Hello,
I setting up a new PDC for a new domain using samba 3.2.0
I use LDAP as passwd/idmap backend.
I started from scratch just creating the OU for the
users/groups/machines/idmaps in the ldap directory, + a user used to bind
to ldap.
So from there I started winbind and ran net sam provision, which worked
great.
Now I plan this domain will have a one way trust with one other domain,
and as I start playing with wbinfo to verify the local/builtin groups
appear, I found that wbinfo -t fails to check secret with :
myserver:/usr/local/samba/bin# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
Could not check secret
So, I'm wondering, do I need to create some kind of machine trust account
for the PDC itself, or this reply from wbinfo -t is expected ?
[global]
workgroup = EVENTLAB
netbios name = TLS-SRV-01
server string = Samba for EventLab
interfaces = eth1 lo
bind interfaces only = Yes
hosts allow = 10.211.0.0/16 10.212.0.0/16 127.0.0.1
socket address = 10.211.254.253
passdb backend = ldapsam:ldap://127.0.0.1:389
ldap admin dn = cn=SambaAdmin,dc=x-files,dc=fr
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machines
ldap suffix = dc=x-files,dc=fr
ldapsam:trusted = Yes
ldapsam:editposix = Yes
time server = Yes
map acl inherit = Yes
nt acl support = Yes
unix charset = UTF-8
# unix password sync = Yes
# passwd chat = *new*password* %n\n*new*password* %n\n *updated*
# pam password change = No
passwd program = /usr/sbin/smbldap-passwd %u
# username map = /etc/samba/username.map
reset on zero vc = Yes
use sendfile = Yes
#
# Logon options
#
domain logons = Yes
logon drive = h:
logon path = \\TLS-SRV-01\Profiles\%U
logon home = \\TLS-SRV-01\%U
logon script = Startup.bat
#
# Printing options
#
load printers = No
#
# Browsing options
#
os level = 65
announce version = 4.9
preferred master = No
domain master = Yes
local master = No
# remote browse sync = 10.212.254.254
# remote announce = 10.212.254.254
#
# WINS and resolver options
#
wins support = Yes
# wins server = 10.212.254.254
wins proxy = Yes
name resolve order = lmhosts wins host bcast
#
# Debug options
#
log level = 0
debug timestamp = No
debug prefix timestamp = No
debug hires timestamp = No
debug pid = Yes
debug uid = Yes
#
# Winbind options
#
winbind enum users = Yes
winbind enum groups = Yes
idmap domains = TRUSTEDDOM
idmap config TRUSTEDDOM:backend = ldap
idmap config TRUSTEDDOM:default = Yes
idmap config TRUSTEDDOM:ldap_base_dn =
ou=TRUSTEDDOM,ou=Idmaps,dc=x-files,dc=fr
idmap config TRUSTEDDOM:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr
idmap config TRUSTEDDOM:ldap_url = ldap://localhost/
idmap config TRUSTEDDOM:range = 10000 - 10999
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=Idmaps,dc=x-files,dc=fr
idmap alloc config:ldap_user_dn = cn=SambaAdmin,dc=x-files,dc=fr
idmap alloc config:ldap_url = ldap://localhost/
idmap alloc config:range = 20000 - 20999
template homedir = /home/home/%D/%U
template shell = /bin/false
winbind: rpc only = yes
winbind nested groups = yes
--
François Legal
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
