[Samba] Setup of a new PDC with Samba 3.2.0
devel at thom.fr.eu.org
devel at thom.fr.eu.org
Sat Jul 12 08:30:13 GMT 2008
Ok,
I just missed this part from the documentation (by the way, could anybody
spot me to the place where this is specified. I could see in Samba Howto
chapter 13, but this is not obvious).
So I did successfully join the domain, and now I get the following error
on wbinfo -t :
MYSERVER:~# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret
This looks like a resolver issue. I have
wins server = 10.212.254.254
wins proxy = Yes
name resolve order = lmhosts wins host bcast
in smb.conf, and my lmhost file says
10.211.254.253 MYDOMAIN
10.211.254.253 MYSERVER
and anyway the nmblookup succeeds:
tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1b
querying MYDOMAIN on 10.212.254.254
10.211.254.253 MYDOMAIN<1b>
tls-srv-01:~# nmblookup -R -U 10.212.254.254 MYDOMAIN#1c
querying MYDOMAIN on 10.212.254.254
10.211.254.253 MYDOMAIN<1c>
> On Fri, Jul 11, 2008 at 04:50:55PM +0200, devel at thom.fr.eu.org wrote:
>> Hello,
>>
>> I setting up a new PDC for a new domain using samba 3.2.0
>> I use LDAP as passwd/idmap backend.
>>
>> I started from scratch just creating the OU for the
>> users/groups/machines/idmaps in the ldap directory, + a user used to
>> bind
>> to ldap.
>>
>> So from there I started winbind and ran net sam provision, which worked
>> great.
>> Now I plan this domain will have a one way trust with one other domain,
>> and as I start playing with wbinfo to verify the local/builtin groups
>> appear, I found that wbinfo -t fails to check secret with :
>> myserver:/usr/local/samba/bin# wbinfo -t
>> checking the trust secret via RPC calls failed
>> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>> Could not check secret
>>
>> So, I'm wondering, do I need to create some kind of machine trust
>> account
>> for the PDC itself, or this reply from wbinfo -t is expected ?
>
> Yes, you need to "join" the machine to itself (the PDC) using net join
> before winbindd will work in this way on the PDC. Sorry, rather
> counterintuative I know but the way it works at present.
>
> Jeremy.
>
--
More information about the samba
mailing list