On Fri, Jan 25, 2013 at 3:32 AM, Fabrizio Monti <thefantaman at gmail.com>
wrote:> Hello to all,
> is the first time I write to this mailing list, I wanted to ask you a hand
> about an upgrade of samba I did on a centos 5.5 i386 with kernel
> 2.6.18-308.24.1.el5, which I updated with yum samba3x-3.3. 8-0.52.el5_5.2
> bringing it to samba3x-3.6.6-0.129.el5. Now I can not put the computer to
> the domain, the error is that I find myself
Well, for one thing, if you updated to samba3x your binaries for
things like "smbldap-usermod" are all going to be in /usr/bin, not
/usr/local/bin. Did you have an old hand-built Samba lying around? If
you did, you need to clear it.
Also, you *really* need to consider updating to CentOS 5.9 simply for
the security patches. It's unreasonable to expect a server to be
secure enough for secure, reliable file services or account management
when the basic OS hasn't been kept up-to-date.
Nico Kadel-Garcia
> Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0]
> auth/check_samsec.c:491(check_sam_security)
> Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security:
> make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL'
> Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0]
> auth/check_samsec.c:491(check_sam_security)
> Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security:
> make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL'
>
> This configuration of samba
>
> [root at VmPDC ~]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = GIS
> passdb backend = ldapsam:ldap://192.0.200.2/
> log file = /var/log/samba/log.%U
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> SO_KEEPALIVE
> add user script = /usr/local/bin/smbldap-useradd -a -m -P
"%u"
> delete user script = /usr/local/bin/smbldap-userdel -r
"%u"
> add group script = /usr/local/bin/smbldap-groupadd -p
"%g"
> delete group script = /usr/local/bin/smbldap-groupdel
"%g"
> add user to group script = /usr/local/bin/smbldap-groupmod -m
"%u"
> "%g"
> delete user from group script = /usr/local/bin/smbldap-groupmod -x
> "%u" "%g"
> set primary group script = /usr/local/bin/smbldap-usermod -g
"%g"
> "%u"
> add machine script = /usr/local/bin/smbldap-useradd -w
"%u"
> logon path > logon home > domain logons = Yes
> os level = 33
> preferred master = Auto
> domain master = Yes
> ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra
> ldap delete dn = Yes
> ldap group suffix = ou=group
> ldap machine suffix = ou=machines
> ldap passwd sync = yes
> ldap suffix = dc=sigesgroup,dc=intra
> ldap ssl = no
> ldap user suffix = ou=People
> idmap config * :range = 5000 - 50000
> ldapsam:editposix = yes
> ldapsam:trusted = yes
> idmap config * : backend = ldap:ldap://192.0.200.2/
>
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = Yes
>
> [profiles]
> path = /home/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
>
> why is not it working?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba