[Samba] Setup of a new PDC with Samba 3.2.0

devel at thom.fr.eu.org devel at thom.fr.eu.org
Fri Jul 11 14:50:58 GMT 2008


Hello,

I setting up a new PDC for a new domain using samba 3.2.0
I use LDAP as passwd/idmap backend.

I started from scratch just creating the OU for the
users/groups/machines/idmaps in the ldap directory, + a user used to bind
to ldap.

So from there I started winbind and ran net sam provision, which worked
great.
Now I plan this domain will have a one way trust with one other domain,
and as I start playing with wbinfo to verify the local/builtin groups
appear, I found that wbinfo -t fails to check secret with :
myserver:/usr/local/samba/bin# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not check secret

So, I'm wondering, do I need to create some kind of machine trust account
for the PDC itself, or this reply from wbinfo -t is expected ?

[global]
	workgroup = EVENTLAB
	netbios name = TLS-SRV-01
	server string = Samba for EventLab
	interfaces = eth1 lo
	bind interfaces only = Yes
	hosts allow = 10.211.0.0/16 10.212.0.0/16 127.0.0.1
	socket address = 10.211.254.253
	passdb backend = ldapsam:ldap://127.0.0.1:389
	ldap admin dn = cn=SambaAdmin,dc=x-files,dc=fr
	ldap user suffix = ou=People
	ldap group suffix = ou=Groups
	ldap machine suffix = ou=Machines
	ldap suffix = dc=x-files,dc=fr
	ldapsam:trusted = Yes
	ldapsam:editposix = Yes
	time server = Yes
	map acl inherit = Yes
	nt acl support = Yes
	unix charset = UTF-8
#	unix password sync = Yes
#	passwd chat = *new*password* %n\n*new*password* %n\n *updated*
#	pam password change = No
	passwd program = /usr/sbin/smbldap-passwd %u
#	username map = /etc/samba/username.map
	reset on zero vc = Yes
	use sendfile = Yes
#
# Logon options
#
	domain logons = Yes
	logon drive = h:
	logon path = \\TLS-SRV-01\Profiles\%U
	logon home = \\TLS-SRV-01\%U
	logon script = Startup.bat

#
# Printing options
#
	load printers = No

#
# Browsing options
#
	os level = 65
	announce version = 4.9
	preferred master = No
	domain master = Yes
	local master = No
#	remote browse sync = 10.212.254.254
#	remote announce = 10.212.254.254

#
# WINS and resolver options
#
	wins support = Yes
#	wins server = 10.212.254.254
	wins proxy = Yes
	name resolve order = lmhosts wins host bcast

#
# Debug options
#
 	log level = 0
        debug timestamp = No
        debug prefix timestamp = No
        debug hires timestamp = No
        debug pid = Yes
        debug uid = Yes

#
# Winbind options
#
	winbind enum users = Yes
	winbind enum groups = Yes
	idmap domains = TRUSTEDDOM
	idmap config TRUSTEDDOM:backend = ldap
	idmap config TRUSTEDDOM:default = Yes
	idmap config TRUSTEDDOM:ldap_base_dn =
ou=TRUSTEDDOM,ou=Idmaps,dc=x-files,dc=fr
	idmap config TRUSTEDDOM:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr
	idmap config TRUSTEDDOM:ldap_url     = ldap://localhost/
	idmap config TRUSTEDDOM:range        = 10000 - 10999

	idmap alloc backend = ldap
	idmap alloc config:ldap_base_dn = ou=Idmaps,dc=x-files,dc=fr
	idmap alloc config:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr
	idmap alloc config:ldap_url     = ldap://localhost/
	idmap alloc config:range        = 20000 - 20999
	template homedir = /home/home/%D/%U
	template shell = /bin/false
	winbind: rpc only = yes
	winbind nested groups = yes



-- 
François Legal


More information about the samba mailing list