[Samba] Does the BDC need to "join" a domain?
Thierry Lacoste
lacoste at miage.univ-paris12.fr
Wed Oct 14 16:20:34 MDT 2009
On 14 oct. 09, at 18:36, Gaiseric Vandal wrote:
> I supposed it depends if Samba is configured to automatically create
> the underlying unix accounts when you create samba accounts. My
> setup doesn't. I created a "user" account in ldap for my BDC.
> (the unix passwd shd be *LK* and the shell shd be /bin/false)
> Running "net rpc join" will then add the appropriate samba attributes.
>
> I think you also need to grab the domain SID
>
> BDC# net rpc getsid
> Password:
> Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb
> #
>
>
> However, I am not sure the domainsid for the machine is meant to
> match the domainsid of the domain. On my PDC, they match. On the
> BDC, they don't. I am not sure if I need to change that.
They shoul match (see e.g. http://lists.samba.org/archive/samba/2007-August/134734.html)
.
> group mappings do NOT seem to be stored in ldap. So you either need
> to copy the approp tdb file over or run the identical net group map
> commands on the BDC.
Group mappings should be stored in LDAP.
This is the purpose of the sambaGroupMapping auxiliary objectClass which
extends the posixGroup structural objectClass in a typical samba/ldap
implementation.
Regards,
Thierry
More information about the samba
mailing list