[Samba] Samba beta3 w/LDAP as a PDC

Marlys Nelson Marlys.A.Nelson at uwrf.edu
Mon Jul 28 17:59:06 GMT 2003 

I'm trying to setup a samba PDC and I seem to be missing a few pieces in the 
puzzle.  I've reached the point where I've tried joining an XP workstation to 
the domain (yes, I've applied 3 changes to the registry that have been 
mentioned numerous times on the list).  The domain join appears to work fine - 
I get back a nice box from the Windows machine welcoming me to the domain.  I 
then reboot and try to logon, and this is what is failing with an error 
"Procedure number out of range".  There never is any attempt to retrieve my 
logon info from the LDAP server so I think something is still going wrong with 
the machine account.

I was very unsure exactly how to setup the sambaSamAccount objectclass for the 
machine account so I'm thinking this might be where I've gone wrong.  The docs 
for the latest schema don't seem to exist yet, and what I've found seem to 
assume more Windows knowledge on SIDs and RIDs than I have (which is zero).

I have a working LDAP (SunOne aka IPlanet) with posix accounts so I added a 
posixAccount to use as the machine account (ns-team-02$ in my case). When I 
try to add the sambaSamAccount, I must enter a value for sambaSID or there is 
an objectclass violation but I really don't know what this should be.  I've 
tried using something like this 
'S-1-5-21-4229109036-739374524-219139532-1568', where the last '1568' is based 
on the formula 2*uidNumber+1000.  The 'Samba (v.3) PDC LDAP howto' calls the 
'S-1-5-21' part 'NT non-unique IDs'. Is this what I want for a machine account?

Also, I don't understand how the sambaPrimaryGroupSID relates to a posixGroup 
entry, nor what, if anything, I should be doing with sambaGroupMapping 
objectclass.  This has a couple of required attributes, sambaSID again and 
sambaGroupType, (which I haven't found any docs on).  At this point, I've 
ignored that, which may or may not be causing me my problems.

Any enlightenment that anyone could share on how the various SID/RID 
attributes in the v3.0 samba schema are meant to work, I'd really appreciate it!

-- 
Marlys A. Nelson                      Sr. Network Specialist
Information Technology Services       Network Services
University of Wisconsin - River Falls 715/425-4357
410 South Third Street                Email: Marlys.A.Nelson at uwrf.edu
River Falls  WI  54022                http://www.uwrf.edu/

More information about the samba mailing list