Join Windows machines to a Samba3 domain

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Join Windows machines to a Samba3 domain

Lea Massiot
Hello and thank you for reading my post.

My problem is about joining Windows machines to a Samba3 domain.

Below is what happened:

1) I installed the three servers DHCPD, BIND9 and SAMBA on a machine A running Debian Wheezy.
   I managed to join all the Windows machines in the LAN to the Samba3 domain properly.
   I insist on the fact that, at this point, everything was running properly: I could see and access all the shares in the LAN.

2) Then, I tried to join a brand new Windows Server 2012 R2 to the domain and it failed.

3) I decided to install Samba4 on the machine A.
   I couldn't make it work because I do not have enough time presently to set up a Samba4 server as it's not straightforward.
   So I decided to revert to the previous configuration with a Samba3 server.
   After I did this nothing was working anymore.
   The Windows machines failed to join the domain.

4) So I reinstalled on another machine B running Debian Wheezy the triplet of services DHCPD, BIND9, SAMBA3.

Here is the problem:
now, every time I try to join a Windows machine to the domain (whether it is an XP, a 7 or a Server 2003 OS) it fails with the message:

An Active Directory Domain Controller (AD DC) for the domain "MY_DOMAIN" could not be contacted.
Ensure that the domain name is typed correctly.

Details:
The domain name "MY_DOMAIN" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "MY_DOMAIN":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.MY_DOMAIN

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.12.5

- One or more of the following zones do not include delegation to its child zone:

MY_DOMAIN
. (the root zone)

Can you help me solve that problem?
I've been checking my configurations: they look correct.
I don't know if there is something to do either on the Samba3 server or on the Windows machines or on both of them to make this work again.
Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
I really need some help.
Every time I try to join the Samba3 domain from any Windows machine in my LAN I get the same message (see my previous post: "An Active Directory Domain Controller (AD DC) for the domain "MY_DOMAIN" could not be contacted. [...]").
This didn't use to happen before I introduced a Samba4 domain controller in this very same LAN. Presently, the machine which was running the Samba4 domain controller is shutdown.
The only running domain controller is a Samba3 domain controller which is configured the way I usually do, a way which has perfectly worked for years now.
I have tried "millions" of things both on the server and on the Windows machines and I can't still make it work.
It's driving me mad.
Thank you and best regards.

/etc/samba/smb.conf
[global]
   workgroup = MY_DOMAIN
   server string = %h Samba server
   log level = 1
   log file = /var/log/samba/log.%m
   max log size = 1000
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   logon path = 
   logon home =
   domain logons = yes
   os level = 254
   preferred master = yes
   domain master = yes
   local master = yes
   remote browse sync = yes
   passdb backend = smbpasswd

[my_partage]
   comment = my_partage
   path = /my_partage
   force group = domadm
   read only = no
   create mask = 0664
   directory mask = 0775
   guest ok = yes
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 16/01/14 16:49, Lea Massiot wrote:

> I really need some help.
> Every time I try to join the Samba3 domain from any Windows machine in my
> LAN I get the same message (see my previous post: "An Active Directory
> Domain Controller (AD DC) for the domain "MY_DOMAIN" could not be contacted.
> [...]").
> This didn't use to happen before I introduced a Samba4 domain controller in
> this very same LAN. Presently, the machine which was running the Samba4
> domain controller is shutdown.
> The only running domain controller is a Samba3 domain controller which is
> configured the way I usually do, a way which has perfectly worked for years
> now.
> I have tried "millions" of things both on the server and on the Windows
> machines and I can't still make it work.
> It's driving me mad.
> Thank you and best regards.
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659386.html
> Sent from the Samba - General mailing list archive at Nabble.com.
So you set up a samba3 PDC and then tried to join a windows AD server to
it ? I do not think that this is ever going to work. You tried to join
an AD server to a windows NT server, they are very different beasts.

It would seem that ALL your clients are now looking for an AD server
that is no longer there, I think that you are going to have to look into
upgrading your S3 server to a S4 AD server, do a search on classicupgrade.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Hello and thank you for your answer.

Rowland Penny-5 wrote> So you set up a samba3 PDC and then tried to join a windows AD server to it ?

No, I didn't. Sorry for not having been clear enough on that point.
- I had a working Samba3 server on a machine A.
- I stopped it and apt-get installed a Samba4 PDC on this same machine A.
- Then I apt-get purged the samba4 package and tried to rerun the Samba3 PDC which used to work perfectly before.
- Then I realized the Samba3 configuration wasn't working anymore.

