Hi there, I've been going through the samba 3 by example book and have now successfully replaced my NT 4 PDC with a Linux machine running samba and an LDAP backend. Beautiful. However, I've run into a slight problem. When I try and add a new XP pro machine to my domain, I get the following message: A domain controller for the domain TEST could not be contacted. After doing some research on this, it seems as though this is usually a result of not having dns set up, or not having the wins server field filled in on the XP machine. Yet both my samba server and xp client can resolve the name of the other just fine, and I already have the wins server field filled in with the address of my samba server. In addition I have netbios over tcp/ip explicitly enabled (even though that's probably not needed as my xp machine has a static ip). After searching a bit for a solution, I saw mentioned that some registry tweaks on the xp machine are needed, but as far as I can tell this is only when you're using a version of samba older than version 3. Is that not right? At any rate, setting something along the lines of "requiresignorseal" to zero made no difference. So, next, using various examples of samba pdc setups I've found on the web, I've tried various options such as "os level", "preferred master", "local master", as well as "wins support" (which for some reason is commented out in the samba 3 by example sample configuration). But none of these options seem to make any difference either. And finally I've tried was adding some entries to hosts and lmhosts on my client, but still no luck. So, if anyone has any ideas, I'd greatly appreciate it. Thanks in advance, Glen P.S. The version of samba I'm currently running is samba-3.0.23c-1.fc5, on Fedora Core 5. And my current smb.conf is as follows (pretty much straight from the samba 3 by example book): [global] workgroup = TEST netbios name = LINUX passdb backend = ldapsam:ldap://localhost log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 smb ports = 139 445 name resolve order = wins bcast hosts add user script = /etc/opt/IDEALX/smbldap-tools/smbldap-useradd -m '%u' delete user script = /etc/opt/IDEALX/smbldap-tools/smbldap-userdel '%u' add group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupadd '%g' delete group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupdel '%g' add user to group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupmod -m '%u' '%g' delete user from group script = /etc/opt/IDEALX/smbldap-tools/smbldap-groupmod -x '%u' '%g' set primary group script = /etc/opt/IDEALX/smbldap-tools/smbldap-usermod -g '%g' '%u' add machine script = /etc/opt/IDEALX/smbldap-tools/smbldap-useradd -w '%u' logon script = scripts\logon.cmd logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = X: domain logons = Yes domain master = Yes wins support = Yes wins server = 10.6.6.6 ldap admin dn = cn=Directory Manager ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=People ldap passwd sync = Yes ldap suffix = dc=rmc,dc=cert,dc=ucr,dc=edu ldap ssl = no ldap timeout = 20 ldap user suffix = ou=People idmap backend = ldap:ldap://localhost idmap uid = 15000-20000 idmap gid = 15000-20000 winbind nested groups = Yes ea support = Yes map acl inherit = Yes [homes] comment = Home Directories path = /home/%U valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes [profdata] comment = Profile Data Share path = /var/lib/samba/profdata read only = No profile acls = Yes
System Administrator
2006-Oct-09 22:47 UTC
[Samba] Unable to add an xp machine to my domain
>>> > Hi there, > > I've been going through the samba 3 by example book and have now > successfully replaced my NT 4 PDC with a Linux machine running samba and> an LDAP backend. Beautiful. > > However, I've run into a slight problem. When I try and add a new XP > pro machine to my domain, I get the following message: > A domain controller for the domain TEST could not be contacted. >I had the same problem. After doing some research I found a website that suggested changing the add machine script to use %m (machine name) instead of %u. This partly fixed the problem. LDAP was creating an computer object but only the posix account details. There was no sambaSAMAccount attributes. Working through the scripts I realised sub add_samba_machine was never called. My mod was to add it in the Options{'w'} section of code in smbldap-useradd if (!add_samba_machine ($userName,$userUidNumber)) { die "$0: error while adding samba machine\n"; } -- The contents of this email may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. PLAN Australia is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt.