Hi all,
I'm running into a problem with my Linux servers connecting to a
Windows 2003 Active Directory server. When the Linux server joins up,
it's joining as a Domain Controller.
While doing some research on the topic, I came across bug 1423 on your
Bugzilla.
https://bugzilla.samba.org/show_bug.cgi?id=1423
The issue here is how to have the Linux server join as a
Workstation/Server type and not a Domain Controller.
Here is my Samba configuration.
[global]
workgroup = domain
realm = domain.CA
server string = Samba Server
security = ADS
password server = wipdc01.domain.ca *
username map = None
log file = /var/log/samba/%m.log
domain logons = no
domain master = no
max log size = 1000
smb ports = 139
server signing = auto
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = 10.13.20.4
idmap uid = 1000-20000
idmap gid = 1000-20000
winbind use default domain = yes
short preserve case = No
preferred master = no
local master = no
log level = 4
And my steps used to join the domain:
# kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:
# net ads join -U allee
allee's password:
Using short domain name -- domain
Joined 'LXP003' to realm 'domain.CA'
# /etc/init.d/winbind start
Starting Winbind services: [ OK ]
# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -m
domain-NT4
domain
domain
# wbinfo --own-domain
domain
# wbinfo -u | head
-10
rpark
kwall
jwihnon
Looks like it's working....
# cat /var/log/messages
Sep 11 14:04:34 lxp003 winbindd[23659]: [2008/09/11 14:04:34, 0]
nsswitch/winbindd_cache.c:initialize_winbindd_cache(2221)
Sep 11 14:04:34 lxp003 winbindd[23659]: initialize_winbindd_cache:
clearing cache and
re-creating with version number 1
Sep 11 14:04:34 lxp003 winbind: winbindd startup succeeded
Sep 11 14:04:40 lxp003 smb: smbd startup succeeded
Sep 11 14:04:40 lxp003 smb: nmbd startup succeeded
I also check my config and everything checks out ok:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[stars]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
So Samba in principle is working, I can access my shares, read files,
etc. but the AD servers are still seeing my Linux servers as domain
controllers.
We tried blocking external incoming ports 389 and 636 (local oidldapd
service), so the AD server doesn't think it's a domain controller, but
when I authenticate and connect, it's still showing as a domain
controller.
Has anyone else encountered this and found a resolution to the domain
controller issue?
Thanks in advance,
Albert.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
