[Samba] Samba on Linux - shows up as Domain Controller in ADS

Albert Lee alee2 at epcor.ca
Wed Oct 15 14:52:11 GMT 2008 

Hi all,

I'm running into a problem with my Linux servers connecting to a 
Windows 2003 Active Directory server.  When the Linux server joins up, 
it's joining as a Domain Controller.

While doing some research on the topic, I came across bug 1423 on your 
Bugzilla.
https://bugzilla.samba.org/show_bug.cgi?id=1423

The issue here is how to have the Linux server join as a 
Workstation/Server type and not a Domain Controller.

Here is my Samba configuration.

[global]
        workgroup = domain
        realm = domain.CA
        server string = Samba Server
        security = ADS
        password server = wipdc01.domain.ca *
        username map = None
        log file = /var/log/samba/%m.log
        domain logons = no
        domain master = no
        max log size = 1000
        smb ports = 139
        server signing = auto
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        wins server = 10.13.20.4
        idmap uid = 1000-20000
        idmap gid = 1000-20000
        winbind use default domain = yes
        short preserve case = No
        preferred master = no
        local master = no
        log level = 4

And my steps used to join the domain:

# kinit allee at domain.CA
Password for allee at domain.CA:

# net ads join -U allee
allee's password:
Using short domain name -- domain
Joined 'LXP003' to realm 'domain.CA'

# /etc/init.d/winbind start
Starting Winbind services: [ OK ]

# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

# wbinfo -t
checking the trust secret via RPC calls succeeded

# wbinfo -m
domain-NT4
domain
domain

# wbinfo --own-domain
domain

# wbinfo -u | head
-10
rpark
kwall
jwihnon

Looks like it's working....

# cat /var/log/messages
Sep 11 14:04:34 lxp003 winbindd[23659]: [2008/09/11 14:04:34, 0]
nsswitch/winbindd_cache.c:initialize_winbindd_cache(2221)
Sep 11 14:04:34 lxp003 winbindd[23659]: initialize_winbindd_cache: 
clearing cache and
re-creating with version number 1
Sep 11 14:04:34 lxp003 winbind: winbindd startup succeeded
Sep 11 14:04:40 lxp003 smb: smbd startup succeeded
Sep 11 14:04:40 lxp003 smb: nmbd startup succeeded

I also check my config and everything checks out ok:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[stars]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

So Samba in principle is working, I can access my shares, read files, 
etc. but the AD servers are still seeing my Linux servers as domain 
controllers.

We tried blocking external incoming ports 389 and 636 (local oidldapd 
service), so the AD server doesn't think it's a domain controller, but 
when I authenticate and connect, it's still showing as a domain 
controller.

Has anyone else encountered this and found a resolution to the domain 
controller issue?

Thanks in advance,
Albert.

More information about the samba mailing list