----- Original Message -----
[EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
I've been trying to get this to work for a few days now. I read that
domain requests are sent via broadcast, and to use WINS to get around
it.
Well, I've enabled the WINS server on my Samba PDC, and told the BDC's
on
each VPN segment that the PDC is a WINS server. WINS resolution works
apparently, I can sit on a VPN'd network segment and ping machines
across
the VPN via their NETBIOS name, but I can't log into the domain. Windows
tells me it can't find the domain. Is there something I'm missing?
sorry rob, i forgot to reply-to-all the first time.
do you have
domain master = no
domain logons = yes
that set up works for me. and i also use
local master = yes
though i don't think the local master is required for bdc functionality.
--
Anthony
Yeah, I have that in my conf. Actually, I got it working earlier, but I
had to tell samba to use my master LDAP server to do it - I was hoping I
could make samba read off of the local slave server so if the connection
to the master was severed, domain logins would still be functional. I'll
tool around with it some more tomorrow and see if I can make it work the
way I intend.
hmmm... i also use a replicated ldap server on the bdc localhost.
could you post your smb.conf and any errors you see in your samba log?
--
Anthony
sure, here's my smb.conf:
[global]
netbios name = <servername here>
workgroup = WORKGROUP
server string = Server String
security = user
hosts allow = 192.168.0. 127.
load printers = no
log file = var/log/samba.%m
max log size = 50
log level = 1
passdb backend = ldapsam:ldap://<master LDAP IP>
socket options = TCP_NODELAY
interfaces = <localnet ip/netmask>
os level = 64
domain master = no
preferred master = auto
domain logons = yes
#LDAP stuff:
ldap admin dn = cn=<ID>,dc=<domain>,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=People
ldap passwd sync = yes
ldap suffix = dc=<domain>,dc=com
ldap user suffix = ou=Users
idmap backend = ldap:ldap://127.0.01
idmap uid = 10000-20000
idmap gid = 10000-20000
logon script = logon.bat
logon path =
logon drive = H:
wins server = <PDC LAN>
wins proxy = yes
dns proxy = no
# domain user stuff:
add user script = /usr/local/sbin/smbldap-useradd -a '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
-------------------------------
This configuration works. If I change passdb to 127.0.0.1 instead of the
Master LDAP's IP, this pops up in samba.smbd:
[2006/05/24 14:53:30, 1] lib/smbldap_util.c:add_new_domain_info(198)
failed to add domain dn= sambaDomainName=ATWORK,dc=atworkpersonnel,dc=com
with: Server is unwilling to perform
shadow context; no update referral
[2006/05/24 14:53:30, 0] lib/smbldap_util.c:smbldap_search_domain_info(258)
Adding domain info for ATWORK failed with NT_STATUS_UNSUCCESSFUL
That's the only error I see popping up. Ideas?
--
Rob
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
