Dear Help,
Here is my situation:
We have offices located in several areas around the country, all of which can
communicate with each other through VPNs we have established. I have set up a
Samba domain in which the PDC is located here in our home office, and there are
BDCs for the same domain in each of the remote offices.
I have been able to successfully join machines here in our home office to the
domain through Windows, but am not having any luck when I try to join the domain
at one of the remote locations. When I go through the manual process of joining
the domain on a Windows XP machine, I get a password prompt for the domain user
that can add the machine (so I know it's at least finding the BDC)... but then
after I type in the username and password, I get the following error:
"The following error occurred attempting to join the domain "ourdomain": The
specified domain either does not exist or could not be contacted."
I've searched Google for this error and have not found anything useful. I've
gone back through the Samba-HowTo on BDC configuration and have not yet found
anything.
Any help would be greatly appreciated! -Matt
Here are my configuration files. (Oh, and for whatever reason, even with a log
level of 5, whenever I attempt to join the machine to the domain, no log entry
is created).
For the PDC:
[global]
netbios name = ds-pdc-1
workgroup = OURDOMAIN
server string = Samba PDC %v %h
obey pam restrictions = Yes
passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
security = user
log level = 3
log file = /var/log/samba/%m.log
max log size = 5000
add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null/ -g
machine -c
'Machine Account for %u' -s /bin/false %u
logon path =
logon home =
domain logons = Yes
os level = 128
preferred master = Yes
domain master = Yes
ldap admin dn = cn=admin,o=ORGANIZATION
ldap group suffix = ou=Groups
ldap idmap suffix = ou=IDMap
ldap machine suffix = ou=Workstations
ldap user suffix =
ldap filter = (cn=%u)
ldap suffix = o=ORGANZIATION
ldap passwd sync = No
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
idmap uid = 10000-20000
idmap gid = 10000-20000
veto files = /.?*/
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
wins support = Yes
encrypt passwords = Yes
logon script = %U.bat
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
browseable = No
share modes = No
And here is a BDC -- located offsite:
[global]
workgroup = OURDOMAIN
server string = Samba BDC %v %h
obey pam restrictions = Yes
passdb backend = "ldapsam:ldaps://IP.HERE ldaps://IP.HERE"
log level = 2
log file = /var/log/samba/%m.log
max log size = 1000
logon path =
logon home =
domain logons = Yes
domain master = No
preferred master = Yes
ldap admin dn = cn=admin,o=ORGANIZATION
ldap group suffix = ou=Groups
ldap idmap suffix = ou=IDMap
ldap machine suffix = ou=Workstations
ldap suffix = o=ORGANIZATION
ldap passwd sync = No
unix password sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *retype*new*password* %n\n
idmap backend = "ldaps://IP.HERE ldaps://IP.HERE"
idmap uid = 10000-20000
idmap gid = 10000-20000
veto files = /.?*/
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
wins server = IP.OF.PDC.HERE
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
browseable = No
share modes = No
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
