[Samba] problem with linux server as domain member in samba pdc

Hervé Hénoch h.henoch at isc84.org
Wed Apr 6 11:26:02 MDT 2011


Hi,

what do you mean by "to be sure" : the solution is to be improved or the 
value setted are to be sure ?

is it sufficient for a domain member to see LDAP users like local linux 
users (imply getent working) and having password server =<pdc> or must 
the member having samba connected to the LDAP tree ?

if samba use the local tdb passdb backend : it seems it can't see new 
users added in the pdc !!!!

regards

Daniel Müller a écrit :
> Be sure your ldap-client with getent group and getent passwd is working for
> your ldap server on the member server.
> Remove your member server again from your ldap-tree.
> Stop samba on your member server. Delete your secrets.tdb in /etc/samba.
> My config of my member server:
> Security=domain
> Preferred master=no
> Local master=no
> Domain master=no
> Wins server=your.domain.server
> #to be shure
> Ldap admin dn=cn=youradmin,dc=your,dc=domain
> Ldap suffix=dc=your,dc=domain
> Ldap group suffix= ou=yourgoups
> Ldap user suffix=ou=youusers
> Ldap machine suffix= ou=yourmachines
> Ldap idmap suffix= ou=Idmap
> Idmap backend=ldap:ldap://yourldapserver
> Idmap uid=10000-20000
> Idmap gid=10000-20000
>
> Then smbpasswd -a -e root ; must be the same password as for your samba pdc
>
> /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass
>
> Then service smb start
>
> Working for me on any member server
>
> Good Luck
> Daniel
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Allen Chen
> Gesendet: Dienstag, 5. April 2011 23:28
> An: Hervé Hénoch
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] problem with linux server as domain member in samba pdc
>
> Hervé Hénoch wrote:
>   
>> Hello,
>>
>> My problem is the following : I've a domain controller under linux 
>> Samba 3.5.5 with LDAP.
>> I want to include a Linux Samba as domain member but I've the 
>> following error :
>>
>> _netr_ServerAuthenticate2: failed to get machine password for account 
>> SSCFICHIERS$: NT_STATUS_ACCESS_DENIED
>>
>> I've put the following in smb.conf :
>>
>> workgroup = <mydomain>
>> wins server = <ip of my samba PDC>
>> password server = <ip of my samba PDC>
>> security = domain
>>
>> I've too configured nsswitch.conf / libnss and pam so getent 
>> passwd/group/shadow  so is connected too the underlying ldap : this is 
>> ok.
>>
>> net rpc join is successful and I can see the entry in my ldap tree and 
>> the secrets.tdb file is created in /var/lib/samba.
>>
>> So i've don't understand where is the problem ...
>>     
> I have a similar installation, but works fine.
> PDC: samba 3.4.5 ( use source) and ldap
> member server: samba-3.0.28 (comes with RHEL 5.2)
> On member server, I did this:
> # /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass
> # service smb start
>
> Can you make sure
> 1. there is no ldap config in smb.conf on the member server;
> 2. getent passwd / getent group show you the same results on PDC and 
> member server.
>
> Allen
>
>
>   

-- 
Hervé Hénoch
Responsable informatique
Institut Sainte Catherine
1750, chemin du Lavarin, 84000 Avignon
Téléphone : 04.90.27.57.44
Messagerie : h.henoch at isc84.org




More information about the samba mailing list