Alex Domoradov
2012-Jan-29 12:45 UTC
[Samba] Samba member server creates sambaDomainName LDAP entry
I have the following box setup as a file server # cat /etc/redhat-release CentOS release 6.2 (Final) # uname -r 2.6.32-220.4.1.el6.x86_64 # rpm -qa | grep samba samba-3.5.10-114.el6.x86_64 samba-winbind-clients-3.5.10-114.el6.x86_64 samba-client-3.5.10-114.el6.x86_64 samba-winbind-3.5.10-114.el6.x86_64 samba-common-3.5.10-114.el6.x86_64 I have created a Domain Member Server for a "NT4 style" Samba domain with an LDAP backend. I have PDC(samba-3.4.15+LDAP) installed on CentOS-5.7. After joining the domain, the member server creates a sambaDomainName entry in LDAP that I don't think should be there. sambaDomainName=FS2 Where FS2 is the netbios name of the domain member server. # testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[install]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] dos charset = cp866 unix charset = utf8 display charset = utf8 workgroup = W3 server string = File server 2 security = DOMAIN passdb backend = ldapsam:"ldap://pdc.w3.lan/" client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/samba.log max log size = 50000 name resolve order = wins bcast hosts deadtime = 15 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No printcap name = /dev/null disable spoolss = Yes show add printer wizard = No os level = 8 lm announce = No local master = No domain master = No dns proxy = No wins server = 192.168.210.104 ldap admin dn = "cn=root,dc=w3,dc=lan" ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap suffix = dc=w3,dc=lan ldap ssl = no ldap user suffix = ou=users host msdfs = No idmap backend = ldap:"ldap://pdc.w3.lan/" idmap uid = 50000-500000 idmap gid = 50000-500000 winbind trusted domains only = Yes [install] comment = Soft deployment path = /data/install/ valid users = @W3\w3-install write list = adomoradov All test on the domain member server works fine # wbinfo -p Ping to winbindd succeeded # wbinfo -t checking the trust secret for domain W3 via RPC calls succeeded # wbinfo -u | head -3 root nobody adomoradov # wbinfo -g | head -3 domain admins domain users domain guests # id adomoradov uid=1017(adomoradov) gid=512(Domain Admins) groups=512(Domain Admins),513(Domain Users),1027(w3-intdev),1336(w3-svn),1338(w3j-intdev) # wbinfo -a adomoradov%1234567 plaintext password authentication succeeded challenge/response password authentication succeeded Why does my domain member server create a sambaDomainName entry in LDAP?
Andrew Bartlett
2012-Jan-29 20:31 UTC
[Samba] Samba member server creates sambaDomainName LDAP entry
On Sun, 2012-01-29 at 14:45 +0200, Alex Domoradov wrote:> I have the following box setup as a file server> After joining the domain, the member server creates a sambaDomainName entry > in LDAP that I don't think should be there. > > sambaDomainName=FS2 > > Where FS2 is the netbios name of the domain member server.> security = DOMAIN > passdb backend = ldapsam:"ldap://pdc.w3.lan/"This is the why the entry is created. You have pointed your member server at the LDAP backend of the DC. The member server started to write it's own information there. Simply remove this line and use a local passdb for the local users - communication between Samba member servers and Samba3 DCs is not over LDAP. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org