I've been using samba for several years now and so my configuration
hasnt changed much in that time. We've setup a samba pdc+ldap backend
and previously using smbldap-tools. I haven't had to add a new machine
in a long while until recently a new user said they couldn't remote
desktop to a windows server I have part of our domain. Older users
still were able to access it.
I decided to leave then join the domain, but that ran into another
issue. I cant add the server back to the domain since I was getting
'no challanage send to client' messages. Searching this I found I
needed to use winbind and setup idmap settings. Following the wiki, I
set this up, but still unable to join to the domain.
Now it says its unable to allocate a uid to create the machine entry
in ldap. I'm not sure what to do next. wbinfo is able to report info
on users, but wbinfo -g returns nothing. In the logs for winbind I see
errors saying for gid 0 got 0 entries, and for a few other gids.
I tried wbinfo --allocate-uid/gid and get the following:
failed to call wbcAllocateGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not allocate a gid
In the logs, all I see is
Could not allocate gid: NT_STATUS_UNSUCCESSFUL
Here is my samba global settings:
[global]
workgroup = X.X.X
netbios name = ROSS
server string = PDC %v
encrypt passwords = yes
passdb backend = ldapsam:ldap://X.X.X.X
ldapsam:trusted = yes
ldapsam:editposix = yes
domain master = yes
preferred master = yes
local master = yes
os level = 255
dns proxy = yes
wins support = yes
name resolve order = host wins lmhosts bcast
domain logons = yes
client ntlmv2 auth = yes
loglevel = 2 auth:1 sam:10 winbind:10 passdb:0 smb:10 rpc_srv:3
log file = /var/log/samba/log.%m
syslog = 0
time server = yes
ldap suffix = dc=X,dc=X,dc=X
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap ssl = start tls
ldap admin dn = cn=samba,ou=DSA,dc=X,dc=X,dc=X
logon path = \\%L\profiles\%U
logon script = netlogon.bat
time server = Yes
deadtime = 10
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
printcap name = /etc/printcap
load printers = no
interfaces = eth0 lo
bind interfaces only = yes
winbind enum users = yes
winbind enum groups = yes
idmap config * : default = yes
idmap config * : readonly = no
idmap config * : backend = ldap
idmap config * : range = 1000-1000000
idmap config * : ldap_url = ldap://X.X.X.X
idmap config * : ldap_base_dn = ou=Idmap,dc=X,dc=X,dc=X
idmap config * : ldap_user_dn = cn=idmap,ou=DSA,dc=X,dc=X,dc=X
winbind use default domain = Yes
winbind nested groups = Yes
