Hi
I am trying to join a out-of-the box win2k3 AD domain controller
it's been + forest prep for r2 domain
samba Version 3.3.2 on Freebsd 6.3-RELEASE
openldap-sasl-2.3
heimdal 0.6.3
adserver = AD DC server i installed (win2k3 box)
domain = my domain name
/etc/resolv.conf
search domain.net
nameserver adserver
contents of /usr/local/etc/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.NET
server string = Samba Server
security = ADS
auth methods = winbind
password server = adserver
passdb backend = ldapsam:ldap://adserver.domain.net
root directory = /raid5/samba
lanman auth = Yes
use kerberos keytab = Yes
log file = /var/log/samba/log.%m
max log size = 500
wins server = 192.168.0.1
ldap admin dn = cn=administrator,cn=Users,dc=domain,dc=net # admin is in
default container
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=Domain-Computers # computer OU
ldap suffix = DC=DOMAIN,DC=NET
ldap ssl = no
ldap user suffix = ou=Domain-Users # user container
idmap alloc backend = ldap
idmap uid = 500-100000
idmap gid = 500-100000
template shell = /bin/tcsh
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config DOLPHIN:backend = ldap
idmap config DOLPHIN:readonly = no
idmap config DOLPHIN:default = yes
idmap config DOLPHIN:ldap_base_dn = ou=idmap,dc=domain,dc=net
idmap config DOLPHIN:ldap_user_dn =
cn="Domain-Users",dc=dolphin,dc=net
idmap config DOLPHIN:ldap_url = ldap://adserver.domain.net
idmap config DOLPHIN:range = 500-500000
idmap alloc config:ldap_base_dn = ou=idmap,dc=domain,dc=net
idmap alloc config:ldap_user_dn =
cn="Domain-Users",dc=domain,dc=net
idmap alloc config:ldap_url = ldap://adserver.domain.net
idmap alloc config:range = 500-5000007
valid users = "@DOMAIN\domain users", "@domain
users"
admin users = DOMAIN\administrator, administrator
/etc/nsswitch.conf
group: files winbind ldap
group_compat: nis
hosts: files dns nis wins
networks: files dns
passwd: files winbind ldap
passwd_compat: nis
shells: files
shadow: files winbind
kinit works
kinit
wbinfo -t --> works
net rpc testjoin --> works
net ads testjoin --> works
net rpc join works
net ads join works
wbinfo -g --> doesn't work
winfo -u --> doesn't work
getent passwd --> doesn't work
getent group --> doesn't work
in the logs i find several errors (* marks start of log line)
* add_new_domain_info: failed to add domain dn=
sambaDomainName=LOCALHOST,DC=DOMAIN,DC=NET with: No such attributte
* smbldap_search_domain_info: Adding domain info for LOCALHOST failed with
NT_STATUS_UNSUCCESSFUL
* Connection to LDAP server failed for the 1 try
* Unable to open new log file /var/log/samba/log.192.168.0.10: No such file or
directory
smbclient -L <hostname> -Uadministrator%apassword
works for AD domain controller, windows xp pro clients
althoug NOT for windows 2003 member servers (wierd part here)
also doing ldapsearch -Z > /tmp/afile I noticed that AD didn't have all
information about the freebsd host I would expect (dns name, Operating system
(name,version and service pack)
with adsi edit (not the best way) I was able to set the DNS name(s)
windows clients(xp,win2k3 member,win2k3 AD DC) keep having "popups"
to login but no login possible !!
Can somebody please help me with getting things working ?
Victor
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
