Re: [Samba] problem with linux server as domain member in samba pdc
I've tried your solution : 1) secrets.tdb is created after joining the domain so it contains account for the machine... when i run pdbedit -Lv I have : Connection to LDAP server failed for the 1 try! 2) so i've done like on the PDC : smbpasswd -w and i've the following woth the same command : sid S-1-5-21-1031258178-388409940-3248586695-1307 does not belong to our domain where S-1-5-21-1031258178-388409940-3248586695 is my domain SID. So where must i put the ldap password ? My smb.conf passdb backend = ldapsam:ldap:/// ldap passwd sync = yes ldap admin dn = cn=admin,dc=isc84,dc=org ldap delete dn = yes ldap ssl = off ldap suffix = ou=samba,dc=isc84,dc=org ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Machines enable privileges = yes regards Daniel Müller a écrit : Be sure your ldap-client with getent group and getent passwd is working for your ldap server on the member server. Remove your member server again from your ldap-tree. Stop samba on your member server. Delete your secrets.tdb in /etc/samba. My config of my member server: Security=domain Preferred master=no Local master=no Domain master=no Wins server=your.domain.server #to be shure Ldap admin dn=cn=youradmin,dc=your,dc=domain Ldap suffix=dc=your,dc=domain Ldap group suffix= ou=yourgoups Ldap user suffix=ou=youusers Ldap machine suffix= ou=yourmachines Ldap idmap suffix= ou=Idmap Idmap backend=ldap:ldap://yourldapserver Idmap uid=1-2 Idmap gid=1-2 Then smbpasswd -a -e root ; must be the same password as for your samba pdc /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass Then service smb start Working for me on any member server Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Allen Chen Gesendet: Dienstag, 5. April 2011 23:28 An: Hervé Hénoch Cc: samba@lists.samba.org Betreff: Re: [Samba] problem with linux server as domain member in samba pdc Hervé Hénoch wrote: Hello, My problem is the following : I've a domain controller under linux Samba 3.5.5 with LDAP. I want to include a Linux Samba as domain member but I've the following error : _netr_ServerAuthenticate2: failed to get machine password for account SSCFICHIERS$: NT_STATUS_ACCESS_DENIED I've put the following in smb.conf : workgroup = wins server = password server = security = domain I've too configured nsswitch.conf / libnss and pam so getent passwd/group/shadow so is connected too the underlying ldap : this is ok. net rpc join is successful and I can see the entry in my ldap tree and the secrets.tdb file is created in /var/lib/samba. So i've don't understand where is the problem ... I have a similar installation, but works fine. PDC: samba 3.4.5 ( use source) and ldap member server: samba-3.0.28 (comes with RHEL 5.2) On member server, I did this: # /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass # service smb start Can you make sure 1. there is no ldap config in smb.conf on the member server; 2. getent passwd / getent group show you the same results on PDC and member server. Allen -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 1750, chemin du Lavarin, 84000 Avignon Téléphone : 04.90.27.57.44 Messagerie : h.hen...@isc84.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with linux server as domain member in samba pdc
Hi, what do you mean by "to be sure" : the solution is to be improved or the value setted are to be sure ? is it sufficient for a domain member to see LDAP users like local linux users (imply getent working) and having password server = or must the member having samba connected to the LDAP tree ? if samba use the local tdb passdb backend : it seems it can't see new users added in the pdc regards Daniel Müller a écrit : Be sure your ldap-client with getent group and getent passwd is working for your ldap server on the member server. Remove your member server again from your ldap-tree. Stop samba on your member server. Delete your secrets.tdb in /etc/samba. My config of my member server: Security=domain Preferred master=no Local master=no Domain master=no Wins server=your.domain.server #to be shure Ldap admin dn=cn=youradmin,dc=your,dc=domain Ldap suffix=dc=your,dc=domain Ldap group suffix= ou=yourgoups Ldap user suffix=ou=youusers Ldap machine suffix= ou=yourmachines Ldap idmap suffix= ou=Idmap Idmap backend=ldap:ldap://yourldapserver Idmap uid=1-2 Idmap gid=1-2 Then smbpasswd -a -e root ; must be the same password as for your samba pdc /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass Then service smb start Working for me on any member server Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Allen Chen Gesendet: Dienstag, 5. April 2011 23:28 An: Hervé Hénoch Cc: samba@lists.samba.org Betreff: Re: [Samba] problem with linux server as domain member in samba pdc Hervé Hénoch wrote: Hello, My problem is the following : I've a domain controller under linux Samba 3.5.5 with LDAP. I want to include a Linux Samba as domain member but I've the following error : _netr_ServerAuthenticate2: failed to get machine password for account SSCFICHIERS$: NT_STATUS_ACCESS_DENIED I've put the following in smb.conf : workgroup = wins server = password server = security = domain I've too configured nsswitch.conf / libnss and pam so getent passwd/group/shadow so is connected too the underlying ldap : this is ok. net rpc join is successful and I can see the entry in my ldap tree and the secrets.tdb file is created in /var/lib/samba. So i've don't understand where is the problem ... I have a similar installation, but works fine. PDC: samba 3.4.5 ( use source) and ldap member server: samba-3.0.28 (comes with RHEL 5.2) On member server, I did this: # /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass # service smb start Can you make sure 1. there is no ldap config in smb.conf on the member server; 2. getent passwd / getent group show you the same results on PDC and member server. Allen -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 1750, chemin du Lavarin, 84000 Avignon Téléphone : 04.90.27.57.44 Messagerie : h.hen...