[Samba] Samba File Server as Domain Member of Samba PDC

Daniel Müller mueller at tropenklinik.de
Fri Jan 28 04:33:20 MST 2011

what about wins server= server1 server2.
I did not know this is working!?
What about the ldap-server settings in your member servers smb.conf?:

ldap admin dn=cn=xxxx,dc=xxxxx,dc=xxxx
        ldap suffix= dc=xxxx,dc=xxxxx
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
        ldap idmap suffix = ou=Users
        idmap backend=ldap:ldap://xxxxxxxxxxxxx<-- your passwordserver
        idmap uid=15000-20000
        idmap gid=15000-20000

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Juan Asensio Sánchez
Gesendet: Freitag, 28. Januar 2011 08:55
An: samba at lists.samba.org
Betreff: [Samba] Samba File Server as Domain Member of Samba PDC


We have configured 2 PDC Samba (v3.0.33, sambapdc1 and sambapdc2)
servers using LDAP (389 DS v1.2.5) as its database backend. If I run
"net rpc user -UXXXX" from theses servers I get all groups in LDAP.
These servers are working fine for a long time.

Now I have configured a file server (not logon server, sambafs1), as a
member of the domain served by those servers (this with v3.3.8). I
have configured the LDAP client, so I can do "getent passwd" and
"getent group" and I see all objects from LDAP. Next, I have
configured Samba with this conf:

unix charset = LOCALE
workgroup = XXXXX.YYYYY
server string = Samba FS XXXXX.YYYYY - ZZZZZZZZZ

security = domain
encrypt passwords = yes
password server = sambapdc1 sambapdc2
wins server = sambapdc1 sambapdc2

syslog = 0
log level = 2
#log level = 20
log file = /var/log/samba/%m.trace
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Opciones de gestión de recursos compartidos
add share command    = /bin/bash /opt/ldap/samba/smb_share_add.sh
change share command = /bin/bash /opt/ldap/samba/smb_share_add.sh
delete share command = /bin/bash /opt/ldap/samba/smb_share_del.sh

map acl inherit = Yes

Next, I have joined the Samba FS in the domain, using the command "net
rpc join -UXXXXXX", without any errors. Now, If I run "net rpc group
-S sambafs1 -UXXXXX", I get no groups. Is this normal? As Samba can't
see any groups, I cannot assign privileges using "net rpc rights
grant", so users can manage shares from Windows using the add, change
and delete share commands.

Thanks in advance. Regards,
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list