[Samba] cannot add new machines to domain

David Böhm boehm at fab.fh-wiesbaden.de
Thu May 29 13:21:38 GMT 2008 


Rubin Bennett schrieb:
> On Thu, 2008-05-29 at 10:21 +0200, David Böhm wrote:
>> Hi,
>>
>> i have running samba with ldap as a PDC. The PDC works fine, except 
>> adding new computer to the domain. The Computer how was added 2-3 Years 
>> ago works fine, but i cannot add new PCs to the domain.
>>
>> The samba log says to remove the paramtere 'algorithmic rid base' and 
>> use 'net groupmap add' and 'net setmaxrid'. The command "net setmaxrid" 
>> is not existent.
>>
>> For me it is important to add the new PCs to the Domain. So is there any 
>> way to add the PCs on Server side? Or any other workaround - it does not 
>> matter how.
>>
>> I hope you can help me! :)
>>
>>
>> log.smb:
>> [2008/05/28 09:57:15, 0] passdb/pdb_interface.c:pdb_new_rid(1072)
>>    'algorithmic rid base' is set but a passdb backend without 
>> algorithmic RIDs is chosen.
>>    Please map all used groups using 'net groupmap add', set the maximum 
>> used RID using
>>    'net setmaxrid' and remove the parameter
>>
>>
>> smb.conf:
>> [global]
>>          workgroup = FAB
>>          server string = zeus
>>          interfaces = 195.72.98.12/255.255.255.240, 
>> 10.14.45.12/255.255.255.0
>>          map to guest = Bad User
>>          passdb backend = ldapsam
>>          algorithmic rid base = 5000
>>          log level = 1
>>          log file = /var/log/log.smb
>>          smb ports = 139
>>          name resolve order = wins hosts bcast lmhosts
>>          time server = Yes
>>          deadtime = 15
>>          socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
>>          printcap name = cups
>>          add user script = ldapsmb -a -u "%u"
>>          delete user script = ldapsmb -d -u "%u"
>>          add group script = ldapsmb -a -g "%g"
>>          delete group script = ldapsmb -d -g "%g"
>>          add user to group script = ldapsmb -j -u "%u" -g "%g"
>>          delete user from group script = ldapsmb -r -u "%u" -g "%g"
>>          set primary group script = ldapsmb -m -u "%u" -gid "%g"
>>          add machine script = ldapsmb -a -w "%u" -gid 515
>>          logon script = kix32 fab_login.scr
>>          logon path = \\%L\profiles\%U
>>          logon drive = h:
>>          domain logons = Yes
>>          os level = 65
>>          preferred master = Yes
>>          domain master = Yes
>>          wins support = Yes
>>          ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
>>          ldap group suffix = ou=Groups
>>          ldap machine suffix = ou=People
>>          ldap passwd sync = Yes
>>          ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
>>          ldap ssl = no
>>          ldap user suffix = ou=People
>>          admin users = @ntadmin, root
>>          hosts allow = 10.14.40., 10.14.41., 10.14.42., 10.14.45., 
>> 10.14.43., 10.14.44., 10.10.57.
>>          printing = cups
>>          print command =
>>          lpq command = %p
>>          lprm command = /usr/bin/lprm -P%p %j
>>          veto files = /*.eml/*.nws/riched20.dll/*.{*}/
>>
>>
>> SW:
>> Opensuse 10.3 64bit
>> Samba 3.0.26a
>> Openldap: 2.3.37
>>
>>
>>
>>
>> Best regards,
>>
>>   -  David Böhm
>>
> I'm guessing that somewhere along the line you upgraded your server and
> moved your Samba install to the new box?
> 
> This has happened to me several times and there are a few items in the
> config that need to be added for later versions of Samba to work as
> expected.
> 
> In the global section, add
> enable privileges = yes
> 
> And see if that works.
> 
> HTH, Rubin
> 

Hi,

your supposition is right. There was a upgrade to a new box.

The option you describe is already set. I don't know why it is not 
listed above. Maybe testparam doesn't dump the complete config?

