Daniel ATUALIZEM TENHO NOVO MSN
2014-Oct-09 12:43 UTC
[Samba] Samba4 as BDC on a Win2003 AD_PDC
HI, I have a Windows 2003 as AD PDC. My intention is disable this Windows and use Samba4 instead. I have compiled Samba 4.1.12 on Debian 7 without problems. I followed Samba Wiki to Join this machine to Win domain, without to do the Samba4 provision steps, as mentioned. The join process occurs without errors and all strutcture of Wind2003 was replicated to Samba4. All modifications done on Windows 2003 are updated to Samba 4. But, using RSAT to conect to Samba4, I can't create or delete new users or groups. I receive this message on RSAT: "The server is unwilling to process the request" This is the output on log.samba when I try to create or modify an user by RSAT connected on Samba 4 [2014/10/09 09:36:29.901189, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_NO_LOGON_SERVERS - extended_ret[0x0] And, this message is output on log.samba all the time: [2014/10/09 09:37:00.527471, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:e50ee076-7a81-4616-aace-c18b350b7d4d._msdcs.ITEMNT[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS I need a help to solve this issue. I want to change Wind2003 AD to Samba4 AD by: 1 - using Samba4 as secondary to get all users from Windows; 2 - testing Samba4 to create, modify and delete users, and replicate to Windows 2003; 3 - If step 2 pass, I wanto to "promote" samba 4 as primary DC and turning off Windows 2003; 4 - I will create a new samba4 to use as secondary DC. Thanks for any help!
Did you join the samba 4 host as dc to w2003 domain? AS I read you just set up a member server!? EDV Daniel M?ller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 T?bingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller at tropenklinik.de Internet: www.tropenklinik.de -----Urspr?ngliche Nachricht----- Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Daniel ATUALIZEM TENHO NOVO MSN Gesendet: Donnerstag, 9. Oktober 2014 14:44 An: samba at lists.samba.org Betreff: [Samba] Samba4 as BDC on a Win2003 AD_PDC HI, I have a Windows 2003 as AD PDC. My intention is disable this Windows and use Samba4 instead. I have compiled Samba 4.1.12 on Debian 7 without problems. I followed Samba Wiki to Join this machine to Win domain, without to do the Samba4 provision steps, as mentioned. The join process occurs without errors and all strutcture of Wind2003 was replicated to Samba4. All modifications done on Windows 2003 are updated to Samba 4. But, using RSAT to conect to Samba4, I can't create or delete new users or groups. I receive this message on RSAT: "The server is unwilling to process the request" This is the output on log.samba when I try to create or modify an user by RSAT connected on Samba 4 [2014/10/09 09:36:29.901189, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_NO_LOGON_SERVERS - extended_ret[0x0] And, this message is output on log.samba all the time: [2014/10/09 09:37:00.527471, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:e50ee076-7a81-4616-aace-c1 8b350b7d4d._msdcs.ITEMNT[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS I need a help to solve this issue. I want to change Wind2003 AD to Samba4 AD by: 1 - using Samba4 as secondary to get all users from Windows; 2 - testing Samba4 to create, modify and delete users, and replicate to Windows 2003; 3 - If step 2 pass, I wanto to "promote" samba 4 as primary DC and turning off Windows 2003; 4 - I will create a new samba4 to use as secondary DC. Thanks for any help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hi Daniel, i'm quite new to Samba list and particulary to Samba4 too, so take my word with a grain of solt. I think that maybe the terminology you use is not quite accurate, or clear. Because (IMHO) you can not have server acting as PDC (primary domain controller) in AD (active directory) as far as i understand it. You can have either one off it, but not both. What you talk about, that you have atm., (i think) is 'classic' NTv4 domain that consists of one PDC and as much as needed BDC servers. Only the PDC can make change in authentication backend - usually some LDAP server. With this being said -in your case - Samba4 can act as PDC or BDC in NTv4 domain - but as you say, you have it as BDC then it can't make changes (please now someone correct me if i'm wrong about this - not sure 100%) If you want to switch off the windows server and retain, or keep NTv4 classic domain with one PDC -> more BDC structure