[Samba] Replacement pdc samba3 to samba4 nt classic

Gavrilov Aleksey gavrilov at info74.ru
Wed Oct 12 05:47:48 UTC 2016 


On 10.10.2016 19:20, Rowland Penny via samba wrote:
> A couple of things spring to mind here, the first is, you seem to be
> using a REALM name for a workgroup name i.e. you have 'corp.29.ru' and
> it should be something like 'corp'.

dn: sambaDomainName=CORP.29.RU,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: sambaDomain
objectClass: sambaUnixIdPool
gidNumber: 1000
sambaDomainName: CORP.29.RU
sambaSID: S-1-5-21-1997676671-1552059010-3109710481
uidNumber: 1001
sambaAlgorithmicRidBase: 1000
sambaForceLogoff: -1
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaMinPwdLength: 5
sambaNextRid: 1000
sambaNextUserRid: 1000
sambaPwdHistoryLength: 0
sambaRefuseMachinePwdChange: 0


dn: uid=pdc$,ou=computers,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: pdc$
gidNumber: 10005
homeDirectory: /dev/null
sambaSID: S-1-5-21-1997676671-1552059010-3109710481-1015
uid: pdc$
uidNumber: 20013
description: Machine account
displayName: pdc$
gecos: pdc$
loginShell: /bin/false
sambaAcctFlags: [S          ]
sambaNTPassword: ***
sambaPwdLastSet: 1292410092


dn: uid=admin,ou=users,ou=arkhangelsk,dc=rugion,dc=ru
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: admin
gidNumber: 10002
homeDirectory: /var/local/samba/profiles/admin
sambaSID: S-1-5-21-1997676671-1552059010-3109710481-1001
sn: admin
uid: admin
uidNumber: 10001
description: User account
displayName:: 0JDQtNC80LjQvdC40YHRgtGA0LDRgtC+0YA=
gecos: admin
loginShell: /sbin/nologin
sambaAcctFlags: [U          ]
sambaNTPassword: ***
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
  0000000000
sambaPwdLastSet: 1289383186
sambaPwdMustChange: 0
userPassword:: ***

>   Secondly, you have these lines:
>
>       ldapsam:trusted=yes
>       ldapsam:editposix=yes
I commented out
>
> You also have lines that refer to smbldap-tools, you dont need
> smbldap-tools if you use the above two lines, see 'man smb.conf' for
> more info.
>
> Rowland
>
ldap script used on the old server
/usr/local/sbin/ldapaddmachine
I copied them from the old server to the new server.
but with them not working domain join


cat /var/log/samba/log.smbd
...
[2016/10/11 11:19:04.878485,  5, pid=7397, effective(0, 0), real(0, 0), 
class=passdb] ../source3/passdb/pdb_interface.c:91(smb_register_passdb)
   Successfully added passdb backend 'IPA_ldapsam'
[2016/10/11 11:19:04.878496,  5, pid=7397, effective(0, 0), real(0, 0), 
class=passdb] ../source3/passdb/pdb_interface.c:154(make_pdb_method_name)
   Attempting to find a passdb backend to match 
ldapsam:ldap://127.0.0.1/ (ldapsam)
[2016/10/11 11:19:04.878507,  5, pid=7397, effective(0, 0), real(0, 0), 
class=passdb] ../source3/passdb/pdb_interface.c:175(make_pdb_method_name)
   Found pdb backend ldapsam
[2016/10/11 11:19:04.894016,  2, pid=7397, effective(0, 0), real(0, 0)] 
../source3/passdb/pdb_ldap_util.c:280(smbldap_search_domain_info)
   smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=CORP.29.RU))]
[2016/10/11 11:19:04.894048,  5, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:1249(smbldap_search_ext)
   smbldap_search_ext: base => [ou=arkhangelsk,dc=rugion,dc=ru], filter 
=> [(&(objectClass=sambaDomain)(sambaDomainName=CORP.29.RU))], scope => [2]
[2016/10/11 11:19:04.894086,  5, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:1114(smbldap_close)
   The connection to the LDAP server was closed
[2016/10/11 11:19:04.894100, 10, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:595(smb_ldap_setup_conn)
   smb_ldap_setup_connection: ldap://127.0.0.1/
[2016/10/11 11:19:04.894888,  2, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:794(smbldap_open_connection)
   smbldap_open_connection: connection opened
[2016/10/11 11:19:04.894906, 10, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:954(smbldap_connect_system)
   ldap_connect_system: Binding to ldap server ldap://127.0.0.1/ as 
"cn=admin,dc=rugion,dc=ru"
[2016/10/11 11:19:04.905959,  3, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:1013(smbldap_connect_system)
   ldap_connect_system: successful connection to the LDAP server
   ldap_connect_system: LDAP server does support paged results
[2016/10/11 11:19:04.906016,  4, pid=7397, effective(0, 0), real(0, 0)] 
../source3/lib/smbldap.c:1092(smbldap_open)
   The LDAP server is successfully connected
[2016/10/11 11:19:04.910225,  0, pid=7397, effective(0, 0), real(0, 0)] 
../source3/passdb/pdb_ldap_util.c:331(smbldap_search_domain_info)
   smbldap_search_domain_info: Got too many (3) domain info entries for 
domain CORP.29.RU
[2016/10/11 11:19:04.910260,  0, pid=7397, effective(0, 0), real(0, 0), 
class=passdb] ../source3/passdb/pdb_ldap.c:6534(pdb_ldapsam_init_common)
   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to 
the domain. We cannot work reliably without it.
[2016/10/11 11:19:04.910274,  0, pid=7397, effective(0, 0), real(0, 0), 
class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
   pdb backend ldapsam:ldap://127.0.0.1/ did not correctly init (error 
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)



-- 

Sincerely, Gavrilov Aleksey
System Administrator
Ltd. "Hearst Shkulev Digital Rugion"
tel .: 8 (351) 729-94-90, ext. 345
mob. +7 999 581 7934
gavrilov at info74.ru
Chelyabinsk, st. Lesoparkovaya , 6, office 308

More information about the samba mailing list