[Samba] changing server role = standalone server to 'member server'
Johan Hendriks
joh.hendriks at gmail.com
Thu Apr 3 09:34:41 MDT 2014
Carl Wilhelm Soderstrom schreef:
> I am testing a Samba v4.1.3 instance on Ubuntu 14.04 prerelease.
> I set it up as a standalone server on a test network, and it was easy to set
> up and worked fine. Now I am trying to migrate it to a different network and
> join it to a Windows 2008 AD server.
>
> When I try to join it to the domain, I get this error:
>
> root at samba-4:/etc/samba# net ads join -U administrator
> Host is not configured as a member server.
> Invalid configuration. Exiting....
> Failed to join domain: This operation is only allowed for the PDC of the
> domain.
>
> I've gotten a Kerberos ticket already with kinit, so I know it can connect
> to the AD server.
>
> If I try 'testparm -s' I see that it shows "Server role: ROLE_STANDALONE"
> even tho I have "server role = member server" in the config file.
>
> Is there some database I need to clobber when changing the "server role ="
> value?
>
> root at samba-4:/etc/samba# testparm -s
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[cad-test]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> [global]
> workgroup = EXAMPLEAD
> realm = AD.EXAMPLE.COM
> server string = samba-4.example.com
> server role = member server
> obey pam restrictions = Yes
> restrict anonymous = 2
> syslog = 0
> log file = /var/log/samba/%m.log
> load printers = No
> logon script = %U.bat
> logon path =
> logon home =
> local master = No
> wins server = 192.XX.XX.XX
> template shell = /bin/bash
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind offline logon = Yes
> winbind max domain connections = 10
> idmap config * : range = 600-20000
> idmap config * : backend = tdb
>
> [homes]
> comment = Home Directories
> path = /home/%D/%U
> valid users = %S
> read only = No
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [cad-test]
> comment = CAD DepartShared Space
> path = /var/samba/cadshare
> valid users = rte
> force group = rte
> read only = No
> create mask = 0666
> directory mask = 0777
>
I think you need security = ADS in your global settings.
Then a net ads join -U administrator should work
Also testparm will tell you that samba is configured as a member server.
regards
More information about the samba
mailing list