Change your security from ads to server security = ADS to server Mark Sarria ----- Original Message ----- From: IslandBwoy <IslandBwoy@ToughGuy.net> Date: Wednesday, March 9, 2005 2:17 pm Subject: [Samba] Domain Control> Hi all, > > I have a simple problem that i cant seem to figure out. Right now > i have > most of my confs in place to join my samba server to my Active > DirectoryDomain. The problem is, is that i would like for the > samba server to be > added as a workstation and not a domain controller. However when > i browse > my AD tree i see that it has been added with the role of domain > controllerno matter what i do. Right now i have my samba.conf > file stripped down to > the following: > > [global] > netbios name = my.server.name > workgroup = workgroup > realm = MYREALM.NET > security = ADS > encrypt passwords = yes > > #ThE following was added to rectify the problem > preferred master = no > domain master = no > local master = no > > Thats it! How do i get my samba server to join the domain without > activating it as a domain controller? > > R. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
So even though i want my machine to participate in a AD domain i can use security = ADS? I got that from the Samba reference manual under domain membership so i figured i had to follow that to the T. So if what you are saying is the correct way to make this happen without being a domain controller, what is that option really for? Thanks for the reply, R ----- Original Message ----- From: <marksarria@socal.rr.com> To: "IslandBwoy" <IslandBwoy@ToughGuy.net> Cc: <samba@lists.samba.org> Sent: Wednesday, March 09, 2005 5:40 PM Subject: Re: [Samba] Domain Control> > Change your security from ads to server > > security = ADS to server > > > Mark Sarria > > ----- Original Message ----- > From: IslandBwoy <IslandBwoy@ToughGuy.net> > Date: Wednesday, March 9, 2005 2:17 pm > Subject: [Samba] Domain Control > > > Hi all, > > > > I have a simple problem that i cant seem to figure out. Right now > > i have > > most of my confs in place to join my samba server to my Active > > DirectoryDomain. The problem is, is that i would like for the > > samba server to be > > added as a workstation and not a domain controller. However when > > i browse > > my AD tree i see that it has been added with the role of domain > > controllerno matter what i do. Right now i have my samba.conf > > file stripped down to > > the following: > > > > [global] > > netbios name = my.server.name > > workgroup = workgroup > > realm = MYREALM.NET > > security = ADS > > encrypt passwords = yes > > > > #ThE following was added to rectify the problem > > preferred master = no > > domain master = no > > local master = no > > > > Thats it! How do i get my samba server to join the domain without > > activating it as a domain controller? > > > > R. > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > >---------------------------------------------------------------------------- ----> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
BTW i tried that and it still added as domain controller. Maybe i should do a M$ reboot :-(. ----- Original Message ----- From: <marksarria@socal.rr.com> To: "IslandBwoy" <IslandBwoy@ToughGuy.net> Cc: <samba@lists.samba.org> Sent: Wednesday, March 09, 2005 5:40 PM Subject: Re: [Samba] Domain Control> > Change your security from ads to server > > security = ADS to server > > > Mark Sarria > > ----- Original Message ----- > From: IslandBwoy <IslandBwoy@ToughGuy.net> > Date: Wednesday, March 9, 2005 2:17 pm > Subject: [Samba] Domain Control > > > Hi all, > > > > I have a simple problem that i cant seem to figure out. Right now > > i have > > most of my confs in place to join my samba server to my Active > > DirectoryDomain. The problem is, is that i would like for the > > samba server to be > > added as a workstation and not a domain controller. However when > > i browse > > my AD tree i see that it has been added with the role of domain > > controllerno matter what i do. Right now i have my samba.conf > > file stripped down to > > the following: > > > > [global] > > netbios name = my.server.name > > workgroup = workgroup > > realm = MYREALM.NET > > security = ADS > > encrypt passwords = yes > > > > #ThE following was added to rectify the problem > > preferred master = no > > domain master = no > > local master = no > > > > Thats it! How do i get my samba server to join the domain without > > activating it as a domain controller? > > > > R. > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > >---------------------------------------------------------------------------- ----> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
You definitely don't have to stop using security = ads to make this work. I suggest that you delete the machine account for this server on the Active Directory domain controller via Active Directory Users and Groups. I think there's some stale information there about the role of the sever. Then join the domain again. Good luck! -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/
