[Samba] Failed to find sambaDomain object to get sambaAlgorithmicRidBase
Rowland Penny
rpenny at samba.org
Fri Sep 30 12:22:46 UTC 2016
On Fri, 30 Sep 2016 08:17:23 -0400
Bernard Fay <bernard.fay at gmail.com> wrote:
> As suggested I added the two lines below and restarted smb.
> server role = classic primary domain controller
> domain master = yes
>
>
> [root at CTSFILE01 samba]# testparm -sn| head -32
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) Processing section "[homes]"
> Processing section "[software]"
> Processing section "[tftp]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
>
> # Global parameters
> [global]
> workgroup = CTS
> server string = CTS File Server 01 - Samba version %v
> interfaces = lo eth0
> server role = classic primary domain controller
> security = USER
> passdb backend = ldapsam:ldap://ctsldap01/
> log file = /var/log/samba/log.%m
> max log size = 50
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> add user script = /sbin/smbldap-useradd -m "%u"
> add group script = /sbin/smbldap-groupadd -p "%g"
> add user to group script = /sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /sbin/smbldap-groupmod -x "%u"
> "%g" set primary group script = /sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /sbin/smbldap-useradd -w "%u"
> domain master = Yes
> ldap admin dn = cn=Manager,dc=cts,dc=com
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap machine suffix = ou=Computers
> ldap passwd sync = yes
> ldap suffix = "dc=cts,dc=com"
> ldap ssl = no
> ldap user suffix = ou=Users
> idmap config * : backend = tdb
> printing = bsd
>
>
> No more perl error, which is a good thing, I think but...
>
> smbldap-usermod -a bernard.fay
> Warning: sambaPrimaryGroupSID could not be set beacuse group of user
> bernard.fay is not a mapped Domain group!
> To get a list of groups mapped to Domain groups, use "net groupmap
> list" on a Domain member machine.
>
>
> net groupmap list
> It returns nothing then I modified the group Administrators to add a
> SID as I think is the problem:
>
> smbldap-groupmod -a Administrators
>
>
> Then one more time I try to add the object class sambaSAMAccount:
> [root at CTSFILE01 samba]# smbldap-usermod -a bernard.fay
> Error: Account for user bernard.fay already _is_ a Samba account!
> Omit option -a!
>
>
> What??? Now have the objectClass sambaSAMAccount even before
> modifying it wit smbldap-usermod??? Mystery or there is something I
> don't understand???
>
> ldapsearch -x -b "uid=bernard.fay,ou=people,dc=cts,dc=com" objectClass
> ...
> objectClass: top
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
>
>
> I retried "net groupmap list":
>
> [root at CTSFILE01 samba]# net groupmap list
> Administrators (S-1-5-21-3886818290-2676185228-3116881835-513-21001)
> -> Administrators
>
> ok, let's define a password with smbldap-passwd... everything ok with
> that.
>
> Sounds good so far.... let's try to map the home share from a Windows
> 7 machine.
>
> BANG!!! In Windows Explorer when I try to map a samba share drive:
> "the mapped network drive could not be created because the following
> error has occured:
> The security ID structure is invalid."
>
>
> pdbedit -L
> No builtin backend found, trying to load plugin
> Module 'ldapsam' loaded
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=CTS))]
> smbldap_open_connection: connection opened
> sid S-1-5-21-3886818290-2676185228-3116881835-513-21000 does not
> belong to our domain
>
>
>
> What is going on again.....
>
>
I think what is going on is that you ran 'smbldap-populate' against
something that wasn't a PDC.
Can I ask why you are trying to create a new NT4-style PDC ?
Wouldn't you be better creating an AD DC ?
Rowland
More information about the samba
mailing list