse sync = oxygene.ibspan.waw.pl antarctica china 
> spiral direct odyssey
>          winbind use default domain = Yes
>          idmap config * : backend = tdb
>          acl allow execute always = Yes
>          create mask = 0644
>          inherit acls = Yes
>          hosts allow = 127. 10.100.0.0/255.255.0.0 
> 213.135.34.0/255.255.255.0 213.135.44.0/255.255.252.0 
> 213.135.48.0/255.255.254.0 2001:1a68:a::/48
>          ea support = Yes
>          map acl inherit = Yes
>          cups options = raw
>          hide dot files = No
>          store dos attributes = Yes
>          wide links = Yes
>
> domain member:
> [root at beabourg SRPMS]# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[private]"
> Processing section "[reklama]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
>          dos charset = CP852
>          unix charset = UTF8
>          workgroup = WSISIZ.EDU.PL
>          security = DOMAIN
>          map to guest = Bad User
>          username map = /etc/samba/smbusers
>          max log size = 500000
>          time server = Yes
>          deadtime = 10
>          keepalive = 10
>          hostname lookups = Yes
>          os level = 32
>          local master = No
>          wins server = oceanic.wsisiz.edu.pl
>          ldap ssl = no
>          winbind use default domain = Yes
>          winbind trusted domains only = Yes
>          idmap config * : backend = tdb
>          acl allow execute always = Yes
>          create mask = 0644
>          hosts allow = 213.135.44.0/255.255.252.0 
> 213.135.48.0/255.255.254.0 213.135.34. 127. 2001:1a68:a::/48
>          hide dot files = No
>
>

Hmm, the workgroup name is supposed to be a single word, without 
punctuation, no more than 15 characters and in uppercase.
Your workgroup name is 'WSISIZ.EDU.PL' , this could be mistaken for a 
realm name and is possibly your problem.
Can you try again, but change the workgroup name to just 'WSISIZ' first.

Rowland

More information about the samba-technical mailing list