[Samba] changing server role = standalone server to 'member server'

Rowland Penny rowlandpenny at googlemail.com
Wed Apr 2 13:21:44 MDT 2014 

On 02/04/14 20:12, Carl Wilhelm Soderstrom wrote:
> I am testing a Samba v4.1.3 instance on Ubuntu 14.04 prerelease.
> I set it up as a standalone server on a test network, and it was easy to set
> up and worked fine. Now I am trying to migrate it to a different network and
> join it to a Windows 2008 AD server.
>
> When I try to join it to the domain, I get this error:
>
> root at samba-4:/etc/samba# net ads join -U administrator
> Host is not configured as a member server.
> Invalid configuration.  Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I've gotten a Kerberos ticket already with kinit, so I know it can connect
> to the AD server.
>
> If I try 'testparm -s' I see that it shows "Server role: ROLE_STANDALONE"
> even tho I have "server role = member server" in the config file.
>
> Is there some database I need to clobber when changing the "server role ="
> value?
>
> root at samba-4:/etc/samba# testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[cad-test]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> [global]
> 	workgroup = EXAMPLEAD
> 	realm = AD.EXAMPLE.COM
> 	server string = samba-4.example.com
> 	server role = member server
> 	obey pam restrictions = Yes
> 	restrict anonymous = 2
> 	syslog = 0
> 	log file = /var/log/samba/%m.log
> 	load printers = No
> 	logon script = %U.bat
> 	logon path =
> 	logon home =
> 	local master = No
> 	wins server = 192.XX.XX.XX
> 	template shell = /bin/bash
> 	winbind enum groups = Yes
> 	winbind use default domain = Yes
> 	winbind refresh tickets = Yes
> 	winbind offline logon = Yes
> 	winbind max domain connections = 10
> 	idmap config * : range = 600-20000
> 	idmap config * : backend = tdb
>
> [homes]
> 	comment = Home Directories
> 	path = /home/%D/%U
> 	valid users = %S
> 	read only = No
> 	create mask = 0700
> 	directory mask = 0700
> 	browseable = No
>
> [cad-test]
> 	comment = CAD DepartShared Space
> 	path = /var/samba/cadshare
> 	valid users = rte
> 	force group = rte
> 	read only = No
> 	create mask = 0666
> 	directory mask = 07b77
>
Unfortunately, the only server role that works at present is 'dc', you 
cannot provision as a 'member', you need to use the 'classic' way of 
running samba, i.e. do not run the samba daemon, run the smbd, nmbd and 
winbind daemons instead. There is also a problem with samba 4.1.3 on 
ubuntu 14.04 (unless they have fixed it in the last few days, but I 
haven't heard anything about my bug report), you cannot get samba-tool 
to export a keytab.

Rowland

More information about the samba mailing list