[Samba] Adding a Samba Domain Server

Chris Hane chrishane at gmail.com
Thu Dec 14 05:26:05 GMT 2006 

To answer my own question:  I needed to configure the nsswitch correctly 
on the domain member server.  Than I followed this:

http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#sdcsdmldap

And it looks like everything works!

I'll test tomorrow with more shares; but it looks good with some quick 
testing tonight.

Chris....

Chris Hane wrote:
> Thanks for replying.  I took my time and re-setup the PDC server today 
> just to make sure everything works on the PDC.
> 
> Next I ran the net rpc join on the client and get the following:
> 
> [root at testbox samba]# net rpc join -Uroot%password
> Password:
> Could not connect to server SFSPDC1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
> 
> Two things:
> 
> First, it asks me for the password again.
> 
> Second, I'm sure the password of root is correct.  It is the same 
> command I used to join the PDC machine to the PDC Samba installation.
> 
> Also, when I look in the log.member1 on the PDC server I get the following:
> 
> [2006/12/13 20:21:26, 0] 
> passdb/pdb_interface.c:pdb_default_create_user(368)
>   _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w 
> member1$' gave 9
> [2006/12/13 20:22:00, 0] lib/system.c:set_process_capability(723)
>   set_process_capability: cap_set_proc failed: Operation not permitted
> 
> 
> Anyone know how I can find out what return code 9 means?
> 
> Thoughts?
> 
> Thanks,
> Chris....
> 
> Here are the two configs:
> 
> PDC SMB.CONF
> ========================================================================
> [root at dion samba]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
> 
> [global]
>  workgroup = SFS
>  netbios name = SFSPDC1
>  server string = Samba Server PDC
>  passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.62"
>  log file = /var/log/samba/log.%m
>  max log size = 50
>  add user script = /usr/sbin/smbldap-useradd -m "%u"
>  add group script = /usr/sbin/smbldap-groupadd -p "%g"
>  add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>  delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>  set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>  add machine script = /usr/sbin/smbldap-useradd -w %u
>  domain logons = Yes
>  os level = 33
>  preferred master = Yes
>  domain master = Yes
>  dns proxy = No
>  wins support = Yes
>  ldap admin dn = cn=admin,dc=com
>  ldap delete dn = Yes
>  ldap group suffix = ou=Groups
>  ldap idmap suffix = ou=Idmap
>  ldap machine suffix = ou=Computers
>  ldap suffix = ou=itsolut,dc=com
>  ldap user suffix = ou=people
>  idmap backend = ldap:ldap://192.168.0.62
>  idmap uid = 2000 - 3000
>  idmap gid = 2000 - 3000
> 
> [homes]
>  comment = Home Directories
>  read only = No
>  browseable = No
> 
> [printers]
>  comment = All Printers
>  path = /var/spool/samba
>  printable = Yes
>  browseable = No
> 
> DOMAIN MEMBER SMB.CONF
> ========================================================================
> [root at testbox samba]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> 
> [global]
>         workgroup = SFS
>         netbios name = MEMBER1
>         server string = TESTBOX
>         security = DOMAIN
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         dns proxy = No
>         idmap uid = 2000 - 3000
>         idmap gid = 2000 - 3000
>         winbind use default domain = Yes
> 
> [homes]
>         comment = Home Directories
>         read only = No
>         browseable = No
> 
> 
> Jeffrey Lord wrote:
>> Have you tried doing a 'net rpc join' on the client?
>>
>> ----- Original Message -----
>> From: samba-bounces+jlord=mediosystems.com at lists.samba.org 
>> <samba-bounces+jlord=mediosystems.com at lists.samba.org>
>> To: samba at lists.samba.org <samba at lists.samba.org>
>> Sent: Tue Dec 12 18:12:35 2006
>> Subject: [Samba] Adding a Samba Domain Server
>>
>>
>> I have a Samba PDC setup using LDAP as the passdb.  I want to add
>> another Samba server to the mix.  I believe I want to add it in as a
>> Domain Server; however, I can't seem to get it working.
