Masopust, Christian
2008-Oct-29 10:49 UTC
[Samba] Strange problems with Samba 3.0.32 as ADS member of W2k3 domain
hello, i've some strange problems with my samba-servers acting as domain-member (ADS) in a W2k3 active directory. we have 3 DCs here and running samba without specifying a dedicated "password server" doesn't work! the 3 DCs have the following roles: - DC1: PDC-emulator, has global catalog - DC2: RID-master, infrastructure-master, no global catalog - DC3: no special role, has global catalog what works: - kerberos setup is fine, can kinit without problems. - net ads join works fine (no matter to which server i do) - net ads testjoin gives "join ok" (either specifying a server to check or not) - samba-shares working only when "password server = DC3" !!! what doesn't work: - samba-shares without specifying a password server - samba-shares with "password server" either DC1 or DC2 after doing a lot of test, rejoins, and so on, i figured out that also the following setup works: - password server = * AND also running winbindd !!! the strange thing is that i've some other setups (same samba, same domain on another location and therefore other DCs) that work fine without winbindd running... so i'm now totally confused and looking forward to any help! thanks a lot, christian -- "I sense much NT in you, NT leads to Blue Screen. Blue Screen leads to downtime, downtime leads to suffering. NT is the path to the darkside." - Unknown Unix Jedi
Jelmer Jaarsma
2008-Oct-29 14:12 UTC
[Samba] Strange problems with Samba 3.0.32 as ADS member of W2k3 domain
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Masopust, Christian wrote:> hello, > > i've some strange problems with my samba-servers acting as domain-member > (ADS) in a W2k3 active directory. > > we have 3 DCs here and running samba without specifying a dedicated "password server" > doesn't work! the 3 DCs have the following roles: > > - DC1: PDC-emulator, has global catalog > - DC2: RID-master, infrastructure-master, no global catalog > - DC3: no special role, has global catalogHave DC1 and DC2 been upgraded to Windows Server 2008 by any chance? I had similar problems. Machines that had already been joined worked fine but new machines had to be joined to the domain by specifying a DC that was still running W2k3. Upgrading to Samba 3.2 fixed those problems. Regards, Jelmer Jaarsma -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkIanYACgkQ3bV1+S5veEjCBACeNDiFDMmcG+iIFplgMuSWh4ur pO0An0ULYJn66eZ3JBCduuuhWj/pDtvZ =NcM1 -----END PGP SIGNATURE-----