[Samba] Unable to join new machines to the domain

Sandra sandra-nascimento at prodesan.com.br
Tue Jun 19 19:04:07 GMT 2007 

Here is the PDC's smb.conf:

[global]
	netbios name		= servsso 
	workgroup		= prodesan.com.br
	log file		= /var/log/samba/%m.log	
	max log size		= 500
	unix password sync	= yes
	passwd program		= /usr/bin/passwd %u
	passwd chat		= *New*password* %n\n *Retype*new*password* %
n\n *passwd:*all*authentication*tokens*updated*successfully*
	smb passwd file		= /etc/samba/smbpasswd
	socket options 		= TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	
	domain logons		= yes
	os level		= 180 
	preferred master	= yes
	domain master		= yes
	security		= user
	guest ok		= no
	invalid users		= bin daemon sys man postfix mail ftp
	admin users		= root 
	encrypt passwords	= yes	
	logon script = scripts\logon.bat
	ldap ssl		= no
	printing		= lprng
	hide dot files		= yes
	time server		= yes
	log level		= 2

	passdb backend = ldapsam:ldap://127.0.0.1
	ldap passwd sync = yes
	ldap delete dn = Yes
	ldap admin dn = cn=admin,dc=prodesan,dc=com,dc=br
	ldap suffix = dc=prodesan,dc=com,dc=br
	ldap machine suffix = ou=computadores
	ldap user suffix = ou=pessoas
	ldap group suffix = ou=grupos
	ldap idmap suffix = ou=Idmap
	idmap backend = ldap:ldap://127.0.0.1
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	winbind separator = \
	winbind enum users = yes
	winbind enum groups = yes
	
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	delete user script = /usr/sbin/smbldap-userdel "%u"
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	delete group script = /usr/sbin/smbldap-groupdel "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script =	/usr/sbin/smbldap-groupmod -x "%u" "%
g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
	add machine script = /usr/sbin/smbldap-useradd -w "%u"

And here is the member server's smb.conf:

[global] 
workgroup = prodesan.com.br
realm = PRODESAN.COM.BR
preferred master = no 
netbios name  = Servproducao
server string = Servproducao
security = domain 
encrypt passwords = true
log level = 3 
log file = /var/log/samba/%m 
max log size = 50 
winbind separator = + 
printcap name = cups 
printing = cups 
idmap uid = 10000-20000 
idmap gid = 10000-20000 

passdb backend = ldapsam:ldap://192.168.131.104
ldap passwd sync = yes
ldap delete dn = Yes
ldap admin dn = cn=admin,dc=prodesan,dc=com,dc=br
ldap suffix = dc=prodesan,dc=com,dc=br
ldap machine suffix = ou=computadores
ldap user suffix = ou=pessoas
ldap group suffix = ou=grupos
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://192.168.131.104
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
	
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script =	/usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
     



On Tue, 19 Jun 2007 14:18:58 -0400, Chris Smith wrote
> On Tuesday 19 June 2007, Sandra wrote:
> > [2007/06/19 14:27:41, 0] utils/net_ads.c:ads_startup(191)
> >   ads_connect: No results returned
> > Creation of workstation account failed
> > Unable to join domain PRODESAN.COM.BR.
> 
> Correct me if I'm wrong as I have no experience with ldap setups but 
> AFAIK Samba domains are NetBIOS domains which are flat, not 
> hierarchical. If so your domain name should be something more like 
> PRODESAN and not PRODESAN.COM.BR.
> 
> Also you didn't post your smb.conf but I'm curious about the use of 
> ads_connect, which seems like you're trying to work with an AD 
> domain instead of a NetBIOS (Samba) domain. So I'm wondering if you 
> have something other than "security - user" in the PDC's smb.conf 
> and "security - domain" in the member servers smb.conf.
> 
> Chris
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> Esta mensagem foi verificada pelo sistema de antivírus e
>  acredita-se estar livre de perigo.


Sandra Nascimento
Analista de Suporte
sandra-nascimento at prodesan.com.br
(13)3229.8000 Ramal 135/176 
--
Prefeitura Municipal de Santos (http://www.santos.sp.gov.br)


-- 
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.

More information about the samba mailing list