Does your DNS server have the following entries: If not it won't work.
_ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.d8888ddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1
Etienne-Hugues Fortin wrote:
Hi,
I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time).
So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC.
I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode?
Thank you.
Etienne-Hugues Fortin
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
