[Samba] Samba PDC

Robert Fitzpatrick Wed, 12 Jan 2011 08:07:37 -0800

OK, I am trying to setup my first Samba PDC on a FreeBSD 8.1 host. WhenI try to become a member of 'webtent.org' on my Windows 7 Ultimate tothe PDC, I get the following error...

DNS was successfully queried for the service location (SRV) resource record used to 
locate a domain controller for domain "webtent.org":


The query was for the SRV record for _ldap._tcp.dc._msdcs.webtent.org

The following domain controllers were identified by the query:
mail.webtent.org


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to 
their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are 
not running.

I have Samba working well in the network and have setup the server as aPDC...

mail# net domain
Enter root's password:

Enumerating domains:

        Domain name          Server name of Browse Master
        -------------        ----------------------------
        WEBTENT              MAIL


I have DNS setup as I believe correct as well as my Samba config...

mail# dig mail.webtent.org

; <<>> DiG 9.4-ESV-R2 <<>> mail.webtent.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20308
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;mail.webtent.org.              IN      A

;; ANSWER SECTION:
mail.webtent.org.       38400   IN      A       192.168.1.21

mail# dig -x 192.168.1.21

; <<>> DiG 9.4-ESV-R2 <<>> -x 192.168.1.21
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32497
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;21.1.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
21.1.168.192.in-addr.arpa. 38400 IN     PTR     mail.webtent.org.

mail# cat /var/named/etc/namedb/dynamic/webtent.org.hosts
$ttl 38400
webtent.org.    IN      SOA     mx1.webtent.org. admin.webtent.org. (
                        1281254209
                        10800
                        3600
                        604800
                        38400 )
webtent.org.    IN      NS      mx1.webtent.org.
mail.webtent.org.       IN      A       192.168.1.21
<snip unrelated A records>
$ORIGIN webtent.org.
_kerberos       TXT "WEBTENT"
$ORIGIN _tcp.webtent.org.
_kerberos       SRV 1 0 88 mail.webtent.org.
_kerberos-adm   SRV 1 0 749 mail.webtent.org.
$ORIGIN _udp.webtent.org.
_kerberos       SRV 1 0 88 mail.webtent.org.
_kpasswd        SRV 1 0 464 mail.webtent.org.
kerberos        CNAME   mail.
localhost       A   127.0.0.1
mail   A   192.168.1.21
_ldap._tcp.webtent.org. SRV 0 0 389 mail.webtent.org.
_kerberos._tcp.webtent.org. SRV 0 0 88 mail.webtent.org.
_ldap._tcp.dc._msdcs.webtent.org.       IN      SRV     0 0 389 
mail.webtent.org.
_kerberos._tcp.dc._msdcs.webtent.org.   IN      SRV     0 0 88 mail.webtent.org.

mail# cat smb.conf
# Global parameters
[global]
      workgroup = WEBTENT
      server string = Samba Server
      netbios name = mail
      hosts allow = 192.168.1. 127.
#      interfaces = bge0, lo
#      bind interfaces only = Yes

# passwd backend
      encrypt passwords = yes
      passdb backend   = ldapsam:ldap://mail.webtent.org/
      enable privileges = yes
      pam password change= Yes
      passwd program = /usr/bin/passwd %u
      passwd chat = *New*UNIX*password* %nn *ReType*new*UNIX*password* %nn * 
passwd:*all*authentication*tokens*updated*successfully*
      unix password sync = Yes

# Log options
      log level = 1
      log file = /var/log/samba/%m
      max log size = 50
      syslog = 0

# Name resolution
      name resolve order = wins bcast host

# misc
      timeserver = Yes
      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
      use sendfile = yes
      veto files = /*.eml/*.nws/*.{*}/
      veto oplock files = /*.doc/*.xls/*.mdb/
      deadtime         = 120

# Dos-Attribute
      map hidden = No
      map system = No
      map archive = No
      map read only = No
      store dos attributes = Yes
      dos charset = 850

# printers - configured to use CUPS and automatically load them
      load printers = Yes
      printcap name = CUPS
      printing = cups
      cups options = Raw
      show add printer wizard = No

# scripts invoked by samba
      add user script               = /usr/local/sbin/smbldap-useradd -m %u
      delete user script            = /usr/local/sbin/smbldap-userdel %u
      add group script              = /usr/local/sbin/smbldap-groupadd -p %g
      delete group script           = /usr/local/sbin/smbldap-groupdel %g
      add user to group script      = /usr/local/sbin/smbldap-groupmod -m %u %g
      delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g
      set primary group script      = /usr/local/sbin/smbldap-usermod -g %g %u
      add machine script            = /usr/local/sbin/smbldap-useradd -w %m


# LDAP-Configuration
      ldap delete dn                = Yes
      ldap ssl                      = off
      ldap passwd sync              = Yes
      ldap suffix                   = dc=webtent,dc=org
      ldap machine suffix           = ou=Computers
      ldap user suffix              = ou=Users
      ldap group suffix             = ou=Groups
      ldap idmap suffix             = ou=Idmap
      ldap admin dn                 = cn=Manager,dc=webtent,dc=org
      idmap backend                 = ldap:ldap://mail.webtent.org
      idmap uid                     = 10000-20000
      idmap gid                     = 10000-20000
winbind uid = 100000-100000000
winbind gid = 100000-100000000
idmap backend = rid
allow trusted domains = No
winbind enum users = yes
winbind enum groups = yes
#
winbind refresh tickets = Yes
winbind nested groups = No

# logon options
      logon script = logon.bat
      logon path = \%L\profiles\%u
      logon path =
      logon home = \%L\%U
      logon drive = H:

# setting up as domain controller
      username map = /var/samba/usermap
      preferred master = Yes
      wins support = Yes
      domain logons = Yes
      domain master = Yes
      local master = Yes
      os level = 64
      map acl inherit = Yes
      unix charset = ISO8859-1
#      unix charset     = UTF8

#============================ Share Definitions ==============================

[netlogon]
      comment = Network Logon Service
      path = /var/samba/netlogon
      guest ok = yes
      locking = no

[homes]
      comment = Home Directories
      valid users = %S
      read only = No
      browseable = No

[Profiles]
      comment = Network Profiles Service
      path = /var/samba/profiles
      read only = No
      profile acls = yes
      hide files = /desktop.ini/ntuser.ini/NTUSER.*/
      profile acls = Yes


[printers]
      comment = All Printers
      path = /var/spool/samba
      browseable = No
      guest ok = Yes
      printable = Yes
      use client driver = Yes
      default devmode = Yes

[print$]
      comment = Printer Drivers
      path = /var/samba/printer-drivers
      browseable = yes
      guest ok = no
      read only = yes
      write list = root

[data]
      comment = Data Directory
      path = /var/samba/data
      write list = @webtent
      read only = No
      create mask = 0777
      directory mask = 0777


Anyone know what I am or could be doing wrong? Thanks for any help!

--Robert
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba PDC

Reply via email to