Rowland Penny-5 wrote> It would seem that ALL your clients are now looking for an AD server that is no longer there.

Yes indeed, this is what it looks like.
How can I change these Windows clients behaviour?
How can I reinit them?


Rowland Penny-5 wrote> I think that you are going to have to look into upgrading your S3 server to a S4 AD server.

I would really prefer not to since it looks complicated to me and that I can't really afford a Samba4 setup right now unless there is a really simple procedure. But as far as I investigated, it's not straightforward to me. Given the fact that I'm not specialized in that matters and that I only know how to make DHCPD/BIND9 and SAMBA3 work together (which used to be good enough for my needs until now), I would need a good tutorial/howto/documentation which I haven't found yet (my OS is Debian Wheezy).

Thank you for helping.
Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 16/01/14 18:13, Lea Massiot wrote:

> Hello and thank you for your answer.
>
> /Rowland Penny-5 wrote> So you set up a samba3 PDC and then tried to join a
> windows AD server to it ?/
>
> No, I didn't. Sorry for not having been clear enough on that point.
> - I had a working Samba3 server on a machine A.
> - I stopped it and apt-get installed a Samba4 PDC on this same machine A.
> - Then I apt-get purged the samba4 package and tried to rerun the Samba3 PDC
> which used to work perfectly before.
> - Then I realized the Samba3 configuration wasn't working anymore.
>
> /Rowland Penny-5 wrote> It would seem that ALL your clients are now looking
> for an AD server that is no longer there./
>
> *Yes indeed, this is what it looks like.
> How can I change these Windows clients behaviour?
> How can I reinit them?*
>
> /Rowland Penny-5 wrote> I think that you are going to have to look into
> upgrading your S3 server to a S4 AD server./
>
> I would really prefer not to since it looks complicated to me and that I
> can't really afford a Samba4 setup right now unless there is a really simple
> procedure. But as far as I investigated, it's not straightforward to me.
> Given the fact that I'm not specialized in that matters and that I only know
> how to make DHCPD/BIND9 and SAMBA3 work together (which used to be good
> enough for my needs until now), I would need a good
> tutorial/howto/documentation which I haven't found yet (my OS is Debian
> Wheezy).
>
> Thank you for helping.
> Best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659399.html
> Sent from the Samba - General mailing list archive at Nabble.com.
I think that you may have to invest some time here if you are going to
use the windows server, I have a feeling that the latest versions of
windows will not join to a NT-like server (which a S4 PDC is).

I know that this is no help to you now, but you shouldn't have messed
with your production setup, you should have tried it out in a test
environment first, in VM's if need be.

To try and help you, more info is needed, your smb.confs etc to start with.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
In reply to this post by Lea Massiot
Thank you for your answer.

Below are some details about the Samba3 configuration which usually works for me.

=== MAIN CONFIGURATION FILE /etc/smb.conf ===
[global]
   workgroup = MY_DOMAIN
   server string = %h Samba server
   log level = 1
   log file = /var/log/samba/log.%m
   max log size = 1000
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   logon path = 
   logon home =
   domain logons = yes
   os level = 254
   preferred master = yes
   domain master = yes
   local master = yes
   remote browse sync = yes
   passdb backend = v

[my_partage]
   comment = my_partage
   path = /my_partage
   force group = domadm
   read only = no
   create mask = 0664
   directory mask = 0775
   guest ok = yes
=== DOMAIN USERS' GROUP ===
I add a "domadm" group.

root> groupadd domadm
root> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d

I add the users the "domadm" group in "/etc/group":
domadm:x:1001:<username1>,<username2>,<username3>
=== MACHINES ===
root> groupadd machines

I add the machines on the LAN using the two commands:
root> useradd -g machines -s /dev/null -d /bin/false <machine_name>$
root> smbpasswd -a -m <machine_name>$
=== USERS ===
I add the users using the two commands:
root> useradd <username>
root> smbpasswd -a <username>
=== SHARE ===
root> mkdir -p /<my_partage>
root> chown <username>:domadm /<my_partage>
root> chmod g+w /<my_partage>

Below are some details about the BIND9 server and DHCPD server configurations which usually works for me.

- I have two zone files for name resolution and reverse name resolution.
- The BIND9 and DHCPD are set to work together: when an IP is delivered by the DHCPD server to a client machine, the BIND9 zone files are updated automatically.