@isc84.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with linux server as domain member in samba pdc
Be sure your ldap-client with getent group and getent passwd is working for your ldap server on the member server. Remove your member server again from your ldap-tree. Stop samba on your member server. Delete your secrets.tdb in /etc/samba. My config of my member server: Security=domain Preferred master=no Local master=no Domain master=no Wins server=your.domain.server #to be shure Ldap admin dn=cn=youradmin,dc=your,dc=domain Ldap suffix=dc=your,dc=domain Ldap group suffix= ou=yourgoups Ldap user suffix=ou=youusers Ldap machine suffix= ou=yourmachines Ldap idmap suffix= ou=Idmap Idmap backend=ldap:ldap://yourldapserver Idmap uid=1-2 Idmap gid=1-2 Then smbpasswd -a -e root ; must be the same password as for your samba pdc /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass Then service smb start Working for me on any member server Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Allen Chen Gesendet: Dienstag, 5. April 2011 23:28 An: Hervé Hénoch Cc: samba@lists.samba.org Betreff: Re: [Samba] problem with linux server as domain member in samba pdc Hervé Hénoch wrote: > Hello, > > My problem is the following : I've a domain controller under linux > Samba 3.5.5 with LDAP. > I want to include a Linux Samba as domain member but I've the > following error : > > _netr_ServerAuthenticate2: failed to get machine password for account > SSCFICHIERS$: NT_STATUS_ACCESS_DENIED > > I've put the following in smb.conf : > > workgroup = > wins server = > password server = > security = domain > > I've too configured nsswitch.conf / libnss and pam so getent > passwd/group/shadow so is connected too the underlying ldap : this is > ok. > > net rpc join is successful and I can see the entry in my ldap tree and > the secrets.tdb file is created in /var/lib/samba. > > So i've don't understand where is the problem ... I have a similar installation, but works fine. PDC: samba 3.4.5 ( use source) and ldap member server: samba-3.0.28 (comes with RHEL 5.2) On member server, I did this: # /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass # service smb start Can you make sure 1. there is no ldap config in smb.conf on the member server; 2. getent passwd / getent group show you the same results on PDC and member server. Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problem with linux server as domain member in samba pdc
Hervé Hénoch wrote: Hello, My problem is the following : I've a domain controller under linux Samba 3.5.5 with LDAP. I want to include a Linux Samba as domain member but I've the following error : _netr_ServerAuthenticate2: failed to get machine password for account SSCFICHIERS$: NT_STATUS_ACCESS_DENIED I've put the following in smb.conf : workgroup = wins server = password server = security = domain I've too configured nsswitch.conf / libnss and pam so getent passwd/group/shadow so is connected too the underlying ldap : this is ok. net rpc join is successful and I can see the entry in my ldap tree and the secrets.tdb file is created in /var/lib/samba. So i've don't understand where is the problem ... I have a similar installation, but works fine. PDC: samba 3.4.5 ( use source) and ldap member server: samba-3.0.28 (comes with RHEL 5.2) On member server, I did this: # /usr/bin/net rpc join -S PDC-host-name -Uadminuid%adminpass # service smb start Can you make sure 1. there is no ldap config in smb.conf on the member server; 2. getent passwd / getent group show you the same results on PDC and member server. Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problem with linux server as domain member in samba pdc
Hello, My problem is the following : I've a domain controller under linux Samba 3.5.5 with LDAP. I want to include a Linux Samba as domain member but I've the following error : _netr_ServerAuthenticate2: failed to get machine password for account SSCFICHIERS$: NT_STATUS_ACCESS_DENIED I've put the following in smb.conf : workgroup = wins server = password server = security = domain I've too configured nsswitch.conf / libnss and pam so getent passwd/group/shadow so is connected too the underlying ldap : this is ok. net rpc join is successful and I can see the entry in my ldap tree and the secrets.tdb file is created in /var/lib/samba. So i've don't understand where is the problem ... Help appreciate -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 1750, chemin du Lavarin, 84000 Avignon Téléphone : 04.90.27.57.44 Messagerie : h.hen...@isc84.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