Here is the config with cat! :)


Thx for supporting me!

best regards,

David

smb.conf:
# smb.conf is the main samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
# Date: 2002-09-12
#
#
[global]
	workgroup = FAB
	netbios name = zeus
	server string = zeus
	map to guest = Bad User
	encrypt passwords = yes
	enable privileges = yes

	passdb backend = ldapsam
       ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
       ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
       ldap group suffix = ou=Groups
       ldap user suffix = ou=People
       ldap machine suffix = ou=People

       ldap ssl = no
       ldap passwd sync = yes

               add user script = ldapsmb -a -u "%u"
            delete user script = ldapsmb -d -u "%u"
            add machine script = ldapsmb -a -w "%u" -gid 515
              add group script = ldapsmb -a -g "%g"
           delete group script = ldapsmb -d -g "%g"
      add user to group script = ldapsmb -j -u "%u" -g "%g"
delete user from group script = ldapsmb -r -u "%u" -g "%g"
      set primary group script = ldapsmb -m -u "%u" -gid "%g"

	algorithmic rid base = 5000

	local master = yes
	preferred master = yes
	os level = 65
	time server = Yes
	unix extensions = Yes
	admin users = @ntadmin root
       log level = 1
	log file = /var/log/log.smb
	load printers = yes
	printing = cups
	printcap name = cups
       lprm command = /usr/bin/lprm -P%p %j
       default devmode = yes
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	wins support = yes
       dns proxy = yes
	name resolve order = wins hosts bcast lmhosts
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/

	domain master = yes
	domain logons = yes
	logon script = kix32 fab_login.scr
	logon path = \\%L\profiles\%U
	logon drive = h:

   hosts allow = 
10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57.
	interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0

	deadtime = 15
       dos charset = CP850
       unix charset = UTF-8
       display charset = LOCALE
       smb ports = 139


-------------- next part --------------
# smb.conf is the main samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE
# Date: 2002-09-12
#
#
[global]
	workgroup = FAB
	netbios name = zeus
	server string = zeus
	map to guest = Bad User
	encrypt passwords = yes
	enable privileges = yes

	passdb backend = ldapsam
      ldap admin dn = cn=Manager,dc=fab,dc=fh-wiesbaden,dc=de
      ldap suffix = dc=fab,dc=fh-wiesbaden,dc=de
      ldap group suffix = ou=Groups
      ldap user suffix = ou=People
      ldap machine suffix = ou=People

      ldap ssl = no
      ldap passwd sync = yes

              add user script = ldapsmb -a -u "%u"
           delete user script = ldapsmb -d -u "%u"
           add machine script = ldapsmb -a -w "%u" -gid 515
             add group script = ldapsmb -a -g "%g"
          delete group script = ldapsmb -d -g "%g"
     add user to group script = ldapsmb -j -u "%u" -g "%g"
delete user from group script = ldapsmb -r -u "%u" -g "%g"
     set primary group script = ldapsmb -m -u "%u" -gid "%g"

	algorithmic rid base = 5000

	local master = yes
	preferred master = yes
	os level = 65
	time server = Yes
	unix extensions = Yes
	admin users = @ntadmin root
      log level = 1
	log file = /var/log/log.smb
	load printers = yes
	printing = cups
	printcap name = cups
      lprm command = /usr/bin/lprm -P%p %j
      default devmode = yes
	socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
	wins support = yes
      dns proxy = yes
	name resolve order = wins hosts bcast lmhosts
	veto files = /*.eml/*.nws/riched20.dll/*.{*}/

	domain master = yes
	domain logons = yes
	logon script = kix32 fab_login.scr
	logon path = \\%L\profiles\%U
	logon drive = h:

  hosts allow = 10.14.40.,10.14.41.,10.14.42.,10.14.45.,10.14.43.,10.14.44.,10.10.57.
	interfaces = 195.72.98.12/255.255.255.240 10.14.45.12/255.255.255.0

	deadtime = 15
      dos charset = CP850
      unix charset = UTF-8
      display charset = LOCALE
      smb ports = 139

More information about the samba mailing list