problems with samba as domin member in rpc samba domain

Bartłomiej Solarz-Niesłuchowski Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
Fri Mar 11 12:40:56 UTC 2016 

W dniu 2016-03-11 o 13:15, Rowland Penny pisze:
> On 11/03/16 11:38, Bartłomiej Solarz-Niesłuchowski wrote:
>> Good morning!
>>
>> I have problems with domain (fedora 23 x64).
>>
>> Let's have:
>> samba 4.3.4 as domain master (NT4 domain! - no ADS)
>> samba 4.3.4 as domain member
>>
>> if I use:  net rpc testjoin
>> no answer
>> if i try to join domain:
>>  net join -U root
>> Enter root's password:
>> Failed to join domain: failed to find DC for domain WSISIZ.EDU.PL
>>
>> BUT if on domain member I downgrade samba to version 4.2.9
>> everything start working.
>>
>> Does somebody saw this problem?
>>
>> Best Regards
>>
>
>
> Can we please see your smb.conf files ?
>
> Rowland
>
>
domain server:
[global]
          unix charset = UTF8
          workgroup = WSISIZ.EDU.PL
          allow trusted domains = No
          passdb backend = ldapsam:"ldaps://mythodea.wsisiz.edu.pl/ 
ldaps://portraits.wsisiz.edu.pl/"
          check password script = /usr/local/sbin/crackcheck -s -d 
/usr/lib64/cracklib_dict
          map untrusted to domain = Yes
          max log size = 1650065408
          debug pid = Yes
          debug uid = Yes
          server max protocol = SMB2
          max protocol = SMB2
          protocol = SMB2
          time server = Yes
          unix extensions = No
          deadtime = 60
          hostname lookups = Yes
          printcap cache time = 600
          printcap name = cups
          add user script = /usr/local/sbin/smbldap-useradd -m "%u"
          add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
          add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
          delete user from group script = 
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
          set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
          add machine script = /usr/local/sbin/smbldap-useradd -t 5 -w "%u"
          logon script = login.bat
          logon drive = z:
          logon home = \\%N\%U\profile
          domain logons = Yes
          os level = 128
          preferred master = Yes
          domain master = Yes
          wins proxy = Yes
          wins support = Yes
          ldap admin dn = cn=Manager,dc=wsisiz,dc=edu,dc=pl
          ldap delete dn = Yes
          ldap group suffix = ou=Groups
          ldap idmap suffix = ou=Idmap
          ldap machine suffix = ou=Computers
          ldap passwd sync = yes
          ldap suffix = dc=wsisiz,dc=edu,dc=pl
          ldap ssl = no
          ldap user suffix = ou=Users
          remote browse sync = oxygene.ibspan.waw.pl antarctica china 
spiral direct odyssey
          winbind use default domain = Yes
          idmap config * : backend = tdb
          acl allow execute always = Yes
          create mask = 0644
          inherit acls = Yes
          hosts allow = 127. 10.100.0.0/255.255.0.0 
213.135.34.0/255.255.255.0 213.135.44.0/255.255.252.0 
213.135.48.0/255.255.254.0 2001:1a68:a::/48
          ea support = Yes
          map acl inherit = Yes
          cups options = raw
          hide dot files = No
          store dos attributes = Yes
          wide links = Yes

domain member:
[root at beabourg SRPMS]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[private]"
Processing section "[reklama]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
          dos charset = CP852
          unix charset = UTF8
          workgroup = WSISIZ.EDU.PL
          security = DOMAIN
          map to guest = Bad User
          username map = /etc/samba/smbusers
          max log size = 500000
          time server = Yes
          deadtime = 10
          keepalive = 10
          hostname lookups = Yes
          os level = 32
          local master = No
          wins server = oceanic.wsisiz.edu.pl
          ldap ssl = no
          winbind use default domain = Yes
          winbind trusted domains only = Yes
          idmap config * : backend = tdb
          acl allow execute always = Yes
          create mask = 0644
          hosts allow = 213.135.44.0/255.255.252.0 
213.135.48.0/255.255.254.0 213.135.34. 127. 2001:1a68:a::/48
          hide dot files = No


-- 
Bartłomiej Solarz-Niesłuchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
tel. 223486547, fax 223486501
JID: solarz at jabber.wit.edu.pl
01-447 Warszawa, ul. Newelska 6, pokój 404, pon.-pt. 8-16
Motto - Jak sobie pościelisz tak sie wyśpisz



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3940 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160311/5e203950/smime.bin>

More information about the samba-technical mailing list