[Samba] problem with linux server as domain member in samba pdc
Daniel Müller
mueller at tropenklinik.de
Wed Apr 6 00:57:39 MDT 2011
Be sure your ldap-client with getent group and getent passwd is working for
your ldap server on the member server.
Remove your member server again from your ldap-tree.
Stop samba on your member server. Delete your secrets.tdb in /etc/samba.
My config of my member server:
Security=domain
Preferred master=no
Local master=no
Domain master=no
Wins server=your.domain.server
#to be shure
Ldap admin dn=cn=youradmin,dc=your,dc=domain
Ldap suffix=dc=your,dc=domain
Ldap group suffix= ou=yourgoups
Ldap user suffix=ou=youusers
Ldap machine suffix= ou=yourmachines
Ldap idmap suffix= ou=Idmap
Idmap backend=ldap:ldap://yourldapserver
Idmap uid=10000-20000
Idmap gid=10000-20000
Then smbpasswd -a -e root ; must be the same password as for your samba pdc
/usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass
Then service smb start
Working for me on any member server
Good Luck
Daniel
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Allen Chen
Gesendet: Dienstag, 5. April 2011 23:28
An: Hervé Hénoch
Cc: samba at lists.samba.org
Betreff: Re: [Samba] problem with linux server as domain member in samba pdc
Hervé Hénoch wrote:
> Hello,
>
> My problem is the following : I've a domain controller under linux
> Samba 3.5.5 with LDAP.
> I want to include a Linux Samba as domain member but I've the
> following error :
>
> _netr_ServerAuthenticate2: failed to get machine password for account
> SSCFICHIERS$: NT_STATUS_ACCESS_DENIED
>
> I've put the following in smb.conf :
>
> workgroup = <mydomain>
> wins server = <ip of my samba PDC>
> password server = <ip of my samba PDC>
> security = domain
>
> I've too configured nsswitch.conf / libnss and pam so getent
> passwd/group/shadow so is connected too the underlying ldap : this is
> ok.
>
> net rpc join is successful and I can see the entry in my ldap tree and
> the secrets.tdb file is created in /var/lib/samba.
>
> So i've don't understand where is the problem ...
I have a similar installation, but works fine.
PDC: samba 3.4.5 ( use source) and ldap
member server: samba-3.0.28 (comes with RHEL 5.2)
On member server, I did this:
# /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass
# service smb start
Can you make sure
1. there is no ldap config in smb.conf on the member server;
2. getent passwd / getent group show you the same results on PDC and
member server.
Allen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list