I have this same problem. I wrote it up here: https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't reproduce it so he (rightly) marked it invalid. This is 100% reproducible for me (and apparently you also), every samba server I join to the domain, shows up with the role "Domain Controller". Just to be clear, this is not in OU display in the Active Directory Users and Computers screen, but in the results of a find. If anybody else is experiencing this problem, could you please place your notes, and smb.conf file in bugzilla at https://bugzilla.samba.org/show_bug.cgi?id=1423 -Marc> -----Original Message----- > From: samba-bounces+marc_kaplan=adaptec.com@lists.samba.org[mailto:samba-> bounces+marc_kaplan=adaptec.com@lists.samba.org] On Behalf OfIslandBwoy> Sent: Wednesday, March 09, 2005 3:06 PM > To: Thomas Boutell; marksarria@socal.rr.com > Cc: samba@lists.samba.org > Subject: Re: [Samba] Domain Control > > Yeah. Thats what i've been doing. The problem is that if i leave itlike> this i'm affraid that as time goes more and more machines will try to > authenticate through this server and eventually cause problems on our > network. Either way, just to be sure, I'm going to my realm in myactive> directory tree and searching for the machine name. Then deleting itfrom> there. Is there something i can do to assure there is no stail > information > being used? > > > ----- Original Message ----- > From: "Thomas Boutell" <boutell@boutell.com> > To: <marksarria@socal.rr.com> > Cc: <samba@lists.samba.org>; "IslandBwoy" <IslandBwoy@ToughGuy.net> > Sent: Wednesday, March 09, 2005 5:53 PM > Subject: Re: [Samba] Domain Control > > > > You definitely don't have to stop using security = ads to make this > work. > > > > I suggest that you delete the machine account for this server on the > > Active Directory domain controller via Active Directory Users and > Groups. > > I think there's some stale information there about the role of the > sever. > > > > Then join the domain again. > > > > Good luck! > > > > -- > > Thomas Boutell > > Boutell.Com, Inc. > > http://www.boutell.com/ > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
Nope, they just show up with that roll in a search, the don't perform any DC functionality. -Marc> -----Original Message----- > From: IslandBwoy [mailto:IslandBwoy@ToughGuy.net] > Sent: Thursday, March 10, 2005 11:56 AM > To: Kaplan, Marc; Thomas Boutell; marksarria@socal.rr.com; Gerald(Jerry)> Carter > Cc: samba@lists.samba.org > Subject: Re: [Samba] Domain Control > > PS. Kaplan, when you join your samba servers to the domain and theyshow> up > as domain controllers, do they actually perform the roles of such? My > question here is simply what is the ramifications of leaving mymachine on> the domain considering what is happening? > > > ----- Original Message ----- > From: "Kaplan, Marc" <marc_kaplan@adaptec.com> > To: "IslandBwoy" <IslandBwoy@ToughGuy.net>; "Thomas Boutell" > <boutell@boutell.com>; <marksarria@socal.rr.com>; "Gerald (Jerry)Carter"> <jerry@samba.org> > Cc: <samba@lists.samba.org> > Sent: Wednesday, March 09, 2005 6:55 PM > Subject: RE: [Samba] Domain Control > > > I have this same problem. I wrote it up here: > https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't > reproduce it so he (rightly) marked it invalid. > > This is 100% reproducible for me (and apparently you also), everysamba> server I join to the domain, shows up with the role "DomainController".> Just to be clear, this is not in OU display in the Active Directory > Users and Computers screen, but in the results of a find. > > If anybody else is experiencing this problem, could you please place > your notes, and smb.conf file in bugzilla at > https://bugzilla.samba.org/show_bug.cgi?id=1423 > > -Marc > > -----Original Message----- > > From: samba-bounces+marc_kaplan=adaptec.com@lists.samba.org > [mailto:samba- > > bounces+marc_kaplan=adaptec.com@lists.samba.org] On Behalf Of > IslandBwoy > > Sent: Wednesday, March 09, 2005 3:06 PM > > To: Thomas Boutell; marksarria@socal.rr.com > > Cc: samba@lists.samba.org > > Subject: Re: [Samba] Domain Control > > > > Yeah. Thats what i've been doing. The problem is that if i leaveit> like > > this i'm affraid that as time goes more and more machines will tryto> > authenticate through this server and eventually cause problems onour> > network. Either way, just to be sure, I'm going to my realm in my > active > > directory tree and searching for the machine name. Then deleting it > from > > there. Is there something i can do to assure there is no stail > > information > > being used? > > > > > > ----- Original Message ----- > > From: "Thomas Boutell" <boutell@boutell.com> > > To: <marksarria@socal.rr.com> > > Cc: <samba@lists.samba.org>; "IslandBwoy" <IslandBwoy@ToughGuy.net> > > Sent: Wednesday, March 09, 2005 5:53 PM > > Subject: Re: [Samba] Domain Control > > > > > > > You definitely don't have to stop using security = ads to makethis> > work. > > > > > > I suggest that you delete the machine account for this server onthe> > > Active Directory domain controller via Active Directory Users and > > Groups. > > > I think there's some stale information there about the role of the > > sever. > > > > > > Then join the domain again. > > > > > > Good luck! > > > > > > -- > > > Thomas Boutell > > > Boutell.Com, Inc. > > > http://www.boutell.com/ > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >