Buchan, I'm sending this to the samba list also. I'm hoping someone can pick out my config error - if that is what my problem is...
On Fri, 2004-05-28 at 11:16, Buchan Milne wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tim Jordan wrote: > | Is this package OK to use? I started building yesterday and did not > | notice that it moved from 3.0.4 to 3.0.5. > > I haven't used it much myself yet ... been too busy with real work ... > but we need to get an update out, so I wanted some testing. I uderstand, this is the first time this week I have had time to play. On a testing note I noticed that the krb5-client package was not installed with your samba package. Is this by design? > > | I'm asking becasue I'm having > | trouble getting a BDC configuration working. Trouble seems to be > | related to winbind. > | > > Are you setting up a BDC to a windows server???? YES! I want to migrate my users over to my samba server. Then I will take it samba out of the production environment and put it into a test network at which time I would reconfigure samba to be a PDC. This is all for testing, I CAN NOT impact the production domain (labor.ak). > > You shouldn't need winbind for a BDC to another samba server (although I > have seem some ridiculous guides that suggest this ...), you just need > all the samba servers looking at the same LDAP tree. Okay, after I joined the labor domain I tried a wbinfo -t and recieved this error: #wbinfo -t checking the trust secret via RPC calls failed Error code was STATUS_BUFFER_OVERFLOW (0x80000005) could not check secret This led me to install winbind. Obviously I'm off base on that one.... > > | getent passwd - brings up local account then pauses, like it's going to > | bring in the domain users, and then just ends. <log snip> > | > | nsswitch/winbind_user.c:winbindd_gerpwent(571) > | could not lookup domain user TIMJORDAN > | > | If it can't "lookup" the domain user account, then how does it know > | TIMJORDAN exists??? > | > > Depends what you were doing at the time, but if you were trying to > access a share or otherwise authenticate, it would know the user you're > connecting as. > The log shows each user in the domain (labor). I simply issued a getent passwd command. I have no local TIMJORDAN account. > | /etc/samba/smb.conf > | > | [global] > | workgroup = LABOR > | realm = labor.ak > | encrypt passwords = yes > | password server = * > | passdb backend = ldapsam:ldap://localhost > | domain master = no > | domain logons = no > > ^^^^ > This needs to be "yes" for a "BDC". Really? I don't want to offer a logon service until I have the samba server out of our production environment. > > | idmap backend = ldap:ldap://localhost > | ldap admin dn = cn=root,dc=smb2ldap,dc=org > | ldap suffix = dc=smb2ldap,dc=org > | ldap machine suffix = ou=computers > | ldap user suffix = ou=People > | ldap group suffix = ou=Groups > | ldap idmap suffix = ou=Idmap > | ldap ssl = off > | idmap uid = 10000-20000 > | idmap gid = 10000-20000 > | wins server = ipaddres > | > > Regards, > Buchan Thanks Buchan! TJ > > - -- > Buchan Milne Senior Support Technician > Obsidian Systems http://www.obsidian.co.za > B.Eng RHCE (803004789010797) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFAt5AUrJK6UGDSBKcRAiBgAJ9zl4V0R1vVHtJSCCgFjCAmwnk8/ACeNRQL > cR8AHbuD2hMV1E3WfNBXLEw= > =QG0O > -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba