[Samba] Re: samba Version 3.0.5pre1
timothy_jordan at labor.state.ak.us
Fri May 28 19:42:07 GMT 2004
Buchan, I'm sending this to the samba list also. I'm hoping someone can
pick out my config error - if that is what my problem is...
On Fri, 2004-05-28 at 11:16, Buchan Milne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Tim Jordan wrote:
> | Is this package OK to use? I started building yesterday and did not
> | notice that it moved from 3.0.4 to 3.0.5.
> I haven't used it much myself yet ... been too busy with real work ...
> but we need to get an update out, so I wanted some testing.
I uderstand, this is the first time this week I have had time to play.
On a testing note I noticed that the krb5-client package was not
installed with your samba package. Is this by design?
> | I'm asking becasue I'm having
> | trouble getting a BDC configuration working. Trouble seems to be
> | related to winbind.
> Are you setting up a BDC to a windows server????
YES! I want to migrate my users over to my samba server. Then
I will take it samba out of the production environment and put it into a
test network at which time I would reconfigure samba to be a PDC. This
is all for testing, I CAN NOT impact the production domain (labor.ak).
> You shouldn't need winbind for a BDC to another samba server (although I
> have seem some ridiculous guides that suggest this ...), you just need
> all the samba servers looking at the same LDAP tree.
Okay, after I joined the labor domain I tried a wbinfo -t and recieved
checking the trust secret via RPC calls failed
Error code was STATUS_BUFFER_OVERFLOW (0x80000005)
could not check secret
This led me to install winbind. Obviously I'm off base on that one....
> | getent passwd - brings up local account then pauses, like it's going to
> | bring in the domain users, and then just ends. <log snip>
> | nsswitch/winbind_user.c:winbindd_gerpwent(571)
> | could not lookup domain user TIMJORDAN
> | If it can't "lookup" the domain user account, then how does it know
> | TIMJORDAN exists???
> Depends what you were doing at the time, but if you were trying to
> access a share or otherwise authenticate, it would know the user you're
> connecting as.
The log shows each user in the domain (labor). I simply issued a getent
I have no local TIMJORDAN account.
> | /etc/samba/smb.conf
> | [global]
> | workgroup = LABOR
> | realm = labor.ak
> | encrypt passwords = yes
> | password server = *
> | passdb backend = ldapsam:ldap://localhost
> | domain master = no
> | domain logons = no
> This needs to be "yes" for a "BDC".
Really? I don't want to offer a logon service until I have the samba
server out of our production environment.
> | idmap backend = ldap:ldap://localhost
> | ldap admin dn = cn=root,dc=smb2ldap,dc=org
> | ldap suffix = dc=smb2ldap,dc=org
> | ldap machine suffix = ou=computers
> | ldap user suffix = ou=People
> | ldap group suffix = ou=Groups
> | ldap idmap suffix = ou=Idmap
> | ldap ssl = off
> | idmap uid = 10000-20000
> | idmap gid = 10000-20000
> | wins server = ipaddres
> - --
> Buchan Milne Senior Support Technician
> Obsidian Systems http://www.obsidian.co.za
> B.Eng RHCE (803004789010797)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
More information about the samba