>>
>> On the PDC server I am running:
>>   - linux (2.6.latest)
>>   - openldap (latest)
>>   - samba (3.latest)
>>   - nss
>>
>> On the Domain Server I am running:
>>   - samba (latest 3.latest)
>>   - nss
>>
>> I thought someone might see something obvious in my smb.conf
>> (particularly the second one below for the domain server).  I am going
>> to try starting from scratch tomorrow and any advice is appreciated.
>>
>> Thanks in advance,
>> Chris....
>>
>>
>> ==================================================================
>> SMB.CONF for the PDC
>> [global]
>> workgroup = SFS1
>> netbios name = SFSPDC
>> encrypt passwords = Yes
>> hide dot files = Yes
>> null passwords = Yes
>> enable privileges = yes
>> interfaces = 192.168.0.28
>> server string = SFSMAIL PDC
>> security = user
>> local master = yes
>> os level = 33
>> hosts allow = 192.168.0. 127.
>> loglevel = 2
>> log file = /var/log/samba/log.%m
>> debug timestamp = yes
>> domain master = yes
>> domain logons = yes
>> #winbind use default domain=yes
>> logon path =
>> wins support = yes
>> passdb expand explicit = no
>> ldap passwd sync = Yes
>> passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://itsolut.com/"
>> ldap admin dn = cn=admin,dc=com
>> ldap suffix   = ou=sfsmail,dc=com
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=people
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=people
>> #ldap idmap suffix = ou=Idmap
>> #idmap backend = ldap://itsolut.com
>> #idmap uid = 2000 - 3000
>> #idmap gid = 2000 - 3000
>> #ldap ssl = start_tls
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> add machine script = /usr/sbin/smbldap-useradd -w %u
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> ldap delete dn = Yes
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>
>> [homes]
>> comment = Home Directories
>> valid users = %U
>> read only = No
>> create mask = 0664
>> directory mask = 0775
>> browseable = No
>> writeable = yes
>> path = /home/samba/users/%U
>>
>> [netlogon]
>> path = /home/samba/netlogon
>> browseable = no
>> guest ok = yes
>> read only = yes
>>
>>
>> ==================================================================
>> NSSSWITCH.CONF for PDC
>> passwd: files ldap
>> group: files ldap
>> shadow: files ldap
>>
>> publickey: files
>>
>> hosts: files dns
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: db files
>>
>>
>>
>> ==================================================================
>> SMB.CONF for Domain Server
>> [global]
>> workgroup = SFS1
>> server string = SFS STORAGE SERVER
>> netbios name = storage1
>> security = domain
>> password server = 192.168.0.28
>> encrypt passwords = Yes
>> hosts allow = 192.168.0. 127.
>> log file = /var/log/samba/log.%m
>> loglevel = 3
>> max log size = 50
>> debug timestamp = yes
>> ;password server = 192.168.0.28
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> interfaces = 192.168.0.25
>> ;   local master = no
>> ;   os level = 33
>> domain master = no
>> ;   preferred master = yes
>> ;   domain logons = yes
>> ;   wins support = yes
>> wins server = 192.168.0.28
>> wins proxy = yes
>> passdb expand explicit = no
>> ldap passwd sync = Yes
>> passdb backend = ldapsam:"ldap://192.168.0.28/"
>> ldap admin dn = cn=admin,dc=com
>> ldap suffix   = ou=sfsmail,dc=com
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=people
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Idmap
>>
>> #idmap backend = ldap:ldap://192.168.0.28
>> #idmap uid = 10000-20000
>> #idmap gid = 10000-20000
>>
>> add machine script = /usr/sbin/smbldap-useradd -w %u
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> ldap delete dn = Yes
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>>
>>
>> ==================================================================
>> NSSSWITCH.CONF for Domain Server
>> passwd: files ldap
>> group: files ldap
>> shadow: files ldap
>>
>> publickey: files
>>
>> hosts: files dns
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: db files
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>

More information about the samba mailing list