[Samba] Does the BDC need to "join" a domain?
el.baby at gmail.com
Thu Oct 15 01:22:30 MDT 2009
On Wed, Oct 14, 2009 at 19:20, Thierry Lacoste <
lacoste at miage.univ-paris12.fr> wrote:
> On 14 oct. 09, at 18:36, Gaiseric Vandal wrote:
> I supposed it depends if Samba is configured to automatically create the
>> underlying unix accounts when you create samba accounts. My setup doesn't.
>> I created a "user" account in ldap for my BDC. (the unix passwd shd be
>> *LK* and the shell shd be /bin/false) Running "net rpc join" will then add
>> the appropriate samba attributes.
>> I think you also need to grab the domain SID
>> BDC# net rpc getsid
>> Storing SID S-...1234 for Domain MYDOMAIN in secrets.tdb
>> However, I am not sure the domainsid for the machine is meant to match the
>> domainsid of the domain. On my PDC, they match. On the BDC, they don't.
>> I am not sure if I need to change that.
> They shoul match (see e.g.
> group mappings do NOT seem to be stored in ldap. So you either need to
>> copy the approp tdb file over or run the identical net group map commands on
>> the BDC.
> Group mappings should be stored in LDAP.
> This is the purpose of the sambaGroupMapping auxiliary objectClass which
> extends the posixGroup structural objectClass in a typical samba/ldap
Thanx a lot, Thierry, you've helped me a lot...
Is there a communication channel (other than this list, given that the
samba-docs list is long gone) for commenting on the documentation itself?
I don't think my stumbling abouts are only because of my particular kind of
foolishness and maybe a couple more notes at the bottom of
help other people (those with my /general/ kind of foolishness :-P ).
Regards and thanx again
Mariano Absatz - El Baby
More information about the samba