Thanks for replying. I took my time and re-setup the PDC server today
just to make sure everything works on the PDC.
Next I ran the net rpc join on the client and get the following:
[EMAIL PROTECTED] samba]# net rpc join -Uroot%password
Password:
Could not connect to server SFSPDC1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Two things:
First, it asks me for the password again.
Second, I'm sure the password of root is correct. It is the same
command I used to join the PDC machine to the PDC Samba installation.
Also, when I look in the log.member1 on the PDC server I get the following:
[2006/12/13 20:21:26, 0] passdb/pdb_interface.c:pdb_default_create_user(368)
_samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
member1$' gave 9
[2006/12/13 20:22:00, 0] lib/system.c:set_process_capability(723)
set_process_capability: cap_set_proc failed: Operation not permitted
Anyone know how I can find out what return code 9 means?
Thoughts?
Thanks,
Chris....
Here are the two configs:
PDC SMB.CONF
========================================================================
[EMAIL PROTECTED] samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
workgroup = SFS
netbios name = SFSPDC1
server string = Samba Server PDC
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.0.62";
log file = /var/log/samba/log.%m
max log size = 50
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w %u
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = ou=itsolut,dc=com
ldap user suffix = ou=people
idmap backend = ldap:ldap://192.168.0.62
idmap uid = 2000 - 3000
idmap gid = 2000 - 3000
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
DOMAIN MEMBER SMB.CONF
========================================================================
[EMAIL PROTECTED] samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = SFS
netbios name = MEMBER1
server string = TESTBOX
security = DOMAIN
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No
idmap uid = 2000 - 3000
idmap gid = 2000 - 3000
winbind use default domain = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
Jeffrey Lord wrote:
Have you tried doing a 'net rpc join' on the client?
----- Original Message -----
From: [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
To: samba@lists.samba.org <samba@lists.samba.org>
Sent: Tue Dec 12 18:12:35 2006
Subject: [Samba] Adding a Samba Domain Server
I have a Samba PDC setup using LDAP as the passdb. I want to add
another Samba server to the mix. I believe I want to add it in as a
Domain Server; however, I can't seem to get it working.
On the PDC server I am running:
- linux (2.6.latest)
- openldap (latest)
- samba (3.latest)
- nss
On the Domain Server I am running:
- samba (latest 3.latest)
- nss
I thought someone might see something obvious in my smb.conf
(particularly the second one below for the domain server). I am going
to try starting from scratch tomorrow and any advice is appreciated.
Thanks in advance,
Chris....
==================================================================
SMB.CONF for the PDC
[global]
workgroup = SFS1
netbios name = SFSPDC
encrypt passwords = Yes
hide dot files = Yes
null passwords = Yes
enable privileges = yes
interfaces = 192.168.0.28
server string = SFSMAIL PDC
security = user
local master = yes
os level = 33
hosts allow = 192.168.0. 127.
loglevel = 2
log file = /var/log/samba/log.%m
debug timestamp = yes
domain master = yes
domain logons = yes
#winbind use default domain=yes
logon path =
wins support = yes
passdb expand explicit = no
ldap passwd sync = Yes
passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://itsolut.com/";
ldap admin dn = cn=admin,dc=com
ldap suffix = ou=sfsmail,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=people
#ldap idmap suffix = ou=Idmap
#idmap backend = ldap://itsolut.com
#idmap uid = 2000 - 3000
#idmap gid = 2000 - 3000
#ldap ssl = start_tls
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
[homes]
comment = Home Directories
valid users = %U
read only = No
create mask = 0664
directory mask = 0775
browseable = No
writeable = yes
path = /home/samba/users/%U
[netlogon]
path = /home/samba/netlogon
browseable = no
guest ok = yes
read only = yes
==================================================================
NSSSWITCH.CONF for PDC
passwd: files ldap
group: files ldap
shadow: files ldap
publickey: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: db files
==================================================================
SMB.CONF for Domain Server
[global]
workgroup = SFS1
server string = SFS STORAGE SERVER
netbios name = storage1
security = domain
password server = 192.168.0.28
encrypt passwords = Yes
hosts allow = 192.168.0. 127.
log file = /var/log/samba/log.%m
loglevel = 3
max log size = 50
debug timestamp = yes
;password server = 192.168.0.28
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 192.168.0.25
; local master = no
; os level = 33
domain master = no
; preferred master = yes
; domain logons = yes
; wins support = yes
wins server = 192.168.0.28
wins proxy = yes
passdb expand explicit = no
ldap passwd sync = Yes
passdb backend = ldapsam:"ldap://192.168.0.28/";
ldap admin dn = cn=admin,dc=com
ldap suffix = ou=sfsmail,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
#idmap backend = ldap:ldap://192.168.0.28
#idmap uid = 10000-20000
#idmap gid = 10000-20000
add machine script = /usr/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
==================================================================
NSSSWITCH.CONF for Domain Server
passwd: files ldap
group: files ldap
shadow: files ldap
publickey: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: db files
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
