[Samba] Unable to join domain in remote subnet...

Quinn Fissler qfissler at gmail.com
Wed Oct 10 18:49:46 GMT 2007 

The problem is caused by the client not having the address of the
domain controller.

On a windows client, you need to populate
%SYSTEM_ROOT%\system32\drivers\etc\lmhosts

use UPPERCASE names regardless of what the MS docs say.



On 10/10/2007, Matt Anderson <sokkerstud_11 at hotmail.com> wrote:
> Dear Help,
>
> Here is my situation:
> We have offices located in several areas around the country, all of which can
> communicate with each other through VPNs we have established.  I have set up a
> Samba domain in which the PDC is located here in our home office, and there are
> BDCs for the same domain in each of the remote offices.
>
> I have been able to successfully join machines here in our home office to the
> domain through Windows, but am not having any luck when I try to join the domain
> at one of the remote locations.  When I go through the manual process of joining
> the domain on a Windows XP machine, I get a password prompt for the domain user
> that can add the machine (so I know it's at least finding the BDC)... but then
> after I type in the username and password, I get the following error:
> "The following error occurred attempting to join the domain "ourdomain": The
> specified domain either does not exist or could not be contacted."
>
> I've searched Google for this error and have not found anything useful.  I've
> gone back through the Samba-HowTo on BDC configuration and have not yet found
> anything.
>
> Any help would be greatly appreciated!  -Matt
>
> Here are my configuration files.  (Oh, and for whatever reason, even with a log
> level of 5, whenever I attempt to join the machine to the domain, no log entry
> is created).
>
> For the PDC:
> [global]
>         netbios name = ds-pdc-1
>         workgroup = OURDOMAIN
>         server string = Samba PDC %v %h
>         obey pam restrictions = Yes
>         passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
>         security = user
>         log level = 3
>         log file = /var/log/samba/%m.log
>         max log size = 5000
>         add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null/ -g machine -c
> 'Machine Account for %u' -s /bin/false %u
>         logon path =
>         logon home =
>         domain logons = Yes
>         os level = 128
>         preferred master = Yes
>         domain master = Yes
>         ldap admin dn = cn=admin,o=ORGANIZATION
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=IDMap
>         ldap machine suffix = ou=Workstations
>         ldap user suffix =
>         ldap filter = (cn=%u)
>         ldap suffix = o=ORGANZIATION
>         ldap passwd sync = No
>         unix password sync = Yes
>         passwd program = /usr/sbin/smbldap-passwd -u %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>         idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         veto files = /.?*/
>         dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>         wins support = Yes
>         encrypt passwords = Yes
>         logon script = %U.bat
>
> [netlogon]
>         comment = Network Logon Service
>         path = /var/lib/samba/netlogon
>         write list = root
>         browseable = No
>         share modes = No
>
> And here is a BDC -- located offsite:
> [global]
>         workgroup = OURDOMAIN
>         server string = Samba BDC %v %h
>         obey pam restrictions = Yes
>         passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
>         log level = 2
>         log file = /var/log/samba/%m.log
>         max log size = 1000
>         logon path =
>         logon home =
>         domain logons = Yes
>         domain master = No
>         preferred master = Yes
>         ldap admin dn = cn=admin,o=ORGANIZATION
>         ldap group suffix = ou=Groups
>         ldap idmap suffix = ou=IDMap
>         ldap machine suffix = ou=Workstations
>         ldap suffix = o=ORGANIZATION
>         ldap passwd sync = No
>         unix password sync = Yes
>         passwd program = /usr/sbin/smbldap-passwd -u %u
>         passwd chat = *New*password* %n\n *retype*new*password* %n\n
>         idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         veto files = /.?*/
>         dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
>         wins server = IP.OF.PDC.HERE
>
> [netlogon]
>         comment = Network Logon Service
>         path = /var/lib/samba/netlogon
>         write list = root
>         browseable = No
>         share modes = No
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list