[Samba] Unable to join domain in remote subnet...

Michael Heydon michaelh at jaswin.com.au
Wed Nov 14 15:54:14 GMT 2007 

Hi,

Rather than setting up lmhosts on every client (and then having to 
maintain it on every client) I would suggest setting up WINS or DNS to 
resolve everything.

* Michael Heydon - IT Administration / Support *
michaelh at jaswin.com.au <mailto:michaelh at jaswin.com.au>
TEL: (08) 9351 3400 	Direct: (08) 9351 3473
FAX: (08) 9351 3410

http://www.jaswin.com.au
1 McDowell Street
Welshpool WA 6106

******Disclaimer******
Jason Windows Pty Ltd
This email is private and confidential. If you are not the intended 
recipient, please immediately advise us by return email, and delete this 
email and any attachments without using or disclosing the contents in 
any way. Any views expressed in this message are those of the individual 
sender and may not necessarily reflect the views of Jason Windows Pty Ltd.



Quinn Fissler wrote:
> The problem is caused by the client not having the address of the
> domain controller.
>
> On a windows client, you need to populate
> %SYSTEM_ROOT%\system32\drivers\etc\lmhosts
>
> use UPPERCASE names regardless of what the MS docs say.
>
>
>
> On 10/10/2007, Matt Anderson <sokkerstud_11 at hotmail.com> wrote:
>   
>> Dear Help,
>>
>> Here is my situation:
>> We have offices located in several areas around the country, all of which can
>> communicate with each other through VPNs we have established.  I have set up a
>> Samba domain in which the PDC is located here in our home office, and there are
>> BDCs for the same domain in each of the remote offices.
>>
>> I have been able to successfully join machines here in our home office to the
>> domain through Windows, but am not having any luck when I try to join the domain
>> at one of the remote locations.  When I go through the manual process of joining
>> the domain on a Windows XP machine, I get a password prompt for the domain user
>> that can add the machine (so I know it's at least finding the BDC)... but then
>> after I type in the username and password, I get the following error:
>> "The following error occurred attempting to join the domain "ourdomain": The
>> specified domain either does not exist or could not be contacted."
>>
>> I've searched Google for this error and have not found anything useful.  I've
>> gone back through the Samba-HowTo on BDC configuration and have not yet found
>> anything.
>>
>> Any help would be greatly appreciated!  -Matt
>>
>> Here are my configuration files.  (Oh, and for whatever reason, even with a log
>> level of 5, whenever I attempt to join the machine to the domain, no log entry
>> is created).
>>
>> For the PDC:
>> [global]
>>         netbios name = ds-pdc-1
>>         workgroup = OURDOMAIN
>>         server string = Samba PDC %v %h
>>         obey pam restrictions = Yes
>>         passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
>>         security = user
>>         log level = 3
>>         log file = /var/log/samba/%m.log
>>         max log size = 5000
>>         add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null/ -g machine -c
>> 'Machine Account for %u' -s /bin/false %u
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         os level = 128
>>         preferred master = Yes
>>         domain master = Yes
>>         ldap admin dn = cn=admin,o=ORGANIZATION
>>         ldap group suffix = ou=Groups
>>         ldap idmap suffix = ou=IDMap
>>         ldap machine suffix = ou=Workstations
>>         ldap user suffix =
>>         ldap filter = (cn=%u)
>>         ldap suffix = o=ORGANZIATION
>>         ldap passwd sync = No
>>         unix password sync = Yes
>>         passwd program = /usr/sbin/smbldap-passwd -u %u
>>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>         idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
>>         idmap uid = 10000-20000
>>         idmap gid = 10000-20000
>>         veto files = /.?*/
>>         dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>>         wins support = Yes
>>         encrypt passwords = Yes
>>         logon script = %U.bat
>>
>> [netlogon]
>>         comment = Network Logon Service
>>         path = /var/lib/samba/netlogon
>>         write list = root
>>         browseable = No
>>         share modes = No
>>
>> And here is a BDC -- located offsite:
>> [global]
>>         workgroup = OURDOMAIN
>>         server string = Samba BDC %v %h
>>         obey pam restrictions = Yes
>>         passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
>>         log level = 2
>>         log file = /var/log/samba/%m.log
>>         max log size = 1000
>>         logon path =
>>         logon home =
>>         domain logons = Yes
>>         domain master = No
>>         preferred master = Yes
>>         ldap admin dn = cn=admin,o=ORGANIZATION
>>         ldap group suffix = ou=Groups
>>         ldap idmap suffix = ou=IDMap
>>         ldap machine suffix = ou=Workstations
>>         ldap suffix = o=ORGANIZATION
>>         ldap passwd sync = No
>>         unix password sync = Yes
>>         passwd program = /usr/sbin/smbldap-passwd -u %u
>>         passwd chat = *New*password* %n\n *retype*new*password* %n\n
>>         idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
>>         idmap uid = 10000-20000
>>         idmap gid = 10000-20000
>>         veto files = /.?*/
>>         dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>>         wins server = IP.OF.PDC.HERE
>>
>> [netlogon]
>>         comment = Network Logon Service
>>         path = /var/lib/samba/netlogon
>>         write list = root
>>         browseable = No
>>         share modes = No
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>>

More information about the samba mailing list