[Samba] security = ads: problem join XP Pro?

Wed Jun 9 18:54:38 GMT 2004

Does your DNS server have the following entries:
If not it won't work.

_ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
_ldap._tcp.d8888ddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1
42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net.
_kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
_ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
_kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
_kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
_gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
_gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
_kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
_kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
_kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
fsklaw.net. 600 IN A 192.168.61.1
gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1

Etienne-Hugues Fortin wrote:

>Hi,
>
>I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as
>a PDC.  At first, I had some problem with the user administrator.  I've
>then found the workaround a few days ago.  Now that this is fixed, I'm
>trying to join a XP Pro workstation to my domain.  I've done multiple test
>and never succeeded.  I'm always getting XP Pro to complain about not
>being able to find a domain and talking about a SRV entry in my DNS (which
>is dynamic as required when using dhcp at the same time).
>
>So, this morning, in a desesperate attempt, I changed security = ads to
>security = domain and retry to join the domain from XP Pro.  To my
>surprise, it worked fine.  I've reread the documentation and it's still
>saying that we should use security = domain when our server is acting as a
>BDC, not a PDC.
>
>I still have to do more test tonight to see if everything is working but
>right now, I'm more curious to understand why my samba server (which is
>now acting as a BDC) is accepting a join request while it's not when it's
>acting as a PDC.  Is that normal?  Should I keep my server in security =
>domain mode?
>
>Thank you.
>
>
>Etienne-Hugues Fortin
>  
>