[Samba] Unable to join domain in remote subnet..
adrian sender
adrian_au1 at hotmail.com
Thu Oct 11 13:41:26 GMT 2007
Have you set in the slapd.conf on the slaves something like
updateref ldap://master.ldap
The slave / consumers need to redirect the request to the master ldap database.
It may also be a good idea to have samba use fail over for the ldap backend. You would need to set this in your ldap.conf as too.
for pdc / ldap master
passdb backend =ldapsam:"ldap://master.ldap ldap://slave.ldap"
for bdc / ldap slave
passdb backend =ldapsam:"ldap://slave ldap://master"
One possible bad way to test this is to install smbldap-tools on the bdc and attempt to add a user from there and see if the user is added on the master ldap server.
Adrian Sender.
On Thu, 2007-10-11 at 12:01 +0000, samba-request at lists.samba.org wrote:
Dear Help,
>
> Here is my situation:
> We have offices located in several areas around the country, all of which can
> communicate with each other through VPNs we have established. I have set up a
> Samba domain in which the PDC is located here in our home office, and there are
> BDCs for the same domain in each of the remote offices.
>
> I have been able to successfully join machines here in our home office to the
> domain through Windows, but am not having any luck when I try to join the domain
> at one of the remote locations. When I go through the manual process of joining
> the domain on a Windows XP machine, I get a password prompt for the domain user
> that can add the machine (so I know it's at least finding the BDC)... but then
> after I type in the username and password, I get the following error:
> "The following error occurred attempting to join the domain "ourdomain": The
> specified domain either does not exist or could not be contacted."
>
> I've searched Google for this error and have not found anything useful. I've
> gone back through the Samba-HowTo on BDC configuration and have not yet found
> anything.
>
> Any help would be greatly appreciated! -Matt
>
> Here are my configuration files. (Oh, and for whatever reason, even with a log
> level of 5, whenever I attempt to join the machine to the domain, no log entry
> is created).
>
> For the PDC:
> [global]
> netbios name = ds-pdc-1
> workgroup = OURDOMAIN
> server string = Samba PDC %v %h
> obey pam restrictions = Yes
> passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
> security = user
> log level = 3
> log file = /var/log/samba/%m.log
> max log size = 5000
> add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null/ -g machine -c
> 'Machine Account for %u' -s /bin/false %u
> logon path =
> logon home =
> domain logons = Yes
> os level = 128
> preferred master = Yes
> domain master = Yes
> ldap admin dn = cn=admin,o=ORGANIZATION
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=IDMap
> ldap machine suffix = ou=Workstations
> ldap user suffix =
> ldap filter = (cn=%u)
> ldap suffix = o=ORGANZIATION
> ldap passwd sync = No
> unix password sync = Yes
> passwd program = /usr/sbin/smbldap-passwd -u %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> veto files = /.?*/
> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> wins support = Yes
> encrypt passwords = Yes
> logon script = %U.bat
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> write list = root
> browseable = No
> share modes = No
>
> And here is a BDC -- located offsite:
> [global]
> workgroup = OURDOMAIN
> server string = Samba BDC %v %h
> obey pam restrictions = Yes
> passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
> log level = 2
> log file = /var/log/samba/%m.log
> max log size = 1000
> logon path =
> logon home =
> domain logons = Yes
> domain master = No
> preferred master = Yes
> ldap admin dn = cn=admin,o=ORGANIZATION
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=IDMap
> ldap machine suffix = ou=Workstations
> ldap suffix = o=ORGANIZATION
> ldap passwd sync = No
> unix password sync = Yes
> passwd program = /usr/sbin/smbldap-passwd -u %u
> passwd chat = *New*password* %n\n *retype*new*password* %n\n
> idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> veto files = /.?*/
> dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
> wins server = IP.OF.PDC.HERE
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> write list = root
> browseable = No
> share modes = No
>
>
_________________________________________________________________
New music from the Rogue Traders - listen now!
http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=832&referral=hotmailtaglineOct07&URL=http://music.ninemsn.com.au/roguetraders
More information about the samba
mailing list