[Samba] Does the BDC need to "join" a domain?

Thu Oct 15 01:22:30 MDT 2009

On Wed, Oct 14, 2009 at 19:20, Thierry Lacoste <
lacoste at miage.univ-paris12.fr> wrote:

>
> On 14 oct. 09, at 18:36, Gaiseric Vandal wrote:
>
>  I supposed it depends if Samba is configured to automatically create the
>> underlying unix accounts when you create samba accounts.  My setup doesn't.
>>  I created a "user"  account in ldap for my BDC.   (the unix passwd shd be
>> *LK* and the shell shd be /bin/false)   Running "net rpc join" will then add
>> the appropriate samba attributes.
>>
>> I think you also need to grab the domain SID
>>
>> BDC# net rpc getsid
>> Password:
>> Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb
>> #
>>
>>
>> However, I am not sure the domainsid for the machine is meant to match the
>> domainsid of the domain.    On my PDC, they match.  On the BDC, they don't.
>>    I am not sure if I need to change that.
>>
> They shoul match (see e.g.
> http://lists.samba.org/archive/samba/2007-August/134734.html).
>
>  group mappings do NOT seem to be stored in ldap.  So you either need to
>> copy the approp tdb file over or run the identical net group map commands on
>> the BDC.
>>
> Group mappings should be stored in LDAP.
> This is the purpose of the sambaGroupMapping auxiliary objectClass which
> extends the posixGroup structural objectClass in a typical samba/ldap
> implementation.
>

Thanx a lot, Thierry, you've helped me a lot...

Is there a communication channel (other than this list, given that the
samba-docs list is long gone) for commenting on the documentation itself?

I don't think my stumbling abouts are only because of my particular kind of
foolishness and maybe a couple more notes at the bottom of
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#id2568624might
help other people (those with my /general/ kind of foolishness :-P ).

Regards and thanx again

-- 
Mariano Absatz - El Baby
www.clueless.com.ar