[Samba] Replacement pdc samba3 to samba4 nt classic

Gavrilov Aleksey gavrilov at info74.ru
Mon Oct 10 12:42:54 UTC 2016

Migration was held in connection with the breakdown of the old server
after setting up a new server stopped working to add windows pc to a domain

root at pdc:/var/log/samba# cat /etc/samba/smb.conf

         # Default options
         allow nt4 crypto               = yes
         client ntlmv2 auth             = no
         disable spoolss                = yes
         dns proxy                      = no
         dont descend                   = ./lost+found
         guest account                  = nobody
         hide files                     = /.*/lost+found/
         hide unreadable                = yes
         idmap gid                      = 10000-30000
         idmap uid                      = 10000-30000
         invalid users                  = root bin daemon adm sync 
shutdown halt mail news uucp proxy www-data backup sshd
         ldap admin dn                  = "cn=admin,dc=rugion,dc=ru"
         ldap delete dn                 = no
         ldap group suffix              = ou=groups
         ldap machine suffix            = ou=computers
         ldap passwd sync               = yes
         ldap ssl                       = off
         ldap suffix                    = ou=arkhangelsk,dc=rugion,dc=ru
         ldap user suffix               = ou=users
         load printers                  = no
         locking                        = yes
         log file                       = /var/log/samba/log.%m
#    log level = 4
         logon home                     =
         logon path                     =
         logon script                   = \\PDC\netlogon\logon.bat
         map to guest                   = Bad User
         max log size                   = 1000
         obey pam restrictions          = yes
         pam password change            = yes
         panic action                   = /usr/share/samba/panic-action %d
         passdb backend                 = ldapsam:ldap://
         passwd chat                    = *Enter\snew\s*\spassword:* 
%n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
         passwd program                 = /usr/bin/passwd %u
         printcap name                  = /dev/null
         printing                       = bsd
         require strong key             = no
         server role                    = classic primary domain controller
         server string                  = %h file server
         show add printer wizard        = no
         smb2 leases                    = yes
         syslog                         = 0
         template shell                 = /bin/bash
         unix charset                   = UTF8
         unix password sync             = yes
         use sendfile                   = yes
         usershare allow guests         = yes
#       wins server                    =
     wins support = yes
         workgroup                      = corp.29.ru
     netbios name = pdc
     local master = yes
     os level = 255
     domain master = yes
     domain logons = yes
     preferred master = auto
     #local master = yes
         add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
         rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
         delete user script = /usr/sbin/smbldap-userdel '%u'
         set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
         add group script = /usr/sbin/smbldap-groupadd -p '%g'
         delete group script = /usr/sbin/smbldap-groupdel '%g'
         add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
         delete user from group script = /usr/sbin/smbldap-groupmod -x 
'%u' '%g'
         add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1

#    add machine script = /usr/local/sbin/ldapaddmachine '%u' nt_computers
#    add user script = /usr/local/sbin/ldapadduser '%u' nt_users
#    add group script = /usr/local/sbin/ldapaddgroup '%g'
#    add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
#    delete user script = /usr/local/sbin/ldapdeleteuser '%u'
#    delete group script = /usr/local/sbin/ldapdeletegroup '%g'
#    delete user from group script = 
/usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
#    set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' 
#    rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'

         comment                        = netlogon share
         create mask                    = 0660
         directory mask                 = 0770
         guest ok                       = no
         inherit acls                   = yes
         inherit owner                  = yes
         inherit permissions            = yes
         locking                        = no
         map acl inherit                = yes
         path                           = /srv/samba/netlogon
         read list                      = @nt_users
         read only                      = No
         write list                     = @nt_admin

root at pdc:/var/log/samba# cat /etc/smbldap-tools/smbldap.conf

root at pdc:/var/log/samba# smbldap-populate
Populating LDAP directory for domain CORP.29.RU 
(using builtin directory structure)

Use of uninitialized value $prefix in substitution (s///) at 
/usr/local/sbin/smbldap-populate line 175.
Use of uninitialized value $prefix in split at 
/usr/local/sbin/smbldap-populate line 178.
entry ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=computers,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry sambaDomainName=CORP.29.RU,ou=arkhangelsk,dc=rugion,dc=ru already 
exist. Updating it...
entry uid=root,ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry uid=nobody,ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry cn=Domain Admins,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already 
entry cn=Domain Users,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already 
entry cn=Domain Guests,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already 
entry cn=Domain Computers,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru 
already exist.
entry cn=Administrators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already 
entry cn=Account Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru 
already exist.
entry cn=Print Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru 
already exist.
entry cn=Backup Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru 
already exist.
entry cn=Replicators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already 

Please provide a password for the domain root:
/usr/local/sbin/smbldap-passwd: user root doesn't exist

root at pdc:/var/log/samba# smbldap-config
        smbldap-tools script configuration
Before starting, check
  . if your samba controller is up and running.
  . if the domain SID is defined (you can get it with the 'net getlocalsid')

  . you can leave the configuration using the Ctrl-c key combination
  . empty value can be set with the "." character

root at pdc:/var/log/samba# net getlocalsid
smbldap_search_domain_info: Got too many (3) domain info entries for 
domain CORP.29.RU
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain. We cannot work reliably without it.
pdb backend ldapsam:ldap:// did not correctly init (error was 
WARNING: Could not open passdb

root at pdc:/var/log/samba# net rpc join -S pdc -U admin%secret
Failed to join domain: failed to lookup DC info for domain 'CORP.29.RU' 
over rpc: The connection was refused
You have new mail in /var/mail/root
root at pdc:/var/log/samba#

How do I introduce a new PDC in a domain?


Sincerely, Gavrilov Aleksey
System Administrator
Ltd. "Hearst Shkulev Digital Rugion"
tel .: 8 (351) 729-94-90, ext. 345
mob. +7 999 581 7934
gavrilov at info74.ru
Chelyabinsk, st. Lesoparkovaya , 6, office 308

More information about the samba mailing list