[Samba] Issue with file server (Non-Domain Controller) authenticating off the same LDAP as the PDC

David Markey dmarkey at dodds.dmarkey.com
Wed Jan 21 00:17:20 GMT 2009


Hi,


Samba version 3.2-test(from git)

I have a PDC(CS Domain) called kerry with an openldap backend, I have a
file server that i want to authenticate off the same ldap as the PDC but
i dont want it to be a BDC. This machine is called offaly.


I would have thought that this would work pretty smoothly if i just
configure domain logons = no.

But then the file server generates it own SID and doesnt use the SID for the CS
domain and creates its own account policies.

Is there any way to have domain logons=yes but not act as a BDC or is it
possible for to have domain logons=no and conform to the SID and account
policies for the CS Domain.

More info,

When Domain Logons = no then it generates this in LDAP:
 

dn: sambaDomainName=OFFALY,dc=cs,dc=dit,dc=ie
sambaDomainName: OFFALY
sambaSID: S-1-5-21-1810654286-1445949878-2619355827
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
structuralObjectClass: sambaDomain
entryUUID: 1db04188-79bc-102d-8b3c-bff53cf5d285
creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
createTimestamp: 20090118145748Z
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0


But it should i want it to use the CS domain one namely:

dn: sambaDomainName=CS,dc=cs,dc=dit,dc=ie
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
structuralObjectClass: sambaDomain
entryUUID: cf6b1632-7886-102d-88b4-cdd5ec2918da
creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
createTimestamp: 20090117020342Z
sambaRefuseMachinePwdChange: 0
gidNumber: 1000
sambaDomainName: CS
sambaSID: S-1-5-21-162219125-2768231107-2725269179
objectClass: top
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaLockoutDuration: 10
sambaLockoutObservationWindow: 10
sambaLockoutThreshold: 5
sambaMinPwdLength: 5
sambaPwdHistoryLength: 5
sambaLogonToChgPwd: 0
sambaMaxPwdAge: 7776000
sambaMinPwdAge: 0
sambaForceLogoff: -1
uidNumber: 1009
sambaNextRid: 1002


Any Ideas?

Thanks

David





More information about the samba mailing list