[Samba] Issue with file server (Non-Domain Controller)
authenticating off the same LDAP as the PDC
David Markey
dmarkey at dodds.dmarkey.com
Wed Jan 21 19:27:08 GMT 2009
I dont think so,
I've gotten round it by setting domain logons=yes and hard coding the
file server name(offaly) on the wins server(kerry) in wins.dat as an
ordinary workstation. And disabled nmbd on offaly.
It would be great if i had an option domain logons=yes + domain
controller=no. Would suit this particular configuration.
Dale Schroeder wrote:
> See if this is what you want:
> http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#sdcsdmldap
>
>
> Hope it helps.
>
> Dale
>
> David Markey wrote:
>> Hi,
>>
>>
>> Samba version 3.2-test(from git)
>>
>> I have a PDC(CS Domain) called kerry with an openldap backend, I have a
>> file server that i want to authenticate off the same ldap as the PDC but
>> i dont want it to be a BDC. This machine is called offaly.
>>
>>
>> I would have thought that this would work pretty smoothly if i just
>> configure domain logons = no.
>>
>> But then the file server generates it own SID and doesnt use the SID
>> for the CS
>> domain and creates its own account policies.
>>
>> Is there any way to have domain logons=yes but not act as a BDC or is it
>> possible for to have domain logons=no and conform to the SID and account
>> policies for the CS Domain.
>>
>> More info,
>>
>> When Domain Logons = no then it generates this in LDAP:
>>
>>
>> dn: sambaDomainName=OFFALY,dc=cs,dc=dit,dc=ie
>> sambaDomainName: OFFALY
>> sambaSID: S-1-5-21-1810654286-1445949878-2619355827
>> sambaAlgorithmicRidBase: 1000
>> objectClass: sambaDomain
>> sambaNextUserRid: 1000
>> structuralObjectClass: sambaDomain
>> entryUUID: 1db04188-79bc-102d-8b3c-bff53cf5d285
>> creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
>> createTimestamp: 20090118145748Z
>> sambaMinPwdLength: 5
>> sambaPwdHistoryLength: 0
>> sambaLogonToChgPwd: 0
>> sambaMaxPwdAge: -1
>> sambaMinPwdAge: 0
>> sambaLockoutDuration: 30
>> sambaLockoutObservationWindow: 30
>> sambaLockoutThreshold: 0
>> sambaForceLogoff: -1
>> sambaRefuseMachinePwdChange: 0
>>
>>
>> But it should i want it to use the CS domain one namely:
>>
>> dn: sambaDomainName=CS,dc=cs,dc=dit,dc=ie
>> sambaAlgorithmicRidBase: 1000
>> sambaNextUserRid: 1000
>> structuralObjectClass: sambaDomain
>> entryUUID: cf6b1632-7886-102d-88b4-cdd5ec2918da
>> creatorsName: cn=admin,dc=cs,dc=dit,dc=ie
>> createTimestamp: 20090117020342Z
>> sambaRefuseMachinePwdChange: 0
>> gidNumber: 1000
>> sambaDomainName: CS
>> sambaSID: S-1-5-21-162219125-2768231107-2725269179
>> objectClass: top
>> objectClass: sambaDomain
>> objectClass: sambaUnixIdPool
>> sambaLockoutDuration: 10
>> sambaLockoutObservationWindow: 10
>> sambaLockoutThreshold: 5
>> sambaMinPwdLength: 5
>> sambaPwdHistoryLength: 5
>> sambaLogonToChgPwd: 0
>> sambaMaxPwdAge: 7776000
>> sambaMinPwdAge: 0
>> sambaForceLogoff: -1
>> uidNumber: 1009
>> sambaNextRid: 1002
>>
>>
>> Any Ideas?
>>
>> Thanks
>>
>> David
>>
>>
>>
>>
More information about the samba
mailing list