samba - Aug 2006 - new problem: PDC is not member of own domain? (was: 'ldap machine suffix' is ignored?)

Hi, all!

There is a share on PDC (Samba 3.0.23):

[Soft]
       comment = Software
       path = /st2/soft
       valid users = "@Domain Users"
       read only = No
       share modes = No

I do:

# cd /st2/soft
# touch testfile
# chown testuser:"Domain Users" testfile
# chmod a+rwx testfile


After logon on windows workstation (domain member) as testuser, I going 
to \\PDC\SOFT and try to read, write (all ok) and change permissions on 
testfile.

If I try to save new permissions (without extended acl's, but they are 
supported) I see error (in russian in original, translate not equal): 
"We havn't know about machine  PDC - does it member of domain
DOMAIN?"


How can I resolve this problem? There is my [globals]:

[global]
       dos charset = CP1251
       unix charset = KOI8-R
       workgroup = DOMAIN
       server string = Server
       password server        passdb backend = ldapsam
       passwd program = /usr/local/sbin/smbldap-passwd %u
       passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*all*authentication*tokens*updated*
       log level = 2
       log file = /var/log/samba/%m.log
       time server = Yes
       max smbd processes = 30
       add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
       delete user script = /usr/local/sbin/smbldap-userdel "%u"
       add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
       delete group script = /usr/local/sbin/smbldap-groupdel "%g"
       add user to group script = /usr/local/sbin/smbldap-groupmod -m 
"%u" "%g"
       delete user from group script = /usr/local/sbin/smbldap-groupmod 
-x "%u"
       set primary group script = /usr/local/sbin/smbldap-usermod -g 
"%g" "%u"
       add machine script = /usr/local/sbin/smbldap-useradd -w %u
       logon script = logon.bat %U
       logon path        logon home        domain logons = Yes
       os level = 256
       domain master = Yes
       dns proxy = No
       wins support = Yes
       ldap admin dn = cn=root,dc=mydomain,dc=ru
       ldap delete dn = Yes
       ldap group suffix = ou=groups
       ldap idmap suffix = ou=idmap
       ldap machine suffix = ou=users
       ldap passwd sync = Yes
       ldap suffix = dc=mydomain,dc=ru
       ldap ssl = no
       ldap user suffix = ou=users
       idmap backend = ldap:ldap://localhost
       idmap uid = 10000-20000
       idmap gid = 10000-20000
       winbind use default domain = Yes
       admin users = "@Domain Admins"
       hosts allow = 85.114.8.128/255.255.255.128
       hosts deny = ALL
       map acl inherit = Yes

Mike A. Kuznetsov schrieb:
> If I try to save new permissions (without extended acl's, but they are
> supported) I see error (in russian in original, translate not equal):
> "We havn't know about machine  PDC - does it member of domain
DOMAIN?"
Did you join your PDC to the domain?
Something along the line of

   net rpc join -U root

-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany

Wolfgang Ratzka ?????:
> Mike A. Kuznetsov schrieb:
>
>
>   
>> Yes, I tried it and PDC successfully joined DOMAIN
>> But it didn't help
>>
>>     
> restarted winbind after that?
>
>   
Yes. But it didn't help