[Samba] Re: samba Version 3.0.5pre1

[Tim Jordan]

Buchan, I'm sending this to the samba list also.  I'm hoping someone can
pick out my config error - if that is what my problem is...

On Fri, 2004-05-28 at 11:16, Buchan Milne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Tim Jordan wrote:
> | Is this package OK to use?  I started building yesterday and did not
> | notice that it moved from 3.0.4 to 3.0.5.
> 
> I haven't used it much myself yet ... been too busy with real work ...
> but we need to get an update out, so I wanted some testing.

I uderstand, this is the first time this week I have had time to play. 
On a testing note I noticed that the krb5-client package was not
installed with your samba package.  Is this by design?

> 
> |  I'm asking becasue I'm having
> | trouble getting a BDC configuration working.  Trouble seems to be
> | related to winbind.
> |
> 
> Are you setting up a BDC to a windows server????

        YES!  I want to migrate my users over to my samba server.  Then
I will take it samba out of the production environment and put it into a
test network at which time I would reconfigure samba to be a PDC.  This
is all for testing, I CAN NOT impact the production domain (labor.ak).

> 
> You shouldn't need winbind for a BDC to another samba server (although I
> have seem some ridiculous guides that suggest this ...), you just need
> all the samba servers looking at the same LDAP tree.


Okay, after I joined the labor domain I tried a wbinfo -t and recieved
this error:
        #wbinfo -t
            checking the trust secret via RPC calls failed
            Error code was STATUS_BUFFER_OVERFLOW (0x80000005)
            could not check secret

This led me to install winbind.  Obviously I'm off base on that one....

> 
> | getent passwd - brings up local account then pauses, like it's going to
> | bring in the domain users, and then just ends.  <log snip>
> |
> | nsswitch/winbind_user.c:winbindd_gerpwent(571)
> |   could not lookup domain user TIMJORDAN
> |
> | If it can't "lookup" the domain user account, then how does it know
> | TIMJORDAN exists???
> |
> 
> Depends what you were doing at the time, but if you were trying to
> access a share or otherwise authenticate, it would know the user you're
> connecting as.
> 

The log shows each user in the domain (labor).  I simply issued a getent
passwd command.
I have no local TIMJORDAN account.

> | /etc/samba/smb.conf
> |
> | [global]
> | workgroup = LABOR
> | realm = labor.ak
> | encrypt passwords = yes
> | password server = *
> | passdb backend = ldapsam:ldap://localhost
> | domain master = no
> | domain logons = no
> 
> ^^^^
> This needs to be "yes" for a "BDC".

Really?  I don't want to offer a logon service until I have the samba
server out of our production environment.

> 
> | idmap backend = ldap:ldap://localhost
> | ldap admin dn = cn=root,dc=smb2ldap,dc=org
> | ldap suffix = dc=smb2ldap,dc=org
> | ldap machine suffix = ou=computers
> | ldap user suffix = ou=People
> | ldap group suffix = ou=Groups
> | ldap idmap suffix = ou=Idmap
> | ldap ssl = off
> | idmap uid = 10000-20000
> | idmap gid = 10000-20000
> | wins server =  ipaddres
> |
> 
> Regards,
> Buchan

Thanks Buchan!
TJ

> 
> - --
> Buchan Milne                      Senior Support Technician
> Obsidian Systems                  http://www.obsidian.co.za
> B.Eng                                RHCE (803004789010797)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFAt5AUrJK6UGDSBKcRAiBgAJ9zl4V0R1vVHtJSCCgFjCAmwnk8/ACeNRQL
> cR8AHbuD2hMV1E3WfNBXLEw=
> =QG0O
> -----END PGP SIGNATURE-----