[Samba] security = domain -- samba adds its netbios name as samba
domain to LDAP
Christian Brandes
christian.brandes at forschungsgruppe.de
Mon Oct 8 09:48:33 GMT 2007
> Ok. I think I understood something wrong. I thought the
> logfile was from a member server, not from a BDC. If a BDC
> creates its own name as a sambaDomain object in LDAP, then
> there's a misconfiguration or a bug. A BDC does not have a
> local SAM, only member servers do.
In my case you were completely right. The configuration and logfile I
posted are from a member server.
But this member server is a separate samba "share instance" running
additionaly on a machine that runs a "BDC instance" of samba, too.
I found out, that it is necessary to join a member server to the BDC (or
PDC) Domain.
This is not done by smb.conf, but by this command:
net rpc join MEMBER -U <sambaroot-account> -n
<member-server-netbios-name> -s <smb.conf-file>
Done so, a machine account for the member server is ceated and access on
the member server's shares is granted to users of the BDC domain.
The next problem is:
Having more than one such "share instances" on one machine, I would have
to join the machine with different Netbios Names to the BDC domain.
Which does not seem to work.
net rpc join MEMBER -U <sambaroot-account> -n NetbiosName1 -s SMB.conf1
net rpc join MEMBER -U <sambaroot-account> -n NetbiosName2 -s SMB.conf2
net rpc testjoin MEMBER -U <sambaroot-account> -n NetbiosName2 -s SMB.conf2
--> Join to 'MyCompany' is OK
net rpc join MEMBER -U <sambaroot-account> -n NetbiosName1 -s SMB.conf1
--> [2007/10/05 17:38:43, 0] utils/net_rpc_join.c:net_rpc_join_ok(70)
--> net_rpc_join_ok: failed to get schannel session key from server
VSERVER for domain MyCompany.
--> Error was NT_STATUS_ACCESS_DENIED
--> Join to domain 'MyCompany' is not valid
It looks like both Netbios Names are registered in the same place and I
do not know where.
So either I find out how to join with two different Netbios Names or I
have to make the share instances BDCs, too.
Best regards
Christian
More information about the samba
mailing list