Assuming the latter, which sounds like you unless I'm badly mis-reading you here, you don't *need* any special DNS entries to make things work. Perhaps you could attach your smb.conf file? It sounds like your security parameter is way out of whack, which could be causing your issues. security = domain
is for when you have a functioning NT network to add this machine to that holds your login info. I've successfully added a 3.0 machine to a 2.2.x network and then not had to do any passdb setup on it.
security = ads
is for configuring authentication against an existing 2000 (/2003?) AD network, which you haven't mentioned here.
You probably want (from TOSHaRG): preferred master = yes domain master = yes local master = yes security = user domain logons = yes
Etienne-Hugues Fortin wrote:
Does your DNS server have the following entries:
If not it won't work.
It's the first time I'm seeing this list. I know that XP Pro was asking for something like _ldap._tcp.<domainname> but even googling on this didn't helped me getting what you just sent.
I'll add this to my DNS. Just to make sure everything is clear, I have to replace the first "fsklwaw.net" with my own domain and then, I'm replacing the server.fsklaw.net with my fully qualified hostname for my samba server acting as the PDC. Everything else would stay identical. Is that right?
Etienne-Hugues
_ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.d8888ddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1
Etienne-Hugues Fortin wrote:
Hi,
I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time).
So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC.
I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode?
Thank you.
Etienne-Hugues Fortin
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
