[Samba] Replacement pdc samba3 to samba4 nt classic
Gavrilov Aleksey
gavrilov at info74.ru
Wed Oct 12 05:47:48 UTC 2016
On 10.10.2016 19:20, Rowland Penny via samba wrote:
> A couple of things spring to mind here, the first is, you seem to be
> using a REALM name for a workgroup name i.e. you have 'corp.29.ru' and
> it should be something like 'corp'.
dn: sambaDomainName=CORP.29.RU,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: sambaDomain
objectClass: sambaUnixIdPool
gidNumber: 1000
sambaDomainName: CORP.29.RU
sambaSID: S-1-5-21-1997676671-1552059010-3109710481
uidNumber: 1001
sambaAlgorithmicRidBase: 1000
sambaForceLogoff: -1
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaMinPwdLength: 5
sambaNextRid: 1000
sambaNextUserRid: 1000
sambaPwdHistoryLength: 0
sambaRefuseMachinePwdChange: 0
dn: uid=pdc$,ou=computers,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: pdc$
gidNumber: 10005
homeDirectory: /dev/null
sambaSID: S-1-5-21-1997676671-1552059010-3109710481-1015
uid: pdc$
uidNumber: 20013
description: Machine account
displayName: pdc$
gecos: pdc$
loginShell: /bin/false
sambaAcctFlags: [S ]
sambaNTPassword: ***
sambaPwdLastSet: 1292410092
dn: uid=admin,ou=users,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: admin
gidNumber: 10002
homeDirectory: /var/local/samba/profiles/admin
sambaSID: S-1-5-21-1997676671-1552059010-3109710481-1001
sn: admin
uid: admin
uidNumber: 10001
description: User account
displayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YA=
gecos: admin
loginShell: /sbin/nologin
sambaAcctFlags: [U ]
sambaNTPassword: ***
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdLastSet: 1289383186
sambaPwdMustChange: 0
userPassword:: ***
> Secondly, you have these lines:
>
> ldapsam:trusted=yes
> ldapsam:editposix=yes
I commented out
>
> You also have lines that refer to smbldap-tools, you dont need
> smbldap-tools if you use the above two lines, see 'man smb.conf' for
> more info.
>
> Rowland
>
ldap script used on the old server
/usr/local/sbin/ldapaddmachine
I copied them from the old server to the new server.
but with them not working domain join
cat /var/log/samba/log.smbd
...
[2016/10/11 11:19:04.878485, 5, pid=7397, effective(0, 0), real(0, 0),
class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
Successfully added passdb backend 'IPA_ldapsam'
[2016/10/11 11:19:04.878496, 5, pid=7397, effective(0, 0), real(0, 0),
class=passdb] ../source3/passdb/pdb_interface.c:154(make_pdb_method_name)
Attempting to find a passdb backend to match
ldapsam:ldap://127.0.0.1/ (ldapsam)
[2016/10/11 11:19:04.878507, 5, pid=7397, effective(0, 0), real(0, 0),
class=passdb] ../source3/passdb/pdb_interface.c:175(make_pdb_method_name)
Found pdb backend ldapsam
[2016/10/11 11:19:04.894016, 2, pid=7397, effective(0, 0), real(0, 0)]
../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info)
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=CORP.29.RU))]
[2016/10/11 11:19:04.894048, 5, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:1249(smbldap_search_ext)
smbldap_search_ext: base => [ou=arkhangelsk,dc=rugion,dc=ru], filter
=> [(&(objectClass=sambaDomain)(sambaDomainName=CORP.29.RU))], scope => [2]
[2016/10/11 11:19:04.894086, 5, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:1114(smbldap_close)
The connection to the LDAP server was closed
[2016/10/11 11:19:04.894100, 10, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:595(smb_ldap_setup_conn)
smb_ldap_setup_connection: ldap://127.0.0.1/
[2016/10/11 11:19:04.894888, 2, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:794(smbldap_open_connection)
smbldap_open_connection: connection opened
[2016/10/11 11:19:04.894906, 10, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:954(smbldap_connect_system)
ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as
"cn=admin,dc=rugion,dc=ru"
[2016/10/11 11:19:04.905959, 3, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:1013(smbldap_connect_system)
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
[2016/10/11 11:19:04.906016, 4, pid=7397, effective(0, 0), real(0, 0)]
../source3/lib/smbldap.c:1092(smbldap_open)
The LDAP server is successfully connected
[2016/10/11 11:19:04.910225, 0, pid=7397, effective(0, 0), real(0, 0)]
../source3/passdb/pdb_ldap_util.c:331(smbldap_search_domain_info)
smbldap_search_domain_info: Got too many (3) domain info entries for
domain CORP.29.RU
[2016/10/11 11:19:04.910260, 0, pid=7397, effective(0, 0), real(0, 0),
class=passdb] ../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to
the domain. We cannot work reliably without it.
[2016/10/11 11:19:04.910274, 0, pid=7397, effective(0, 0), real(0, 0),
class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ldapsam:ldap://127.0.0.1/ did not correctly init (error
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
--
Sincerely, Gavrilov Aleksey
System Administrator
Ltd. "Hearst Shkulev Digital Rugion"
tel .: 8 (351) 729-94-90, ext. 345
mob. +7 999 581 7934
gavrilov at info74.ru
Chelyabinsk, st. Lesoparkovaya , 6, office 308
More information about the samba
mailing list