[Samba] Samba/LDAP share issue -- user with invalid SID

Alex McKenzie alex at chem.umass.edu
Wed May 19 06:50:40 MDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are missing something, which I just realized reading this:  a couple
of emails that went back and forth off-list.  Oops.

I think the following is essentially accurate:  someone will surely
correct me if it's not.

At the moment, this is the only samba server there is, and it's acting
as a PDC.  At some point, I'll (probably) be building an actual PDC, at
which point domain master will be set to "no".  That will change the
role from PDC to BDC, which is (as far as I can tell) what I want.  The
problem right now is that, if I set this to act as a BDC, I can't
actually join the domain, because there isn't a controller.  Because of
that, this system (SL1) has to act as a PDC.  When I said it's not
acting as a PDC, I should have said "...but not being used as a domain
login controller", rather than "...not acting as...".

What I really probably OUGHT to do is set up mv (our LDAP server) to act
as a PDC now, and simply let this act as a client.  Unfortunately, I
don't have time to do it now -- I'll probably get to that sometime over
the summer, when things are a little less crazy.

- -Alex

zoolook wrote:
> 2010/5/18 Alex McKenzie <alex at chem.umass.edu>:
>> root at sl1:/etc/samba# testparm
> 
>> Server role: ROLE_DOMAIN_PDC
> 
>> [global]
>>        workgroup = CHEMBMB
> 
>>        domain logons = Yes
>>        preferred master = Yes
>>        domain master = Yes
> 
>> This is a standalone server providing file sharing, but not acting as a
>> domain login controller:  if I ever want that, I'll be building a
>> different server for it.
> 
> Hm!?
> 
> 
>> Thanks to tms3 for the instructions:  I'd been spinning my wheels for
>> two weeks before his (her?) advice!
> 
> 
> Can you (or someone else) please explain this because either, I'm too
> dumb or too sleepy. From what I can see, your samba server IS a PDC.
> 
> If you want SL1 to be a member of CHEMBMB, you need to:
> 
>         domain logons = No
>         security = DOMAIN
> 
> Then:
> 
>         # net rpc join ((or net ads join))
> 
> 
> 
> Am I missing something here?
> 
> 
> Thanks,
> Norberto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvz3p8ACgkQWFYfIucpZ2NK2wCeOcNMnyoiOO1vcjZmTUZmi893
7EgAnA9yyP0S1jV0g3Da4ONzrVhpP5Xq
=eYFN
-----END PGP SIGNATURE-----


More information about the samba mailing list