[Samba] Adding a Samba Domain Server

Chris Hane chrishane at gmail.com
Thu Dec 14 00:24:14 GMT 2006 

Thanks for replying.  I took my time and re-setup the PDC server today 
just to make sure everything works on the PDC.

Next I ran the net rpc join on the client and get the following:

[root at testbox samba]# net rpc join -Uroot%password
Password:
Could not connect to server SFSPDC1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

Two things:

First, it asks me for the password again.

Second, I'm sure the password of root is correct.  It is the same 
command I used to join the PDC machine to the PDC Samba installation.

Also, when I look in the log.member1 on the PDC server I get the following:

[2006/12/13 20:21:26, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 
member1$' gave 9
[2006/12/13 20:22:00, 0] lib/system.c:set_process_capability(723)
   set_process_capability: cap_set_proc failed: Operation not permitted


Anyone know how I can find out what return code 9 means?

Thoughts?

Thanks,
Chris....

Here are the two configs:

PDC SMB.CONF
========================================================================
[root at dion samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
  workgroup = SFS
  netbios name = SFSPDC1
  server string = Samba Server PDC
  passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.62"
  log file = /var/log/samba/log.%m
  max log size = 50
  add user script = /usr/sbin/smbldap-useradd -m "%u"
  add group script = /usr/sbin/smbldap-groupadd -p "%g"
  add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
  set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
  add machine script = /usr/sbin/smbldap-useradd -w %u
  domain logons = Yes
  os level = 33
  preferred master = Yes
  domain master = Yes
  dns proxy = No
  wins support = Yes
  ldap admin dn = cn=admin,dc=com
  ldap delete dn = Yes
  ldap group suffix = ou=Groups
  ldap idmap suffix = ou=Idmap
  ldap machine suffix = ou=Computers
  ldap suffix = ou=itsolut,dc=com
  ldap user suffix = ou=people
  idmap backend = ldap:ldap://192.168.0.62
  idmap uid = 2000 - 3000
  idmap gid = 2000 - 3000

[homes]
  comment = Home Directories
  read only = No
  browseable = No

[printers]
  comment = All Printers
  path = /var/spool/samba
  printable = Yes
  browseable = No

DOMAIN MEMBER SMB.CONF
========================================================================
[root at testbox samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
         workgroup = SFS
         netbios name = MEMBER1
         server string = TESTBOX
         security = DOMAIN
         log file = /var/log/samba/log.%m
         max log size = 50
         dns proxy = No
         idmap uid = 2000 - 3000
         idmap gid = 2000 - 3000
         winbind use default domain = Yes

[homes]
         comment = Home Directories
         read only = No
         browseable = No


Jeffrey Lord wrote:
> Have you tried doing a 'net rpc join' on the client?
> 
> ----- Original Message -----
> From: samba-bounces+jlord=mediosystems.com at lists.samba.org 
> <samba-bounces+jlord=mediosystems.com at lists.samba.org>
> To: samba at lists.samba.org <samba at lists.samba.org>
> Sent: Tue Dec 12 18:12:35 2006
> Subject: [Samba] Adding a Samba Domain Server
> 
> 
> I have a Samba PDC setup using LDAP as the passdb.  I want to add
> another Samba server to the mix.  I believe I want to add it in as a
> Domain Server; however, I can't seem to get it working.
> 
> On the PDC server I am running:
>   - linux (2.6.latest)
>   - openldap (latest)
>   - samba (3.latest)
>   - nss
> 
> On the Domain Server I am running:
>   - samba (latest 3.latest)
>   - nss
> 
> I thought someone might see something obvious in my smb.conf
> (particularly the second one below for the domain server).  I am going
> to try starting from scratch tomorrow and any advice is appreciated.
> 
> Thanks in advance,
> Chris....
> 
> 
> ==================================================================
> SMB.CONF for the PDC
> [global]
> workgroup = SFS1
> netbios name = SFSPDC
> encrypt passwords = Yes
> hide dot files = Yes
> null passwords = Yes
> enable privileges = yes
> interfaces = 192.168.0.28
> server string = SFSMAIL PDC
> security = user
> local master = yes
> os level = 33
> hosts allow = 192.168.0. 127.
> loglevel = 2
> log file = /var/log/samba/log.%m
> debug timestamp = yes
> domain master = yes
> domain logons = yes
> #winbind use default domain=yes
> logon path =
> wins support = yes
> passdb expand explicit = no
> ldap passwd sync = Yes
> passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://itsolut.com/"
> ldap admin dn = cn=admin,dc=com
> ldap suffix   = ou=sfsmail,dc=com
> ldap group suffix = ou=Groups
> ldap user suffix = ou=people
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=people
> #ldap idmap suffix = ou=Idmap
> #idmap backend = ldap://itsolut.com
> #idmap uid = 2000 - 3000
> #idmap gid = 2000 - 3000
> #ldap ssl = start_tls
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> add machine script = /usr/sbin/smbldap-useradd -w %u
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> 
> [homes]
> comment = Home Directories
> valid users = %U
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> writeable = yes
> path = /home/samba/users/%U
> 
> [netlogon]
> path = /home/samba/netlogon
> browseable = no
> guest ok = yes
> read only = yes
> 
> 
> ==================================================================
> NSSSWITCH.CONF for PDC
> passwd: files ldap
> group: files ldap
> shadow: files ldap
> 
> publickey: files
> 
> hosts: files dns
> networks: files
> 
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> 
> netgroup: db files
> 
> 
> 
> ==================================================================
> SMB.CONF for Domain Server
> [global]
> workgroup = SFS1
> server string = SFS STORAGE SERVER
> netbios name = storage1
> security = domain
> password server = 192.168.0.28
> encrypt passwords = Yes
> hosts allow = 192.168.0. 127.
> log file = /var/log/samba/log.%m
> loglevel = 3
> max log size = 50
> debug timestamp = yes
> ;password server = 192.168.0.28
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = 192.168.0.25
> ;   local master = no
> ;   os level = 33
> domain master = no
> ;   preferred master = yes
> ;   domain logons = yes
> ;   wins support = yes
> wins server = 192.168.0.28
> wins proxy = yes
> passdb expand explicit = no
> ldap passwd sync = Yes
> passdb backend = ldapsam:"ldap://192.168.0.28/"
> ldap admin dn = cn=admin,dc=com
> ldap suffix   = ou=sfsmail,dc=com
> ldap group suffix = ou=Groups
> ldap user suffix = ou=people
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
> 
> #idmap backend = ldap:ldap://192.168.0.28
> #idmap uid = 10000-20000
> #idmap gid = 10000-20000
> 
> add machine script = /usr/sbin/smbldap-useradd -w %u
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> 
> 
> ==================================================================
> NSSSWITCH.CONF for Domain Server
> passwd: files ldap
> group: files ldap
> shadow: files ldap
> 
> publickey: files
> 
> hosts: files dns
> networks: files
> 
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> 
> netgroup: db files
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list