[Samba] Samba 3.4.2 and ADS - joined as member *and* DC...?
Onotsky, Steve x55328
Steve.Onotsky at broadridge.com
Mon Nov 16 11:21:30 MST 2009
Hi all,
We're preparing to move from a share-level authentication paradigm to
integrating with AD. We're running Pware's build of Samba 3.4.2, MIT
Kerberos, and OpenLDAP on AIX 6.1. I've worked through the procedure
and obtained a Kerberos ticket, then joined the host to our primary AD
domain (we have two, one for general use and one for production systems,
which is firewall-segregated; this host connects to the general domain).
However, when I asked where in Active Directory Users and Computers
(ADU&C) the server object would be, the Windows admins noticed that it
was showing up both as a member server (when looking at the properties
card of the server object), and as a domain controller (when found using
ADU&C's Find facility).
What's odd is, I was certain that I'd turned off everything in smb.conf
that would cause Samba to try to promote itself to be an NT4 DC.
Am I missing something, or is this just the way Samba will present
itself in AD? Here's my (obfuscated) smb.conf for this host:
[global]
security = ads
realm = MY.FULL.DOMAIN
workgroup = MY
encrypt passwords = yes
server string = MYHOSTNAME
log level = 1
log file = /usr/local/samba/var/log.%m
hosts allow = x.xx. localhost
socket options = TCP_NODELAY
locking = yes
strict locking = yes
keepalive = 30
domain master = no
preferred master = no
domain logons = no
client use spnego = yes
[homes]
browseable = no
guest ok = no
read only = no
create mask = 0755
[tmp]
comment = tmp files
path = /tmp
read only = no
Thanks in advance for advice and information.
Steve Onotsky
Team Lead, Server Support
Broadridge
Investor Communication Solutions, Canada
5970 Chedworth Way
Mississauga ON L5R 4G5
Tel: (905) 507-5328
Fax: (905) 507-5312
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
More information about the samba
mailing list