[Samba] domain member server smb won't start

Alberto Moreno portsbsd at gmail.com
Wed Sep 21 17:38:50 MDT 2011


 I had been reading about how to join a samba server to my current PDC
running samba+ldap.

 My PDC have a BDC and they are working, I want to add another samba
server and be a domain member server.

 The docs off samba had open my mind about the technical stuff but I
still cannot make this thing works.

  My OS is Centos 5.6 PDC Samba Version 3.5.4-0.83.el5_7.2
  My domain member is centos to 5.7 Version 3.5.4-0.83.el5_7.2

   The old book say:


step 1:

   This is my smb.conf from domain member server:

        workgroup = MYDOMAIN
        server string = Develop Server
        netbios name = mbx-devel
        hosts allow = 192.168.2. 127.
        interfaces = eth0 lo0
        bind interfaces only = Yes
        hosts deny =
        remote announce =
        lanman auth = Yes
        client lanman auth = Yes
        security = DOMAIN

# passwd backend
        encrypt passwords = yes
        passdb backend = ldapsam:"ldap:// ldap://"
        enable privileges = yes
        pam password change= Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %nn
*ReType*new*UNIX*password* %nn *
        unix password sync = Yes
        password server =

# Log options
        log level = 10
        log file = /var/log/samba/%m.log
        max log size = 500
        syslog = 1

# Name resolution
        name resolve order = wins bcast hosts lmhost

# misc
        time server = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        use sendfile = yes

# Dos-Attribute
        map hidden = No
        map system = No
        map archive = No
        map read only = No
        store dos attributes = Yes
        Map to Guest = Bad User

# printers - configured to use CUPS and automatically load them
        load printers = No
        printcap name =

# printing =
        cups options =
        show add printer wizard = No

# LDAP-iConfiguration
        ldap ssl = off
        ldap passwd sync = Yes
        ldap suffix = dc=mydomain,dc=local
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Manager,dc=mydomain,dc=local
        idmap backend = ldap:ldap:// ldap://
        idmap uid = 10000-20000
        idmap gid = 10000-20000
# logon options
        logon script =
        logon path =
        logon path =
        logon home =
        logon drive =

        username map = /etc/samba/smbuser
        preferred master = No
        wins support = No
        wins server =
        winbind nested groups = Yes
        winbind trusted domains only = Yes
        winbind use default domain = Yes
        winbind separator = +
        ea support = Yes
        domain logons = No
        domain master = No
        local master = No
        map acl inherit = Yes
        unix charset = UTF8
        case sensitive = No

Step 2:

Now, the manual say that we need to setup nss_ldap, nsswitch:


passwd:     files ldap
shadow:     files ldap
group:      files ldap

#hosts:     db files nisplus nis dns
hosts:      files dns wins

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

Latter ldap client.



# The distinguished name of the search base.
base dc=mydomain,dc=local
ldap_version 3
binddn cn=Manager,dc=mueblex,dc=local
port 389
timelimit 120
bind_timelimit 120
bind_policy soft
idle_timelimit 3600
pam_password md5
nss_base_passwd ou=Users,dc=mydomain,dc=local?one
nss_base_shadow ou=Users,dc=mydomain,dc=local?one
nss_base_group  ou=Groups,dc=mydomain,dc=local?one
ssl off


HOST    192.1689.2.24
URI     ldap:// ldap://
BASE    dc=mydomain,dc=local

getent passwd
getent group


>From here, the doc start speaking about slapcat, which is a tool from

The LDAP directory must have a container object for IDMAP data. There
are several ways you can check that your LDAP database is able to
receive IDMAP information. One of the simplest is to execute:

My client(domain member server) must have this?

step 6:
smbpassword done!!!

setp 7:
net rpc join -S MYPDC-Name -Uroot
done, my PDC show me my domain member server.


net rpc info -S MyPDC -U root
Enter root's password:
Domain Name: MYDOMAIN
Domain SID: S-1-5-21-805595659-1689854870-1539857752
Sequence number: 1316645662
Num users: 105
Num domain groups: 5
Num local groups: 0

Step 8:
 wbinfo --set-auth-user=Administrator%not24get
This functionality was moved to the 'net' utility.
See 'net help setauthuser' for details.

net setauthuser -U root
Enter the auth user's password:
Done, nothing wrong back.


I got a lot of message went I start smb service that complain about
cups, I was thinking that maybe samba 3.5.x need that service, I got
the service running but nothing change.

winbind running
nmb running
service smb start
Starting SMB services:

As u see the service never return to the shell is like doing
something, never return my shell,

ps -ax | grep smb
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ
12707 pts/1    S+     0:00 /bin/sh /sbin/service smb start
12712 pts/1    S+     0:00 /bin/sh /etc/init.d/smb start
12715 pts/1    S+     0:00 /bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; smbd -D
12716 pts/1    S+     0:00 smbd -D
12719 pts/0    S+     0:00 grep smb

If I don't stop the task Ctrl+c I can open another shell and smb
service say is running:

service smb status
smbd (pid 12716) is running...


lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
sessionid.tdb not initialised

Service      pid     machine       Connected at

tdb(unnamed): tdb_open_ex: could not open file
/var/lib/samba/locking.tdb: No such file or directory
Could not open tdb: No such file or directory
/var/lib/samba/locking.tdb not initialised
This is normal if an SMB client has never connected to your server.

This is the last part, my log level is 10 them I got more output.

If I run a pdbedit -L i got this:

he connection to the LDAP server was closed
smb_ldap_setup_connection: ldap:// ldap://
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://
ldap:// as "cn=Manager,dc=mydomain,dc=local"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
pdb backend ldapsam:"ldap:// ldap://" has a valid init
smbldap_search_paged: base => [dc=mydomain,dc=local], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize =>
smbldap_search_ext: base => [dc=mydomain,dc=local], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))], scope => [2]
smbldap_search_paged: search was successful
"displayName" not found
"description" not found
sid S-1-5-21-805595659-1689854870-1539857752-1000 does not belong to our domain
Skipping entry uid=root,ou=Users,dc=mydomain,dc=local
"displayName" not found
"description" not found
sid S-1-5-21-805595659-1689854870-1539857752-1069 does not belong to our domain
Skipping entry uid=rhernandez,ou=Users,dc=mydomain,dc=local
sid S-1-5-21-805595659-1689854870-1539857752-1070 does not belong to our domain
Skipping entry uid=mbx-debug$,ou=Computers,dc=mydomain,dc=local
sid S-1-5-21-805595659-1689854870-1539857752-1071 does not belong to our domain
Skipping entry uid=mbx-scan1$,ou=Computers,dc=mydomain,dc=local
sid S-1-5-21-805595659-1689854870-1539857752-1074 does not belong to our domain
Skipping entry uid=mbx-devel$,ou=Computers,dc=mydomain,dc=local


net getdomainsid
SID for local machine MBX-DEVEL is: S-1-5-21-3297652681-580672025-4178914628
SID for domain MYDOMAIN is: S-1-5-21-805595659-1689854870-1539857752

I have read the logs but don't see any error that could help me.

I miss something?

LIving the dream..

More information about the samba mailing list