[Samba] Configure Samba as Client of Samba PDC
Alejandro Gándara Álvarez
agandara at optaresolutions.com
Fri Aug 27 05:00:03 MDT 2010
Hi all,
First of all, thanks .
In my network I have this :
Server :chacho
· 1 ldap
· 1 samba PDC and share,
Now, I need a second samba in the same server (this was right , I ran a new
instance without problems , but this one has to be a file server whith
authentification against the ldap server. The problem is the following:
The problem is that this new samba is not running how I would like , first
ill show smb.conf
This is the smb.conf of the PDC:
[global]
workgroup = domain
netbios name = CHACHO
server string = %h
debug uid = Yes
bind interfaces only = yes
interfaces = 127.0.0.1,172.20.36.10/24
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/sbin/smbldap-passwd -o %u
# username map = /etc/samba/smbusers
log level = 1
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins lmhosts host bcast
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
#logon script = logon.bat
logon path =
logon home =
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=domain,dc=loc
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=domain,dc=loc
ldap ssl = no
ldap user suffix = ou=People
idmap uid = 15000-20000
idmap gid = 15000-20000
admin users = @administradores
create mask = 0777
directory mask = 0777
printcap cache time = 12600
printcap name =
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
deadtime = 15
map to guest = Bad User
reset on zero vc = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon/scripts
guest ok = Yes
browseable = no
[Proyectos]
comment = Carpetas comunes, documentación, drivers
path = /samba/Proyectos
read only = No
#map hidden = Yes
#map system = Yes
admin users = @administradores
users = @desarrollo, at contabilidad, at jefesPT2, at jefesPR
guest ok = no
[temporal]
comment = archivos temporales
path = /samba/temporal
admin users = @administradores,
@desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt
browseable = yes
read only = no
[putty]
comment = archivos temporales
path = /samba/putty
admin users = @administradores,
@desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt
browseable = yes
read only = no
[software]
comment = Programas
path = /samba/software
admin users =
@administradores, at desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt
browseable = yes
read only = no
[exports]
comment = Carpeta con los exports
path = /samba/exports
read only = No
#map hidden = Yes
#map system = Yes
admin users =
@administradores, at desarrollo, at contabilidad, at jefesPT2, at jefesPR, at dt
guest ok = no
[proveedores]
comment = Carpetas proveedores
path = /samba/proveedores
read only = No
#map hidden = Yes
#map system = Yes
admin users = @administradores, at jefesPT2, at jefesPR, at dt
users = @desarrollo, at contabilidad, at jefesPT2, at jefesPR
guest ok = no
And this smb.conf is the new one , I called it smb.chachopartners.conf
[global]
workgroup = domain
netbios name = CHACHOPARTNERS
security = DOMAIN
bind interfaces only = yes
interfaces = 172.20.52.11/24
passdb backend = ldapsam:ldap://127.0.0.1
passwd program = /usr/sbin/smbldap-passwd -o %u
local master = no
domain master = no
preferred master = no
domain logons = no
name resolve order = wins host lmhosts bcast
dns proxy = no
log level = 1
ldap admin dn = cn=admin,dc=domain,dc=loc
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=domain,dc=loc
ldap ssl = no
ldap user suffix = ou=People
idmap uid = 15000-20000
idmap gid = 15000-20000
admin users = @administradores
create mask = 0777
directory mask = 0777
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
deadtime = 15
map to guest = Bad User
reset on zero vc = yes
[Proveedores]
comment = Carpeta de proveedores
path = /samba/proveedores
read only = no
admin users = @administradores, at jefesPT2, at jefesPR, at dt
users = xxx, @xxx
guest ok = no
[yyy]
comment = Carpetas comunes, documentación, drivers
path = /samba/proveedores/yyy
read only = No
admin users = @administradores, at jefesPT2, at jefesPR, at dt
valid user = yyy1
guest ok = no
[xxx]
comment = Carpetas xxx
path = /samba/proveedores/xxx
read only = No
admin users = @administradores, at jefesPT2, at jefesPR, at dt
users = @developpers
guest ok = no
The problem is that Im having problems with the second samba when I try to
modified or add permissions , cause it looks for the users in the new samba
SID and it should look for in the domain.
When I start smbd I got this errors:
Could not peek rid out of sid S-1-5-21-1681343281-3888673916-306851540-500
[2010/08/27 12:54:11, 0] passdb/passdb.c:593(lookup_global_sam_name)
User nobody with invalid SID S-1-5-21-1681343281-3888673916-306851540-2998
in passdb
And if I go to phpldapadmin I see that now I have two sambadomainname
domain , and chachopartners (Yes the netbios of the second one) that’s why I
thought the problem was here , I thought it could be joining as DC and no
as client.
I´ve done this: testparm smb.chachopartners.conf and I
got:
Load smb config files from /etc/samba/smb.chachopartners.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[Proveedores]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
Thanks for all and sorry for my English
Alejandro Gándara , Junior System and Security Manager
More information about the samba
mailing list