[Samba] Unable to join domain in remote subnet...

Matt Anderson sokkerstud_11 at hotmail.com
Wed Oct 10 17:44:05 GMT 2007 

Dear Help,

Here is my situation:
We have offices located in several areas around the country, all of which can
communicate with each other through VPNs we have established.  I have set up a
Samba domain in which the PDC is located here in our home office, and there are
BDCs for the same domain in each of the remote offices.

I have been able to successfully join machines here in our home office to the
domain through Windows, but am not having any luck when I try to join the domain
at one of the remote locations.  When I go through the manual process of joining
the domain on a Windows XP machine, I get a password prompt for the domain user
that can add the machine (so I know it's at least finding the BDC)... but then
after I type in the username and password, I get the following error:
"The following error occurred attempting to join the domain "ourdomain": The
specified domain either does not exist or could not be contacted."

I've searched Google for this error and have not found anything useful.  I've
gone back through the Samba-HowTo on BDC configuration and have not yet found
anything.

Any help would be greatly appreciated!  -Matt

Here are my configuration files.  (Oh, and for whatever reason, even with a log
level of 5, whenever I attempt to join the machine to the domain, no log entry
is created).

For the PDC:
[global]
	netbios name = ds-pdc-1
	workgroup = OURDOMAIN
	server string = Samba PDC %v %h
	obey pam restrictions = Yes
	passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
	security = user
	log level = 3 
	log file = /var/log/samba/%m.log
	max log size = 5000 
	add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null/ -g machine -c
'Machine Account for %u' -s /bin/false %u
	logon path = 
	logon home = 
	domain logons = Yes
	os level = 128
	preferred master = Yes
	domain master = Yes
	ldap admin dn = cn=admin,o=ORGANIZATION
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=IDMap
	ldap machine suffix = ou=Workstations
	ldap user suffix = 
	ldap filter = (cn=%u)
	ldap suffix = o=ORGANZIATION
	ldap passwd sync = No 
	unix password sync = Yes
	passwd program = /usr/sbin/smbldap-passwd -u %u
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n
	idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	veto files = /.?*/
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
	wins support = Yes 
	encrypt passwords = Yes
	logon script = %U.bat

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	write list = root
	browseable = No
	share modes = No

And here is a BDC -- located offsite:
[global]
	workgroup = OURDOMAIN
	server string = Samba BDC %v %h
	obey pam restrictions = Yes
	passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
	log level = 2 
	log file = /var/log/samba/%m.log
	max log size = 1000
	logon path = 
	logon home =
	domain logons = Yes
	domain master = No
	preferred master = Yes
	ldap admin dn = cn=admin,o=ORGANIZATION
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=IDMap
	ldap machine suffix = ou=Workstations
	ldap suffix = o=ORGANIZATION
	ldap passwd sync = No
	unix password sync = Yes
	passwd program = /usr/sbin/smbldap-passwd -u %u
	passwd chat = *New*password* %n\n *retype*new*password* %n\n
	idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	veto files = /.?*/
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
	wins server = IP.OF.PDC.HERE

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	write list = root
	browseable = No
	share modes = No

More information about the samba mailing list