Onotsky, Steve x55328
2009-Nov-16 18:21 UTC
[Samba] Samba 3.4.2 and ADS - joined as member *and* DC...?
Hi all, We're preparing to move from a share-level authentication paradigm to integrating with AD. We're running Pware's build of Samba 3.4.2, MIT Kerberos, and OpenLDAP on AIX 6.1. I've worked through the procedure and obtained a Kerberos ticket, then joined the host to our primary AD domain (we have two, one for general use and one for production systems, which is firewall-segregated; this host connects to the general domain). However, when I asked where in Active Directory Users and Computers (ADU&C) the server object would be, the Windows admins noticed that it was showing up both as a member server (when looking at the properties card of the server object), and as a domain controller (when found using ADU&C's Find facility). What's odd is, I was certain that I'd turned off everything in smb.conf that would cause Samba to try to promote itself to be an NT4 DC. Am I missing something, or is this just the way Samba will present itself in AD? Here's my (obfuscated) smb.conf for this host: [global] security = ads realm = MY.FULL.DOMAIN workgroup = MY encrypt passwords = yes server string = MYHOSTNAME log level = 1 log file = /usr/local/samba/var/log.%m hosts allow = x.xx. localhost socket options = TCP_NODELAY locking = yes strict locking = yes keepalive = 30 domain master = no preferred master = no domain logons = no client use spnego = yes [homes] browseable = no guest ok = no read only = no create mask = 0755 [tmp] comment = tmp files path = /tmp read only = no Thanks in advance for advice and information. Steve Onotsky Team Lead, Server Support Broadridge Investor Communication Solutions, Canada 5970 Chedworth Way Mississauga ON L5R 4G5 Tel: (905) 507-5328 Fax: (905) 507-5312 This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.