[Samba] Replacement pdc samba3 to samba4 nt classic
Gavrilov Aleksey
gavrilov at info74.ru
Mon Oct 10 12:42:54 UTC 2016
Migration was held in connection with the breakdown of the old server
after setting up a new server stopped working to add windows pc to a domain
root at pdc:/var/log/samba# cat /etc/samba/smb.conf
[global]
# Default options
allow nt4 crypto = yes
client ntlmv2 auth = no
disable spoolss = yes
dns proxy = no
dont descend = ./lost+found
guest account = nobody
hide files = /.*/lost+found/
hide unreadable = yes
idmap gid = 10000-30000
idmap uid = 10000-30000
invalid users = root bin daemon adm sync
shutdown halt mail news uucp proxy www-data backup sshd
ldap admin dn = "cn=admin,dc=rugion,dc=ru"
ldap delete dn = no
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap passwd sync = yes
ldap ssl = off
ldap suffix = ou=arkhangelsk,dc=rugion,dc=ru
ldap user suffix = ou=users
load printers = no
locking = yes
log file = /var/log/samba/log.%m
# log level = 4
logon home =
logon path =
logon script = \\PDC\netlogon\logon.bat
map to guest = Bad User
max log size = 1000
obey pam restrictions = yes
pam password change = yes
panic action = /usr/share/samba/panic-action %d
passdb backend = ldapsam:ldap://127.0.0.1/
ldapsam:trusted=yes
ldapsam:editposix=yes
passwd chat = *Enter\snew\s*\spassword:*
%n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
printcap name = /dev/null
printing = bsd
require strong key = no
server role = classic primary domain controller
server string = %h file server
show add printer wizard = no
smb2 leases = yes
syslog = 0
template shell = /bin/bash
unix charset = UTF8
unix password sync = yes
use sendfile = yes
usershare allow guests = yes
# wins server = 192.168.29.17
wins support = yes
workgroup = corp.29.ru
netbios name = pdc
local master = yes
os level = 255
domain master = yes
domain logons = yes
preferred master = auto
#local master = yes
add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
delete user script = /usr/sbin/smbldap-userdel '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x
'%u' '%g'
add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1
# add machine script = /usr/local/sbin/ldapaddmachine '%u' nt_computers
# add user script = /usr/local/sbin/ldapadduser '%u' nt_users
# add group script = /usr/local/sbin/ldapaddgroup '%g'
# add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
# delete user script = /usr/local/sbin/ldapdeleteuser '%u'
# delete group script = /usr/local/sbin/ldapdeletegroup '%g'
# delete user from group script =
/usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
# set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u'
'%g'
# rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
[netlogon]
comment = netlogon share
create mask = 0660
directory mask = 0770
guest ok = no
inherit acls = yes
inherit owner = yes
inherit permissions = yes
locking = no
map acl inherit = yes
path = /srv/samba/netlogon
read list = @nt_users
read only = No
write list = @nt_admin
root at pdc:/var/log/samba# cat /etc/smbldap-tools/smbldap.conf
SID="S-1-5-21-1997676671-1552059010-3109710481"
sambaDomain="CORP.29.RU"
ldapTLS="0"
masterLDAP="127.0.0.1"
masterPort="389"
suffix="ou=arkhangelsk,dc=rugion,dc=ru"
sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
userSmbHome=
userProfile=
userHomeDrive=
userScript=//pdc/netlogon/logon.bat
mailDomain="corp.29.ru"
defaultComputerGid="515"
defaultUserGid="513"
root at pdc:/var/log/samba# smbldap-populate
Populating LDAP directory for domain CORP.29.RU
(S-1-5-21-1997676671-1552059010-3109710481)
(using builtin directory structure)
Use of uninitialized value $prefix in substitution (s///) at
/usr/local/sbin/smbldap-populate line 175.
Use of uninitialized value $prefix in split at
/usr/local/sbin/smbldap-populate line 178.
entry ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry ou=computers,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry sambaDomainName=CORP.29.RU,ou=arkhangelsk,dc=rugion,dc=ru already
exist. Updating it...
entry uid=root,ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry uid=nobody,ou=users,ou=arkhangelsk,dc=rugion,dc=ru already exist.
entry cn=Domain Admins,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already
exist.
entry cn=Domain Users,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already
exist.
entry cn=Domain Guests,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already
exist.
entry cn=Domain Computers,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru
already exist.
entry cn=Administrators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already
exist.
entry cn=Account Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru
already exist.
entry cn=Print Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru
already exist.
entry cn=Backup Operators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru
already exist.
entry cn=Replicators,ou=groups,ou=arkhangelsk,dc=rugion,dc=ru already
exist.
Please provide a password for the domain root:
/usr/local/sbin/smbldap-passwd: user root doesn't exist
root at pdc:/var/log/samba# smbldap-config
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
smbldap-tools script configuration
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Before starting, check
. if your samba controller is up and running.
. if the domain SID is defined (you can get it with the 'net getlocalsid')
. you can leave the configuration using the Ctrl-c key combination
. empty value can be set with the "." character
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
root at pdc:/var/log/samba# net getlocalsid
smbldap_search_domain_info: Got too many (3) domain info entries for
domain CORP.29.RU
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain. We cannot work reliably without it.
pdb backend ldapsam:ldap://127.0.0.1/ did not correctly init (error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
WARNING: Could not open passdb
root at pdc:/var/log/samba# net rpc join -S pdc -U admin%secret
Failed to join domain: failed to lookup DC info for domain 'CORP.29.RU'
over rpc: The connection was refused
You have new mail in /var/mail/root
root at pdc:/var/log/samba#
How do I introduce a new PDC in a domain?
--
Sincerely, Gavrilov Aleksey
System Administrator
Ltd. "Hearst Shkulev Digital Rugion"
tel .: 8 (351) 729-94-90, ext. 345
mob. +7 999 581 7934
gavrilov at info74.ru
Chelyabinsk, st. Lesoparkovaya , 6, office 308
More information about the samba
mailing list