Short version: Why does my domain member server create a sambaDomainName entry in LDAP?
Long Version: I have created a Domain Member Server for a "NT4 style" Samba domain with an LDAP backend. It is a print server, running Winbind (because it solved a group SID mapping problem and an 'invalid SID' error in syslog), and it works fine in all other respects, but this: After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. It is of the form: sambaDomainName=HOSTNAME,dc=example,dc=com ... where HOSTNAME is the hostname of the domain member server. I have Googled this and have come up with some posts to this list: http://www.google.com/search?q=sambaDomainName+hostname+%22member+server%22 ... but none provide an explanation. Here are some details about my setup (on the domain member server): First, just to get it out of the way, I created no local users, other those created by a default RedHat RHEL 5.1 install, such as root, nobody, etc. (LDAP, NSS, PAM, Winbind settings created with /usr/sbin/authconfig-tui) # cat /etc/ldap.conf: base dc=example,dc=com nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon uri ldap://ldap.example.com ssl no pam_password md5 # cat /ets/samba/smb.conf: [global] workgroup = MYDOMAIN netbios name = HOSTNAME server string = Domain Member Server security = domain password server = MYPDC MYBDC passdb backend = ldapsam:ldap://ldap.deohs.washington.edu wins support = no ldap suffix = dc=example,dc=com ldap admin dn = "cn=Directory Manager" ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap user suffix = ou=People idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /sbin/nologin load printers = yes printing = cups printcap name = cups winbind use default domain = false [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes # cat /etc/pam.d/system-config-samba #%PAM-1.0 auth include config-util account include config-util session include config-util # cat /etc/pam.d/config-util #%PAM-1.0 auth sufficient pam_rootok.so auth sufficient pam_timestamp.so auth include system-auth account required pam_permit.so session required pam_permit.so session optional pam_xauth.so session optional pam_timestamp.so # cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth sufficient pam_smb_auth.so use_first_pass nolocal auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so # cat /etc/nsswitch.conf passwd: files ldap winbind shadow: files ldap winbind group: files ldap winbind hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: nisplus automount: files ldap aliases: files nisplus # cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.1 (Tikanga) # uname -a Linux hostname.example.com 2.6.18-53.1.6.el5 #1 SMP Wed Jan 16 03:56:15 EST 2008 x86_64 x86_64 x86_64 GNU/Linux # rpm -qa | grep 'samba-[0-9]\|ldap-[0-9]\|pam-[0-9]' openldap-2.3.27-8.el5_1.1 system-config-samba-1.2.39-1.el5 openldap-2.3.27-8.el5_1.1 samba-3.0.25b-1.el5_1.4 pam-0.99.6.2-3.26.el5 nss_ldap-253-5.el5 pam-0.99.6.2-3.26.el5 nss_ldap-253-5.el5 The member server was joined to the domain with: # net rpc join MEMBER -W MYDOMAIN -I MYPDC -U root%S3CR1T # smbpasswd -w S3CR1T Thanks, in advance, for any explanation you can provide. -- Brian High -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
