hi@all! i set up a system where samba is a primary and a secondary domain controller; the authentication is over ldap and everything works fine but.... i would like to test what happen when the pdc is down and so i shutdown the smb service on the pdc. the logins from all clients worked well on the bdc but when i try to join a new machine to the domain, it can't contact the domain controller (ok because the pdc is down). my question is, wheather it is possible to configure the bdc so, that i can join to the domain when the pdc is down? my second question is wheather it is possible, that all administrative users can join a new machine to the domain and not only the root user? with best regards Andreas
Hi,> -----Original Message----- > From: Andreas Fladischer [mailto:andreas.fladischer@ecofinance.com] > Sent: quarta-feira, 11 de Janeiro de 2006 9:26 > To: samba@lists.samba.org > Subject: [Samba] Samba as domain controller > > hi@all! > > i set up a system where samba is a primary and a secondary > domain controller; the authentication is over ldap and > everything works fine but.... > > i would like to test what happen when the pdc is down and so > i shutdown the smb service on the pdc. the logins from all > clients worked well on the bdc but when i try to join a new > machine to the domain, it can't contact the domain controller > (ok because the pdc is down). my question is, wheather it is > possible to configure the bdc so, that i can join to the > domain when the pdc is down?That's the normal behaviour on an NT Domain. When the PDC is no users can be modified or machines added. The Domain enters a reand-only state. The only way would be to "promote" the BDC to PDC.> my second question is wheather it is possible, that all > administrative users can join a new machine to the domain and > not only the root user?Yes, if using privileges you must set the SeMachineAccountPrivilege. Something like net rpc rights grant username SeMachineAccountPrivilege Hope this helps, Bruno Guerreiro> > with best regards > > Andreas > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Hi! On Wednesday 11 January 2006 10:25, Andreas Fladischer wrote:> my second question is wheather it is possible, that all administrative > users can join a new machine to the domain and not only the root user?You have to grant to administrative group SeMachineAccountPrivilege. Example: # net rpc -U admin%passwd rights grant "user group" SeMachineAccountPrivilege Fabio -- Dott. Fabio Marcone 2T srl Telefono +39 - 0871- 540154 Fax +39 - 0871- 571594 Email fabio.marcone@duet.it Indirizzo Viale B. Croce 573, 66013 Chieti Scalo (CH)
Hi,> -----Original Message----- > From: Andreas Fladischer [mailto:andreas.fladischer@ecofinance.com] > Sent: quarta-feira, 11 de Janeiro de 2006 9:42 > To: Bruno Guerreiro > Subject: Re: [Samba] Samba as domain controller > > Thanks for your fast answer! > > do you mean that i have to do > > net rpc rights grant username SeMachineAccountPrivilege > > for all users?i have 30 users and all are administrators- so > i have to do this command 30 times?Do you really want your 30 users to be domain administrators? Or just add the machines? If it is the first situation it's easier to add them to a group "Domain Admins" or something and then give that group admin rights in your smb.conf If the second, not really sure if you can give rights to a group. Anyone ? If it's not possible to give permissions to a group, than the solution would be to grant rights one, by one. Best regards, Bruno Guerreiro> greetz > > Andreas > > > Bruno Guerreiro wrote: > > >Hi, > > > > > > > >>-----Original Message----- > >>From: Andreas Fladischer [mailto:andreas.fladischer@ecofinance.com] > >>Sent: quarta-feira, 11 de Janeiro de 2006 9:26 > >>To: samba@lists.samba.org > >>Subject: [Samba] Samba as domain controller > >> > >>hi@all! > >> > >>i set up a system where samba is a primary and a secondary domain > >>controller; the authentication is over ldap and everything > works fine > >>but.... > >> > >>i would like to test what happen when the pdc is down and so i > >>shutdown the smb service on the pdc. the logins from all clients > >>worked well on the bdc but when i try to join a new machine to the > >>domain, it can't contact the domain controller (ok because > the pdc is > >>down). my question is, wheather it is possible to configure the bdc > >>so, that i can join to the domain when the pdc is down? > >> > >> > > > >That's the normal behaviour on an NT Domain. When the PDC is > no users can be > >modified or machines added. The Domain enters a reand-only > state. The only > >way would be to "promote" the BDC to PDC. > > > > > > > >>my second question is wheather it is possible, that all > >>administrative users can join a new machine to the domain and > >>not only the root user? > >> > >> > > > >Yes, if using privileges you must set the SeMachineAccountPrivilege. > >Something like > >net rpc rights grant username SeMachineAccountPrivilege > > > > > >Hope this helps, > >Bruno Guerreiro > > > > > > > >>with best regards > >> > >>Andreas > >>-- > >>To unsubscribe from this list go to the following URL and read the > >>instructions: https://lists.samba.org/mailman/listinfo/samba > >> > >> > >> > > > > > > >