samba - Aug 2013 - Samba 4 as member server

Hello list,

I'm trying to setup a small samba4 domain ( 1 DC, 1 member server, 12 Win7
clients) on Ubuntu with the packages shipped with Ubuntu 13.04 (Samba
4.0.0), I also tried on Ubuntu 13.10 (Samba 4.0.3).

DC seems to work fine, I can manage users an gpo, clients can join and
logon. But I cannot the member server working.

My smb.conf:

[global]
        workgroup = VERWALTUNG
        security = ads
        realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE
        encrypt passwords = true
        server services = +smb -s3fs

        idmap config *:backend = tdb
        idmap config *:range = 70001-80000
        idmap config VERWALTUNG:backend = ad
        idmap config VERWALTUNG:schema_mode = rfc2307
        idmap config VERWALTUNG:range = 500-40000

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes

  server role = domain controller
  dcerpc endpoint servers = -winreg -srvsvc
[verwaltung]
        path = /srv/shares
        read only = no

[sysvol]
  path = /var/lib/samba/sysvol
  read only = no

[netlogon]
  path = /var/lib/samba/sysvol/VERWALTUNG.LEIBNIZ-REMSCHEID.DE/scripts
  read only = no


I did 'samba-tool domain join VERWALTUNG -UAdministrator' with success:
"Joined domain SID". The server is listet in AD Tools.

But 'samba -i -M single -d1' stops working with:

samba: /usr/lib/x86_64-linux-gnu/libwbclient.so.0: no version information
available (required by /usr/lib/x86_64-linux-gnu/samba/libauth4.so)
samba version 4.0.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
task_server_terminate: [ldap_server: no LDAP server required in member
server configuration]
task_server_terminate: [cldap_server: no CLDAP server required in member
server configuration]
task_server_terminate: [kdc: no KDC required in member server configuration]
task_server_terminate: [dreplsrv: no DSDB replication required in domain
member configuration]
task_server_terminate: [Cannot start Winbind (domain member): Failed to
find record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such
object: (null): Have you joined the VERWALTUNG domain?]
samba_terminate: Cannot start Winbind (domain member): Failed to find
record for VERWALTUNG in /var/lib/samba/private/secrets.ldb: No such
object: (null): Have you joined the VERWALTUNG domain?


root at server04:/var/lib/samba/private# ls -la
insgesamt 3784
drwxr-xr-x 3 root root    4096 Aug  5 21:50 .
drwxr-xr-x 7 root root    4096 Aug  5 21:47 ..
-rw------- 1 root root 1286144 Aug  5 21:50 privilege.ldb
-rw------- 1 root root     696 Aug  5 21:50 randseed.tdb
-rw------- 1 root root 1286144 Aug  5 21:50 sam.ldb
-rw------- 1 root root 1286144 Aug  5 21:50 secrets.ldb
drwxr-xr-x 3 root root    4096 Aug  5 21:50 smbd.tmp


Please help!

Thx,

Klaus

On Mon, 2013-08-05 at 22:25 +0200, Klaus R?rig wrote:
>  I cannot the member server working.
> 
> My smb.conf:
> 
Hi
Leave the domain and remove the .tdb files in /var/lib/smb. Then rejoin
with this:
> [global]
>         workgroup = VERWALTUNG
>         security = ads
>         realm = VERWALTUNG.LEIBNIZ-REMSCHEID.DE
>         encrypt passwords = true
>         idmap config *:backend = tdb
>         idmap config *:range = 70001-80000
>         idmap config VERWALTUNG:backend = ad
>         idmap config VERWALTUNG:schema_mode = rfc2307
>         idmap config VERWALTUNG:range = 500-40000
> 
>         winbind nss info = rfc2307
>         winbind trusted domains only = no
>         winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
> 
> [verwaltung]
>         path = /srv/shares
>         read only = no
Start it with:
smbd; winbindd

Prolly not perfect, but should get you a bit close.
hth
Steve