Hi. I had been reading about how to join a samba server to my current PDC running samba+ldap.
My PDC have a BDC and they are working, I want to add another samba server and be a domain member server. The docs off samba had open my mind about the technical stuff but I still cannot make this thing works. My OS is Centos 5.6 PDC Samba Version 3.5.4-0.83.el5_7.2 My domain member is centos to 5.7 Version 3.5.4-0.83.el5_7.2 The old book say: http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html step 1: This is my smb.conf from domain member server: [global] workgroup = MYDOMAIN server string = Develop Server netbios name = mbx-devel hosts allow = 192.168.2. 127. interfaces = eth0 lo0 bind interfaces only = Yes hosts deny = 0.0.0.0 remote announce = 192.168.2.255 lanman auth = Yes client lanman auth = Yes security = DOMAIN # passwd backend encrypt passwords = yes passdb backend = ldapsam:"ldap://192.168.2.24/ ldap://192.168.2.25/" enable privileges = yes pam password change= Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes password server = 192.168.2.24 # Log options log level = 10 log file = /var/log/samba/%m.log max log size = 500 syslog = 1 # Name resolution name resolve order = wins bcast hosts lmhost # misc time server = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use sendfile = yes # Dos-Attribute map hidden = No map system = No map archive = No map read only = No store dos attributes = Yes Map to Guest = Bad User # printers - configured to use CUPS and automatically load them load printers = No printcap name = # printing = cups options = show add printer wizard = No # LDAP-iConfiguration ldap ssl = off ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=local ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=mydomain,dc=local idmap backend = ldap:ldap://192.168.2.24 ldap://192.168.2.25 idmap uid = 10000-20000 idmap gid = 10000-20000 # logon options logon script = logon path = logon path = logon home = logon drive = username map = /etc/samba/smbuser preferred master = No wins support = No wins server = 192.168.2.24 winbind nested groups = Yes winbind trusted domains only = Yes winbind use default domain = Yes winbind separator = + ea support = Yes domain logons = No domain master = No local master = No map acl inherit = Yes unix charset = UTF8 case sensitive = No Step 2: Now, the manual say that we need to setup nss_ldap, nsswitch: /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns wins # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: nisplus automount: files aliases: files nisplus Latter ldap client. /etc/ldap.conf host 192.168.2.24 192.168.2.25 # The distinguished name of the search base. base dc=mydomain,dc=local ldap_version 3 binddn cn=Manager,dc=mueblex,dc=local bindpw MYPASSWD port 389 timelimit 120 bind_timelimit 120 bind_policy soft idle_timelimit 3600 pam_password md5 nss_base_passwd ou=Users,dc=mydomain,dc=local?one nss_base_shadow ou=Users,dc=mydomain,dc=local?one nss_base_group ou=Groups,dc=mydomain,dc=local?one nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm ssl off /etc/openldap/ldap HOST 192.1689.2.24 192.168.2.25 URI ldap://192.168.2.24 ldap://192.168.2.25 BASE dc=mydomain,dc=local Test: getent passwd getent group works. >From here, the doc start speaking about slapcat, which is a tool from openldap-server: The LDAP directory must have a container object for IDMAP data. There are several ways you can check that your LDAP database is able to receive IDMAP information. One of the simplest is to execute: My client(domain member server) must have this? step 6: smbpassword done!!! setp 7: net rpc join -S MYPDC-Name -Uroot done, my PDC show me my domain member server. Test: net rpc info -S MyPDC -U root Enter root's password: Domain Name: MYDOMAIN Domain SID: S-1-5-21-805595659-1689854870-1539857752 Sequence number: 1316645662 Num users: 105 Num domain groups: 5 Num local groups: 0 Step 8: wbinfo --set-auth-user=Administrator%not24get This functionality was moved to the 'net' utility. See 'net help setauthuser' for details. net setauthuser -U root Enter the auth user's password: Done, nothing wrong back. Services: I got a lot of message went I start smb service that complain about cups, I was thinking that maybe samba 3.5.x need that service, I got the service running but nothing change. winbind running nmb running service smb start Starting SMB services: As u see the service never return to the shell is like doing something, never return my shell, ps -ax | grep smb Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.7/FAQ 12707 pts/1 S+ 0:00 /bin/sh /sbin/service smb start 12712 pts/1 S+ 0:00 /bin/sh /etc/init.d/smb start 12715 pts/1 S+ 0:00 /bin/bash -c ulimit -S -c 0 >/dev/null 2>&1 ; smbd -D 12716 pts/1 S+ 0:00 smbd -D 12719 pts/0 S+ 0:00 grep smb If I don't stop the task Ctrl+c I can open another shell and smb service say is running: service smb status smbd (pid 12716) is running... smbstatus: lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory sessionid.tdb not initialised Service pid machine Connected at ------------------------------------------------------- tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/locking.tdb: No such file or directory Could not open tdb: No such file or directory /var/lib/samba/locking.tdb not initialised This is normal if an SMB client has never connected to your server. This is the last part, my log level is 10 them I got more output. If I run a pdbedit -L i got this: he connection to the LDAP server was closed smb_ldap_setup_connection: ldap://192.168.2.24/ ldap://192.168.2.25/ smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldap://192.168.2.24/ ldap://192.168.2.25/ as "cn=Manager,dc=mydomain,dc=local" ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is successfully connected pdb backend ldapsam:"ldap://192.168.2.24/ ldap://192.168.2.25/" has a valid init smbldap_search_paged: base => [dc=mydomain,dc=local], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024] smbldap_search_ext: base => [dc=mydomain,dc=local], filter => [(&(uid=*)(objectclass=sambaSamAccount))], scope => [2] smbldap_search_paged: search was successful "displayName" not found "description" not found sid S-1-5-21-805595659-1689854870-1539857752-1000 does not belong to our domain Skipping entry uid=root,ou=Users,dc=mydomain,dc=local "displayName" not found "description" not found ... sid S-1-5-21-805595659-1689854870-1539857752-1069 does not belong to our domain Skipping entry uid=rhernandez,ou=Users,dc=mydomain,dc=local sid S-1-5-21-805595659-1689854870-1539857752-1070 does not belong to our domain Skipping entry uid=mbx-debug$,ou=Computers,dc=mydomain,dc=local sid S-1-5-21-805595659-1689854870-1539857752-1071 does not belong to our domain Skipping entry uid=mbx-scan1$,ou=Computers,dc=mydomain,dc=local sid S-1-5-21-805595659-1689854870-1539857752-1074 does not belong to our domain Skipping entry uid=mbx-devel$,ou=Computers,dc=mydomain,dc=local My SID: net getdomainsid SID for local machine MBX-DEVEL is: S-1-5-21-3297652681-580672025-4178914628 SID for domain MYDOMAIN is: S-1-5-21-805595659-1689854870-1539857752 I have read the logs but don't see any error that could help me. I miss something? LIving the dream.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba