[Samba] Samba on Linux - shows up as Domain Controller in ADS
alee2 at epcor.ca
Wed Oct 15 14:52:11 GMT 2008
I'm running into a problem with my Linux servers connecting to a
Windows 2003 Active Directory server. When the Linux server joins up,
it's joining as a Domain Controller.
While doing some research on the topic, I came across bug 1423 on your
The issue here is how to have the Linux server join as a
Workstation/Server type and not a Domain Controller.
Here is my Samba configuration.
workgroup = domain
realm = domain.CA
server string = Samba Server
security = ADS
password server = wipdc01.domain.ca *
username map = None
log file = /var/log/samba/%m.log
domain logons = no
domain master = no
max log size = 1000
smb ports = 139
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = 10.13.20.4
idmap uid = 1000-20000
idmap gid = 1000-20000
winbind use default domain = yes
short preserve case = No
preferred master = no
local master = no
log level = 4
And my steps used to join the domain:
# kinit allee at domain.CA
Password for allee at domain.CA:
# net ads join -U allee
Using short domain name -- domain
Joined 'LXP003' to realm 'domain.CA'
# /etc/init.d/winbind start
Starting Winbind services: [ OK ]
# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -m
# wbinfo --own-domain
# wbinfo -u | head
Looks like it's working....
# cat /var/log/messages
Sep 11 14:04:34 lxp003 winbindd: [2008/09/11 14:04:34, 0]
Sep 11 14:04:34 lxp003 winbindd: initialize_winbindd_cache:
clearing cache and
re-creating with version number 1
Sep 11 14:04:34 lxp003 winbind: winbindd startup succeeded
Sep 11 14:04:40 lxp003 smb: smbd startup succeeded
Sep 11 14:04:40 lxp003 smb: nmbd startup succeeded
I also check my config and everything checks out ok:
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[stars]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
So Samba in principle is working, I can access my shares, read files,
etc. but the AD servers are still seeing my Linux servers as domain
We tried blocking external incoming ports 389 and 636 (local oidldapd
service), so the AD server doesn't think it's a domain controller, but
when I authenticate and connect, it's still showing as a domain
Has anyone else encountered this and found a resolution to the domain
Thanks in advance,
More information about the samba