[Samba] Samba PDC

Robert Fitzpatrick lists at webtent.net
Wed Jan 12 09:00:51 MST 2011 

OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. When 
I try to become a member of 'webtent.org' on my Windows 7 Ultimate to 
the PDC, I get the following error...

> DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "webtent.org":
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.webtent.org
>
> The following domain controllers were identified by the query:
> mail.webtent.org
>
>
> However no domain controllers could be contacted.
>
> Common causes of this error include:
>
> - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
>
> - Domain controllers registered in DNS are not connected to the network or are not running.
>

I have Samba working well in the network and have setup the server as a 
PDC...

> mail# net domain
> Enter root's password:
>
> Enumerating domains:
>
>         Domain name          Server name of Browse Master
>         -------------        ----------------------------
>         WEBTENT              MAIL

I have DNS setup as I believe correct as well as my Samba config...

> mail# dig mail.webtent.org
>
> ; <<>> DiG 9.4-ESV-R2 <<>> mail.webtent.org
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20308
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;mail.webtent.org.              IN      A
>
> ;; ANSWER SECTION:
> mail.webtent.org.       38400   IN      A       192.168.1.21

> mail# dig -x 192.168.1.21
>
> ; <<>> DiG 9.4-ESV-R2 <<>> -x 192.168.1.21
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32497
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;21.1.168.192.in-addr.arpa.     IN      PTR
>
> ;; ANSWER SECTION:
> 21.1.168.192.in-addr.arpa. 38400 IN     PTR     mail.webtent.org.

> mail# cat /var/named/etc/namedb/dynamic/webtent.org.hosts
> $ttl 38400
> webtent.org.    IN      SOA     mx1.webtent.org. admin.webtent.org. (
>                         1281254209
>                         10800
>                         3600
>                         604800
>                         38400 )
> webtent.org.    IN      NS      mx1.webtent.org.
> mail.webtent.org.       IN      A       192.168.1.21
> <snip unrelated A records>
> $ORIGIN webtent.org.
> _kerberos       TXT "WEBTENT"
> $ORIGIN _tcp.webtent.org.
> _kerberos       SRV 1 0 88 mail.webtent.org.
> _kerberos-adm   SRV 1 0 749 mail.webtent.org.
> $ORIGIN _udp.webtent.org.
> _kerberos       SRV 1 0 88 mail.webtent.org.
> _kpasswd        SRV 1 0 464 mail.webtent.org.
> kerberos        CNAME   mail.
> localhost       A   127.0.0.1
> mail   A   192.168.1.21
> _ldap._tcp.webtent.org. SRV 0 0 389 mail.webtent.org.
> _kerberos._tcp.webtent.org. SRV 0 0 88 mail.webtent.org.
> _ldap._tcp.dc._msdcs.webtent.org.       IN      SRV     0 0 389 mail.webtent.org.
> _kerberos._tcp.dc._msdcs.webtent.org.   IN      SRV     0 0 88 mail.webtent.org.


> mail# cat smb.conf
> # Global parameters
> [global]
>       workgroup = WEBTENT
>       server string = Samba Server
>       netbios name = mail
>       hosts allow = 192.168.1. 127.
> #      interfaces = bge0, lo
> #      bind interfaces only = Yes
>
> # passwd backend
>       encrypt passwords = yes
>       passdb backend   = ldapsam:ldap://mail.webtent.org/
>       enable privileges = yes
>       pam password change= Yes
>       passwd program = /usr/bin/passwd %u
>       passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully*
>       unix password sync = Yes
>
> # Log options
>       log level = 1
>       log file = /var/log/samba/%m
>       max log size = 50
>       syslog = 0
>
> # Name resolution
>       name resolve order = wins bcast host
>
> # misc
>       timeserver = Yes
>       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>       use sendfile = yes
>       veto files = /*.eml/*.nws/*.{*}/
>       veto oplock files = /*.doc/*.xls/*.mdb/
>       deadtime         = 120
>
> # Dos-Attribute
>       map hidden = No
>       map system = No
>       map archive = No
>       map read only = No
>       store dos attributes = Yes
>       dos charset = 850
>
> # printers - configured to use CUPS and automatically load them
>       load printers = Yes
>       printcap name = CUPS
>       printing = cups
>       cups options = Raw
>       show add printer wizard = No
>
> # scripts invoked by samba
>       add user script               = /usr/local/sbin/smbldap-useradd -m %u
>       delete user script            = /usr/local/sbin/smbldap-userdel %u
>       add group script              = /usr/local/sbin/smbldap-groupadd -p %g
>       delete group script           = /usr/local/sbin/smbldap-groupdel %g
>       add user to group script      = /usr/local/sbin/smbldap-groupmod -m %u %g
>       delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
>       set primary group script      = /usr/local/sbin/smbldap-usermod -g %g %u
>       add machine script            = /usr/local/sbin/smbldap-useradd -w %m
>
>
> # LDAP-Configuration
>       ldap delete dn                = Yes
>       ldap ssl                      = off
>       ldap passwd sync              = Yes
>       ldap suffix                   = dc=webtent,dc=org
>       ldap machine suffix           = ou=Computers
>       ldap user suffix              = ou=Users
>       ldap group suffix             = ou=Groups
>       ldap idmap suffix             = ou=Idmap
>       ldap admin dn                 = cn=Manager,dc=webtent,dc=org
>       idmap backend                 = ldap:ldap://mail.webtent.org
>       idmap uid                     = 10000-20000
>       idmap gid                     = 10000-20000
> winbind uid = 100000-100000000
> winbind gid = 100000-100000000
> idmap backend = rid
> allow trusted domains = No
> winbind enum users = yes
> winbind enum groups = yes
> #
> winbind refresh tickets = Yes
> winbind nested groups = No
>
> # logon options
>       logon script = logon.bat
>       logon path = \%L\profiles\%u
>       logon path =
>       logon home = \%L\%U
>       logon drive = H:
>
> # setting up as domain controller
>       username map = /var/samba/usermap
>       preferred master = Yes
>       wins support = Yes
>       domain logons = Yes
>       domain master = Yes
>       local master = Yes
>       os level = 64
>       map acl inherit = Yes
>       unix charset = ISO8859-1
> #      unix charset     = UTF8
>
> #============================ Share Definitions ==============================
>
> [netlogon]
>       comment = Network Logon Service
>       path = /var/samba/netlogon
>       guest ok = yes
>       locking = no
>
> [homes]
>       comment = Home Directories
>       valid users = %S
>       read only = No
>       browseable = No
>
> [Profiles]
>       comment = Network Profiles Service
>       path = /var/samba/profiles
>       read only = No
>       profile acls = yes
>       hide files = /desktop.ini/ntuser.ini/NTUSER.*/
>       profile acls = Yes
>
>
> [printers]
>       comment = All Printers
>       path = /var/spool/samba
>       browseable = No
>       guest ok = Yes
>       printable = Yes
>       use client driver = Yes
>       default devmode = Yes
>
> [print$]
>       comment = Printer Drivers
>       path = /var/samba/printer-drivers
>       browseable = yes
>       guest ok = no
>       read only = yes
>       write list = root
>
> [data]
>       comment = Data Directory
>       path = /var/samba/data
>       write list = @webtent
>       read only = No
>       create mask = 0777
>       directory mask = 0777

Anyone know what I am or could be doing wrong? Thanks for any help!

--Robert

More information about the samba mailing list