[Samba] security = ads: problem join XP Pro?
pgienger at ae-solutions.com
Wed Jun 9 19:24:49 GMT 2004
Are you running any windows servers in your setup or just one samba box
and the clients?
Assuming the latter, which sounds like you unless I'm badly mis-reading
you here, you don't *need* any special DNS entries to make things work.
Perhaps you could attach your smb.conf file? It sounds like your
security parameter is way out of whack, which could be causing your
security = domain
is for when you have a functioning NT network to add this machine to
that holds your login info. I've successfully added a 3.0 machine to a
2.2.x network and then not had to do any passdb setup on it.
security = ads
is for configuring authentication against an existing 2000 (/2003?) AD
network, which you haven't mentioned here.
You probably want (from TOSHaRG):
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
Etienne-Hugues Fortin wrote:
>>Does your DNS server have the following entries:
>>If not it won't work.
>It's the first time I'm seeing this list. I know that XP Pro was asking
>for something like _ldap._tcp.<domainname> but even googling on this
>didn't helped me getting what you just sent.
>I'll add this to my DNS. Just to make sure everything is clear, I have to
>replace the first "fsklwaw.net" with my own domain and then, I'm replacing
>the server.fsklaw.net with my fully qualified hostname for my samba server
>acting as the PDC. Everything else would stay identical. Is that right?
>>_ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
>>_ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389
>>_ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
>>_ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
>>_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV
>>0 100 3268 server.fsklaw.net.
>>600 IN SRV 0 100 389 server.fsklaw.net.
>>gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1
>>42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME
>>_kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88
>>_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN
>>SRV 0 100 88 server.fsklaw.net.
>>_ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net.
>>_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV
>>0 100 389 server.fsklaw.net.
>>_kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
>>_kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100
>>_gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net.
>>_gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268
>>_kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net.
>>_kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
>>_kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net.
>>fsklaw.net. 600 IN A 192.168.61.1
>>gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1
>>Etienne-Hugues Fortin wrote:
>>>I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server
>>>a PDC. At first, I had some problem with the user administrator. I've
>>>then found the workaround a few days ago. Now that this is fixed, I'm
>>>trying to join a XP Pro workstation to my domain. I've done multiple
>>>and never succeeded. I'm always getting XP Pro to complain about not
>>>being able to find a domain and talking about a SRV entry in my DNS
>>>is dynamic as required when using dhcp at the same time).
>>>So, this morning, in a desesperate attempt, I changed security = ads to
>>>security = domain and retry to join the domain from XP Pro. To my
>>>surprise, it worked fine. I've reread the documentation and it's still
>>>saying that we should use security = domain when our server is acting as
>>>BDC, not a PDC.
>>>I still have to do more test tonight to see if everything is working but
>>>right now, I'm more curious to understand why my samba server (which is
>>>now acting as a BDC) is accepting a join request while it's not when it's
>>>acting as a PDC. Is that normal? Should I keep my server in security =
>>To unsubscribe from this list go to the following URL and read the
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba