[Samba] security = ads: problem join XP Pro?
efortin at fs01.cyberspicace.com
Wed Jun 9 19:06:37 GMT 2004
> Does your DNS server have the following entries:
> If not it won't work.
It's the first time I'm seeing this list. I know that XP Pro was asking
for something like _ldap._tcp.<domainname> but even googling on this
didn't helped me getting what you just sent.
I'll add this to my DNS. Just to make sure everything is clear, I have to
replace the first "fsklwaw.net" with my own domain and then, I'm replacing
the server.fsklaw.net with my fully qualified hostname for my samba server
acting as the PDC. Everything else would stay identical. Is that right?
> _ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
> _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389
> _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
> _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
> _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV
> 0 100 3268 server.fsklaw.net.
> 600 IN SRV 0 100 389 server.fsklaw.net.
> gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1
> 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME
> _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN
> SRV 0 100 88 server.fsklaw.net.
> _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV
> 0 100 389 server.fsklaw.net.
> _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
> _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100
> 88 server.fsklaw.net.
> _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
> _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268
> _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
> _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
> _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
> fsklaw.net. 600 IN A 192.168.61.1
> gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1
> Etienne-Hugues Fortin wrote:
>>I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server
>>a PDC. At first, I had some problem with the user administrator. I've
>>then found the workaround a few days ago. Now that this is fixed, I'm
>>trying to join a XP Pro workstation to my domain. I've done multiple
>>and never succeeded. I'm always getting XP Pro to complain about not
>>being able to find a domain and talking about a SRV entry in my DNS
>>is dynamic as required when using dhcp at the same time).
>>So, this morning, in a desesperate attempt, I changed security = ads to
>>security = domain and retry to join the domain from XP Pro. To my
>>surprise, it worked fine. I've reread the documentation and it's still
>>saying that we should use security = domain when our server is acting as
>>BDC, not a PDC.
>>I still have to do more test tonight to see if everything is working but
>>right now, I'm more curious to understand why my samba server (which is
>>now acting as a BDC) is accepting a join request while it's not when it's
>>acting as a PDC. Is that normal? Should I keep my server in security =
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba