[Samba] New samba server

sgmayo at mail.bloomfield.k12.mo.us sgmayo at mail.bloomfield.k12.mo.us
Tue Jul 14 11:28:52 MDT 2009 

sgmayo at mail.bloomfield.k12.mo.us wrote:
> I did not get this finished last summer, so decided to just wait and do it
> this summer.  I have setup my new samba server and was trying to get some
> things tweaked to the way that I want them.  I thought that I had asked
> this before and that I could do it, but it seems that it does not work.
>
> My new server is running as a domain server just like the old.  It has the
> same domain name and I change the the SID using net setlocalsid to the
> same sid number as my old server.  This new server is in a test
> environment right now.
>
> I was hoping that my old machines could just log into this server without
> having to get out of the domain and then rejoin it, but that does not
> work.  It tells me that the domain is not there until I get out of the old
> one and then rejoin the new one.  Is that how it has to work?  I was
> hoping I would not have to do that if I left the domain name the same and
> set the SID on the new server.  I just want to make sure I am not missing
> something before I go around to all 400 computers on campus and have them
> removed and rejoined to the domain.

Mr. Terpstra gave me a bit of help.  I had done nothing to set my
domainsid, but after doing the following:

net getlocalsid
net getdomainsid

The values are the same on both the old and the new samba server.  This
new server will take the place of my old one.  Right now it is on a
network with nothing else on it besides one of my old windows clients.  If
I remove one of my old clients from the domain and then re-add it, then it
logs in just fine.  If I take an old client from my current network and
put it on this new network and try to login to the new samba server then
it gives me the typical:

"Windows cannot connect to the domain either because the domain controller
is down or otherwise unavailable, or because your computer account was not
found. Please try again later. If this message continues to appear contact
your System Administrator for assistance."

The name of the Windows machine is business18 so I did an 'smbldap-adduser
-w business18$' to make sure the machine account was added in to the
directory, but the error was the same.  I even changed the uid of the
machine account to match the old one in case that was coming into play.

Here is my samba config in case someone sees something that I don't. 
Which is quite possible since I forget more than I learn it seems. :) 
I'll be reading on the How-To to see if I can pick anything else up.

[global]
	workgroup = BES
	server string = Samba Server Version %v
	netbios name = SCHOOL

	interfaces = lo eth0
	hosts allow = 127. 10.0. 19 2.168.0. localhost
	ldap passwd sync = Yes
	ldap admin dn = cn=Manager,dc=school,dc=bloomfield.k12.mo.us
	ldap suffix = dc=school1,dc=bloomfield.k12.mo.us
	ldap group suffix = ou=Groups
	ldap user suffix = ou=Users
	ldap machine suffix = ou=Computers
	ldap idmap suffix = ou=Users
	add machine script = /usr/sbin/smbldap-useradd -w "%u"
	add user script = /usr/sbin/smbldap-useradd -m "%u"
	ldap delete dn = Yes
	add group script = /usr/sbin/smbldap-groupadd -p "%g"
	add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
	delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

	Dos charset = 850
	Unix charset = ISO8859-1


	log file = /var/log/samba/log.%m
	max log size = 50

	security = user
	passdb backend = ldapsam:ldap://127.0.0.1

	domain master = yes
	domain logons = yes

	local master = yes
	os level = 65
	preferred master = yes

	wins support = yes
	dns proxy = no

	load printers = yes
	cups options = raw

[homes]
	comment = Home Directories
	browseable = no
	writable = yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes


-- 
Scott Mayo - System Administrator
Bloomfield Schools
PH: 573-568-5669  FA: 573-568-4565

Question: Because it reverses the logical flow of conversation.
Answer: Why is putting a reply at the top of the message frowned upon?

More information about the samba mailing list