[Samba] Domain Computer not showing up in domain utilities

Rowland Penny rowlandpenny at googlemail.com
Wed Jan 14 13:51:27 MST 2015 

On 14/01/15 20:23, Tim wrote:
> Rowland, yes, they are equal except for FSMO. These can be only 
> dedicated to one DC.

Oh come on, don't confuse him, he is confused enough :-D

Rowland

>
> Wayne, why do you use parameters for AD DC (use rfc2307 yes) and for 
> member servers (idmap schema etc) in one conf?
>
> Tim
>
> Am 14. Januar 2015 20:25:50 MEZ, schrieb Rowland Penny 
> <rowlandpenny at googlemail.com>:
>
>     On 14/01/15 19:14, Wayne Andersen wrote:
>
>                 I am running Samba Version 4.1.6. I have a PDC and two
>                 BDC setup. I have a specific computer named eds, it is
>                 a Windows 7 Pro box, When I add it to the domain
>                 everything works normally and it works well. Domain
>                 users can login, and they have the proper permissions,
>                 but am seeing two problems. 1) Every once in a while I
>                 get: "The trust relationship between this workstation
>                 and the primary domain failed". If I unplug the
>                 network cable or remove the machine from the domain
>                 and re-add it then all is good. Obviously the cached
>                 info on the PC is good. I see "The processing of Group
>                 Policy failed. Windows could not authenticate to the
>                 Active Directory service on a domain controller. (LDAP
>                 Bind function call failed). Look in the details tab
>                 for error code and description." In the system log.
>                 Clearly the computer account is not being created
>                 properly. 2) I don't see the computer in AD user and
>                 computer tools. Or net ads dn
>                 'CN=eds,CN=Computers,DC=corp,DC=mydomain,DC=com'
>                 search failed: No such object I have added many
>                 machines both before and after this one. Unfortunately
>                 I have an app on this PC that requires the name not
>                 change as it is registered to the machine name.
>
>             Bit confused here, you have 'I have a PDC and two BDC
>             setup.' then at the 
>
>         bottom, there is this: 'I don't see the computer in AD user
>         and computer tools.'
>
>             So, do you have an NT PDC & 2 NT BDC's or do you have 3 AD
>             DC's ? which ever, can you post the smb.conf from the
>             machine that you call the 
>
>         PDC.
>
>             Rowland 
>
>         I have no windows servers just work stations, I have three
>         SAMBA AD DC, one is the primary and the other two are backups. 
>
>
>     No, they are not backups, they are just DC's, in AD *all* DC's are equal.
>
>         Here is the smb.conf # Global parameters [global] workgroup =
>         CORP realm = CORP.MYDOMAIN.COM netbios name = DC1 server role
>         = active directory domain controller server services = s3fs
>         rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc
>         dnsupdate dns forwarder = 10.10.1.8 <http://10.10.1.8>
>         template shell = /bin/bash # allow dns updates = nonsecure #
>         panic action = /bin/sleep 99999 dsdb:schema update allowed = yes 
>
>
>     remove the next line
>
>         ldap debug level = 10 
>
>
>
>         idmap_ldb:use rfc2307 = yes 
>
>
>     Remove these three lines
>
>         # Force this server to be the master preferred master = yes os
>         level = 255 
>
>
>
>         # Enable TLS for ldaps tls enabled = yes tls keyfile =
>         tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = 
>
>
>     Remove from here to the [netlogon] share
>
>         # Important: The ranges of the default (*) backend # and the
>         domain(s) must not overlap! # Retrieve UIDs/GIDs for domain
>         CORP from AD, via RFC2307. # The range value defines the
>         lowest RID up to the highest, # that will ever be used in this
>         domain. Ask your AD Domain # Administrator, if you don't know
>         which range to define. idmap config CORP:backend = ad idmap
>         config CORP:schema_mode = rfc2307 idmap config CORP:range =
>         1000-40000 # Store UIDs/GIDs for all other domains (including
>         local # accounts/groups of this server) in a tdb file idmap
>         config *:backend = tdb idmap config *:range = 50001-60000 #
>         Use home directory and shell information from AD winbind nss
>         info = rfc2307 [netlogon] path =
>         /usr/local/samba/var/locks/sysvol/corp.mydomain.com/scripts
>         <http://corp.mydomain.com/scripts> read only = No [sysvol]
>         path = /usr/local/samba/var/locks/sysvol read only = No [test]
>         path = /export/test comment = Test Share read only = no
>
>
>
>     Turn your third DC into a member server and use that as the fileserver,
>     see the wiki:
>
>     https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
>     Rowland
>

More information about the samba mailing list