[Samba] issue with multiple Samba DC and uid/gid assignment.

dahopkins at comcast.net dahopkins at comcast.net
Sun Aug 25 09:52:46 MDT 2013

> Hi, Where does Windows 2008R2 fit into this setup, is it in the same domain? is it the primary AD server? 

It is a member server in the same domain on which we ran ADUC. It was a member of the prior samba3/LDAP authentication system. I can now log back onto this server and launch ADUC. All three of the samba4 DC are listed in Domain Controllers. However, since adding nslcd/nscd to ncssamba2, the only DC I can connect to is ncssamba1. When I try to select a different domain controller, I get "The list of Domain Controllers for domain ncs.k12.de.us is unavailable because: Access is Denied 

> I would suggest that you read Steve's site a bit more but this time about sssd. 
> I would also suggest that you just use the Samba 4 DCs just for authentication and use the Samba fileservers to store the profiles etc. You would then not need anything but the basic Samba4 setup on the AD DCs. 

That is the goal except profiles/home directories were not be accessed correctly on the samba4 domain member servers which I am trying to resolve. 

I am still not clear if I should be installing nslcd on the AD DCs. And if I do, what is the correct setting setting for the following in nslcd.conf 

# The location at which the LDAP server(s) should be reachable. 
uri ldap://ncssamba1.ncs.k12.de.us/ 

Should this point to the local machine, e.g. ncssamba1 for nslcd running on ncssamba1, ncssamba2 for nslcd running on ncssamba2 or should it point to the same ldap server on all AD DCs? I am willing to migrate from nslcd to sssd but need to understand what needs to be uninstalled/installed where before attempting it. 

Dave Hopkins 

More information about the samba mailing list