then (IMHO) you need to switch off Windows server and just make the SAmba4 PDC (change smb.conf)- and make sure the SAmba4 server is looking into LDAP database where the former Windoes server was storing the user data. If the Windows server wwas storing data in it's own database, i guess that you would need to export data first to 3rd party database first (openldap, 389 directory server ... etc) and then again switch off windows server, point Samba 4 to LDAP and make changes ins smb.conf making it PDC. I think another possible scenario is that you create AD (active directory) from your Samba4 server, join windows server to it and replicate data there, then you can keep win server running or you can swithc it off. But this takes quite some study - i'm in the process myself, as i plan on moving from Samba3 ->4. But again, you need to decide which type of domain you aim for - AD or classic NTv4 with PDC-BDC? Karel Lang On 10/09/2014 02:43 PM, Daniel ATUALIZEM TENHO NOVO MSN wrote:> HI, > I have a Windows 2003 as AD PDC. > My intention is disable this Windows and use Samba4 instead. > > I have compiled Samba 4.1.12 on Debian 7 without problems. > > I followed Samba Wiki to Join this machine to Win domain, without to do the Samba4 provision steps, as mentioned. > > The join process occurs without errors and all strutcture of Wind2003 was replicated to Samba4. All modifications done on Windows 2003 are updated to Samba 4. > > But, using RSAT to conect to Samba4, I can't create or delete new users or groups. I receive this message on RSAT: > > "The server is unwilling to process the request" > > This is the output on log.samba when I try to create or modify an user by RSAT connected on Samba 4 > > [2014/10/09 09:36:29.901189, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) > ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_NO_LOGON_SERVERS - extended_ret[0x0] > > > And, this message is output on log.samba all the time: > > [2014/10/09 09:37:00.527471, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:e50ee076-7a81-4616-aace-c18b350b7d4d._msdcs.ITEMNT[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS > > I need a help to solve this issue. > > I want to change Wind2003 AD to Samba4 AD by: > 1 - using Samba4 as secondary to get all users from Windows; > 2 - testing Samba4 to create, modify and delete users, and replicate to Windows 2003; > 3 - If step 2 pass, I wanto to "promote" samba 4 as primary DC and turning off Windows 2003; > 4 - I will create a new samba4 to use as secondary DC. > > Thanks for any help! > > > >
On 09/10/14 13:43, Daniel ATUALIZEM TENHO NOVO MSN wrote:> HI, > I have a Windows 2003 as AD PDC. > My intention is disable this Windows and use Samba4 instead. > > I have compiled Samba 4.1.12 on Debian 7 without problems. > > I followed Samba Wiki to Join this machine to Win domain, without to do the Samba4 provision steps, as mentioned. > > The join process occurs without errors and all strutcture of Wind2003 was replicated to Samba4. All modifications done on Windows 2003 are updated to Samba 4. > > But, using RSAT to conect to Samba4, I can't create or delete new users or groups. I receive this message on RSAT: > > "The server is unwilling to process the request" > > This is the output on log.samba when I try to create or modify an user by RSAT connected on Samba 4 > > [2014/10/09 09:36:29.901189, 0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback) > ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_NO_LOGON_SERVERS - extended_ret[0x0] > > > And, this message is output on log.samba all the time: > > [2014/10/09 09:37:00.527471, 0] ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv) > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:e50ee076-7a81-4616-aace-c18b350b7d4d._msdcs.ITEMNT[1025,seal,krb5] NT_STATUS_NO_LOGON_SERVERS > > I need a help to solve this issue. > > I want to change Wind2003 AD to Samba4 AD by: > 1 - using Samba4 as secondary to get all users from Windows; > 2 - testing Samba4 to create, modify and delete users, and replicate to Windows 2003; > 3 - If step 2 pass, I wanto to "promote" samba 4 as primary DC and turning off Windows 2003; > 4 - I will create a new samba4 to use as secondary DC. > > Thanks for any help! > > >Hi, if I understand you correctly, you have have joined your samba4 machine to your windows domain as another DC. I think to try and help you sort out your problem you are going to have to post the smb.conf from the samba4 DC. Rowland