[Samba] Domain Computer not showing up in domain utilities
Wayne Andersen
waynea at clima-tech.com
Wed Jan 14 12:14:43 MST 2015
> > I am running Samba Version 4.1.6.
> >
> > I have a PDC and two BDC setup.
> >
> > I have a specific computer named eds, it is a Windows 7 Pro box, When
> > I add it to the domain everything works normally and it works well.
> > Domain users can login, and they have the proper permissions, but am
> > seeing two problems.
> >
> > 1) Every once in a while I get: "The trust relationship between this
> > workstation and the primary domain failed".
> > If I unplug the network cable or remove the machine from the domain
> > and re-add it then all is good.
> > Obviously the cached info on the PC is good.
> >
> > I see "The processing of Group Policy failed. Windows could not
> > authenticate to the Active Directory service on a domain controller.
> > (LDAP Bind function call failed). Look in the details tab for error
> > code and description." In the system log.
> >
> > Clearly the computer account is not being created properly.
> >
> > 2) I don't see the computer in AD user and computer tools.
> > Or
> > net ads dn 'CN=eds,CN=Computers,DC=corp,DC=mydomain,DC=com'
> > search failed: No such object
> >
> > I have added many machines both before and after this one.
> > Unfortunately I have an app on this PC that requires the name not
> > change as it is registered to the machine name.
> >
> >
> >
> >
> >
> Bit confused here, you have 'I have a PDC and two BDC setup.' then at the
bottom, there is this: 'I don't see the computer in AD user and computer
tools.'
>
> So, do you have an NT PDC & 2 NT BDC's or do you have 3 AD DC's ?
>
> which ever, can you post the smb.conf from the machine that you call the
PDC.
>
> Rowland
I have no windows servers just work stations, I have three SAMBA AD DC, one
is the primary and the other two are backups.
Here is the smb.conf
# Global parameters
[global]
workgroup = CORP
realm = CORP.MYDOMAIN.COM
netbios name = DC1
server role = active directory domain controller
server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind
ntp_signd kcc dnsupdate
dns forwarder = 10.10.1.8
template shell = /bin/bash
# allow dns updates = nonsecure
# panic action = /bin/sleep 99999
dsdb:schema update allowed = yes
ldap debug level = 10
idmap_ldb:use rfc2307 = yes
# Force this server to be the master
preferred master = yes
os level = 255
# Enable TLS for ldaps
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
# Important: The ranges of the default (*) backend
# and the domain(s) must not overlap!
# Retrieve UIDs/GIDs for domain CORP from AD, via RFC2307.
# The range value defines the lowest RID up to the highest,
# that will ever be used in this domain. Ask your AD Domain
# Administrator, if you don't know which range to define.
idmap config CORP:backend = ad
idmap config CORP:schema_mode = rfc2307
idmap config CORP:range = 1000-40000
# Store UIDs/GIDs for all other domains (including local
# accounts/groups of this server) in a tdb file
idmap config *:backend = tdb
idmap config *:range = 50001-60000
# Use home directory and shell information from AD
winbind nss info = rfc2307
[netlogon]
path = /usr/local/samba/var/locks/sysvol/corp.mydomain.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[test]
path = /export/test
comment = Test Share
read only = no
More information about the samba
mailing list