[Samba] Cannot join server to Samba4 NT4 domain
MI
mi.lists at alma.ch
Thu Apr 28 14:16:28 UTC 2016
I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP.
I would like to add another server, and have it authenticate users against openLDAP.
I thought I had to add the new server to the domain with "net rpc join", but that
seems to think I want to join an AD domain, and fails:
# net rpc join -U root%mypassword
No realm has been specified! Do you really want to join an Active Directory server?
Failed to join domain: failed to lookup DC info for domain 'MYDOMAIN' over rpc:
This error indicates that the requested
operation cannot be completed due to a catastrophic media failure or an on-disk
data structure corruption.
Before that, I tried to configure it just as a standalone server with LDAP, but that
didn't work either (it didn't find the user accounts)
Would someone know how to add a plain file server to a Samba 4 domain, and have the
file server authenticate the LDAP users?
Below is my current config which gives the "net rpc join" error above:
# testparm -s
Load smb config files from /etc/samba/smb.conf
Processing section "[backups]"
Processing section "[diskimages]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
workgroup = MYDOMAIN
server role = standalone server
security = DOMAIN
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:"ldap://localhost ldap://ldap.mydomain.lan
ldap://ldap2.mydomaini.lan"
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 4000
dns proxy = No
wins server = 192.168.44.10
ldap admin dn = "cn=admin,dc=mydomain,dc=lan"
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=mydomain,dc=lan
ldap ssl = no
ldap user suffix = ou=People
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[backups]
...
In case it matters, this is the PDC config:
# testparm -s
Load smb config files from /etc/samba/smb.conf
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_url_parse_ext(ldapi://)
ldap_url_parse_ext(ldap://)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Processing section "[netlogon]"
...
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = MYDOMAIN
netbios name = JANUS
server string = %h server
interfaces = 127.0.0.0/8, 192.168.44.10/24, 10.44.0.0/24
server role = classic primary domain controller
map to guest = Bad User
passdb backend = ldapsam
syslog = 0
log file = /var/log/samba/log.%m
server max protocol = NT1
time server = Yes
unix extensions = No
load printers = No
printcap name = /dev/null
disable spoolss = Yes
show add printer wizard = No
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon-%a.bat
logon path = \\%N\%U\profile-%a
logon drive = H:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = "cn=admin,dc=mydomain,dc=lan"
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=frenetic,dc=lan
ldap ssl = no
ldap user suffix = ou=People
ldap debug level = 1
panic action = /usr/share/samba/panic-action %d
ldapsam:trusted = yes
idmap config * : backend = tdb
acl allow execute always = Yes
create mask = 0775
directory mask = 02775
force unknown acl user = Yes
print notify backchannel = No
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
veto oplock files = /*.doc*/*.DOC*/*.xls*/*.XLS*/*.mdb/*.MDB/~$*/
csc policy = disable
[netlogon]
...
More information about the samba
mailing list