[Samba] new problem: PDC is not member of own domain? (was: 'ldap machine suffix' is ignored?)

Mike A. Kuznetsov mike at molinos.ru
Thu Aug 10 14:12:13 GMT 2006

Hi, all!

There is a share on PDC (Samba 3.0.23):

       comment = Software
       path = /st2/soft
       valid users = "@Domain Users"
       read only = No
       share modes = No

I do:

# cd /st2/soft
# touch testfile
# chown testuser:"Domain Users" testfile
# chmod a+rwx testfile

After logon on windows workstation (domain member) as testuser, I going 
to \\PDC\SOFT and try to read, write (all ok) and change permissions on 

If I try to save new permissions (without extended acl's, but they are 
supported) I see error (in russian in original, translate not equal): 
"We havn't know about machine  PDC - does it member of domain DOMAIN?"

How can I resolve this problem? There is my [globals]:

       dos charset = CP1251
       unix charset = KOI8-R
       workgroup = DOMAIN
       server string = Server
       password server =
       passdb backend = ldapsam
       passwd program = /usr/local/sbin/smbldap-passwd %u
       passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
       log level = 2
       log file = /var/log/samba/%m.log
       time server = Yes
       max smbd processes = 30
       add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
       delete user script = /usr/local/sbin/smbldap-userdel "%u"
       add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
       delete group script = /usr/local/sbin/smbldap-groupdel "%g"
       add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
       delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u"
       set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
       add machine script = /usr/local/sbin/smbldap-useradd -w %u
       logon script = logon.bat %U
       logon path =
       logon home =
       domain logons = Yes
       os level = 256
       domain master = Yes
       dns proxy = No
       wins support = Yes
       ldap admin dn = cn=root,dc=mydomain,dc=ru
       ldap delete dn = Yes
       ldap group suffix = ou=groups
       ldap idmap suffix = ou=idmap
       ldap machine suffix = ou=users
       ldap passwd sync = Yes
       ldap suffix = dc=mydomain,dc=ru
       ldap ssl = no
       ldap user suffix = ou=users
       idmap backend = ldap:ldap://localhost
       idmap uid = 10000-20000
       idmap gid = 10000-20000
       winbind use default domain = Yes
       admin users = "@Domain Admins"
       hosts allow =
       hosts deny = ALL
       map acl inherit = Yes

More information about the samba mailing list