[Samba] try to join win2k3 r2 pdc

Victor Ophof mr4hughz at hotmail.com
Wed Apr 1 02:07:00 GMT 2009



I am trying to join a out-of-the box win2k3 AD domain controller 

it's been + forest prep for r2 domain 


samba Version 3.3.2 on Freebsd 6.3-RELEASE


heimdal 0.6.3 


adserver = AD DC server i installed (win2k3 box) 

domain = my domain name



search domain.net

nameserver adserver


contents of /usr/local/etc/smb.conf 

        workgroup = DOMAIN
        realm = DOMAIN.NET
        server string = Samba Server
        security = ADS
        auth methods = winbind
        password server = adserver
        passdb backend = ldapsam:ldap://adserver.domain.net
        root directory = /raid5/samba
        lanman auth = Yes
        use kerberos keytab = Yes
        log file = /var/log/samba/log.%m
        max log size = 500
        wins server =
        ldap admin dn = cn=administrator,cn=Users,dc=domain,dc=net # admin is in default container
        ldap idmap suffix = ou=idmap
        ldap machine suffix = ou=Domain-Computers # computer OU
        ldap suffix = DC=DOMAIN,DC=NET
        ldap ssl = no
        ldap user suffix = ou=Domain-Users # user container
        idmap alloc backend = ldap
        idmap uid = 500-100000
        idmap gid = 500-100000
        template shell = /bin/tcsh
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config DOLPHIN:backend = ldap
        idmap config DOLPHIN:readonly = no
        idmap config DOLPHIN:default = yes
        idmap config DOLPHIN:ldap_base_dn = ou=idmap,dc=domain,dc=net
        idmap config DOLPHIN:ldap_user_dn = cn="Domain-Users",dc=dolphin,dc=net
        idmap config DOLPHIN:ldap_url = ldap://adserver.domain.net
        idmap config DOLPHIN:range = 500-500000
        idmap alloc config:ldap_base_dn = ou=idmap,dc=domain,dc=net
        idmap alloc config:ldap_user_dn = cn="Domain-Users",dc=domain,dc=net
        idmap alloc config:ldap_url = ldap://adserver.domain.net
        idmap alloc config:range = 500-5000007
        valid users = "@DOMAIN\domain users", "@domain users"
        admin users = DOMAIN\administrator, administrator


group: files winbind ldap
group_compat: nis
hosts: files dns nis wins
networks: files dns
passwd: files winbind ldap
passwd_compat: nis
shells: files
shadow: files winbind


kinit works 


wbinfo -t --> works 

net rpc testjoin --> works 

net ads testjoin --> works 

net rpc join works 

net ads join works 


wbinfo -g --> doesn't work

winfo -u  --> doesn't work

getent passwd --> doesn't work

getent group --> doesn't work


in the logs i find several errors (* marks start of log line) 

* add_new_domain_info: failed to add domain dn= sambaDomainName=LOCALHOST,DC=DOMAIN,DC=NET with: No such attributte

* smbldap_search_domain_info: Adding domain info for LOCALHOST failed with NT_STATUS_UNSUCCESSFUL

* Connection to LDAP server failed for the 1 try

* Unable to open new log file /var/log/samba/log. No such file or directory


smbclient -L <hostname> -Uadministrator%apassword 

works for AD domain controller, windows xp pro clients 

althoug NOT for windows 2003 member servers (wierd part here) 


also doing ldapsearch -Z > /tmp/afile I noticed that AD didn't have all information about the freebsd host I would expect (dns name, Operating system (name,version and service pack) 

with adsi edit (not the best way) I was able to set the DNS name(s) 


windows clients(xp,win2k3 member,win2k3 AD DC)  keep having "popups" to login but no login possible !! 



Can somebody please help me with getting things working ? 






Express yourself instantly with MSN Messenger! Download today it's FREE!

More information about the samba mailing list