[Samba] changing server role = standalone server to 'member server'
Rowland Penny
rowlandpenny at googlemail.com
Wed Apr 2 13:21:44 MDT 2014
On 02/04/14 20:12, Carl Wilhelm Soderstrom wrote:
> I am testing a Samba v4.1.3 instance on Ubuntu 14.04 prerelease.
> I set it up as a standalone server on a test network, and it was easy to set
> up and worked fine. Now I am trying to migrate it to a different network and
> join it to a Windows 2008 AD server.
>
> When I try to join it to the domain, I get this error:
>
> root at samba-4:/etc/samba# net ads join -U administrator
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I've gotten a Kerberos ticket already with kinit, so I know it can connect
> to the AD server.
>
> If I try 'testparm -s' I see that it shows "Server role: ROLE_STANDALONE"
> even tho I have "server role = member server" in the config file.
>
> Is there some database I need to clobber when changing the "server role ="
> value?
>
> root at samba-4:/etc/samba# testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[cad-test]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> [global]
> workgroup = EXAMPLEAD
> realm = AD.EXAMPLE.COM
> server string = samba-4.example.com
> server role = member server
> obey pam restrictions = Yes
> restrict anonymous = 2
> syslog = 0
> log file = /var/log/samba/%m.log
> load printers = No
> logon script = %U.bat
> logon path =
> logon home =
> local master = No
> wins server = 192.XX.XX.XX
> template shell = /bin/bash
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind offline logon = Yes
> winbind max domain connections = 10
> idmap config * : range = 600-20000
> idmap config * : backend = tdb
>
> [homes]
> comment = Home Directories
> path = /home/%D/%U
> valid users = %S
> read only = No
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [cad-test]
> comment = CAD DepartShared Space
> path = /var/samba/cadshare
> valid users = rte
> force group = rte
> read only = No
> create mask = 0666
> directory mask = 07b77
>
Unfortunately, the only server role that works at present is 'dc', you
cannot provision as a 'member', you need to use the 'classic' way of
running samba, i.e. do not run the samba daemon, run the smbd, nmbd and
winbind daemons instead. There is also a problem with samba 4.1.3 on
ubuntu 14.04 (unless they have fixed it in the last few days, but I
haven't heard anything about my bug report), you cannot get samba-tool
to export a keytab.
Rowland
More information about the samba
mailing list