======
I have to say that, at the time, it took me a lot of time to make all this work properly.
Also, even if I agree with you (I wasn't cautious enough), I think that it's wrong not to be able to revert to the previous state. Yet I don't know who is to blame for this.
You didn't really answered my question: it's not possible to force the Windows clients to work as they used to?
I just read in that document:
http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
the following sentence:
PLEASE NOTE: Make sure you thoroughly test your conversion and how your clients react before you activate your new server
in your production environment! Once a Windows client finds and connects to the new server, it is not possible to go back!
I wish I could know what happened which is not reversible.

Thank you for helping.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 16/01/14 19:09, Lea Massiot wrote:

> Thank you for your answer.
>
> Below are some details about the Samba3 configuration which usually works
> for me.
>
> === MAIN CONFIGURATION FILE /etc/smb.conf ===
>
> === DOMAIN USERS' GROUP ===
>
> === MACHINES ===
>
> === USERS ===
>
> === SHARE ===
>
>
> Below are some details about the BIND9 server and DHCPD server
> configurations which usually works for me.
>
> - I have two zone files for name resolution and reverse name resolution.
> - The BIND9 and DHCPD are set to work together: when an IP is delivered by
> the DHCPD server to a client machine, the BIND9 zone files are updated
> automatically.
>
> ======
> I have to say that, at the time, it took me a lot of time to make all this
> work properly.
> Also, even if I agree with you (I wasn't cautious enough), I think that it's
> wrong not to be able to revert to the previous state. Yet I don't know who
> is to blame for this.
> You didn't really answered my question: it's not possible to force the
> Windows clients to work as they used to?
> I just read in that document:
> http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
> the following sentence:
>
> I wish I could know what happened which is not reversible.
>
> Thank you for helping.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659413.html
> Sent from the Samba - General mailing list archive at Nabble.com.
You didn't actually post any information, and I am not saying that you
cannot revert what you have done, but we need to see what you had before
and what you tried to do, before we can try and help you get back to
where you where. This includes knowing what OS's you are using, what
versions of samba etc.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Thomas Simmons-2
In reply to this post by Lea Massiot
You can't upgrade to an Active Directory domain and go back to an NT4-style
domain. I think your best bet is to get Samba4 working.

On Jan 16, 2014 11:51 AM, "Lea Massiot" <[hidden email]> wrote:
>
> I really need some help.
> Every time I try to join the Samba3 domain from any Windows machine in my
> LAN I get the same message (see my previous post: "An Active Directory
> Domain Controller (AD DC) for the domain "MY_DOMAIN" could not be
contacted.
> [...]").
> This didn't use to happen before I introduced a Samba4 domain controller
in
> this very same LAN. Presently, the machine which was running the Samba4
> domain controller is shutdown.
> The only running domain controller is a Samba3 domain controller which is
> configured the way I usually do, a way which has perfectly worked for
years

> now.
> I have tried "millions" of things both on the server and on the Windows
> machines and I can't still make it work.
> It's driving me mad.
> Thank you and best regards.
>
>
>
>
>
> --
> View this message in context:
http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659386.html
> Sent from the Samba - General mailing list archive at Nabble.com.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
 On Jan 16, 2014 11:51 AM, "Lea Massiot" <[hidden email]> wrote:

> I really need some help.
> Every time I try to join the Samba3 domain from any Windows machine in my
> LAN I get the same message (see my previous post: "An Active Directory
> Domain Controller (AD DC) for the domain "MY_DOMAIN" could not be
> contacted.
> [...]").
> This didn't use to happen before I introduced a Samba4 domain controller in
> this very same LAN. Presently, the machine which was running the Samba4
> domain controller is shutdown.
> The only running domain controller is a Samba3 domain controller which is
> configured the way I usually do, a way which has perfectly worked for years
> now.
> I have tried "millions" of things both on the server and on the Windows
> machines and I can't still make it work.
> It's driving me mad.
> Thank you and best regards.
>
>
>
>
>
> --
> View this message in context:
> http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659386.html
> Sent from the Samba - General mailing list archive at Nabble.com.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Michael Brown
On 14-01-16 02:24 PM, Thomas Simmons wrote:
> You can't upgrade to an Active Directory domain and go back to an NT4-style
> domain. I think your best bet is to get Samba4 working.
He's right. It's really not too bad - I just upgraded our production
domain last night and I'm getting all the fiddly bits in place today (we
have an ancient LDAP server from which we're migrating that has TONS of
cruft).

M.

--
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
☎: +1 519 883 1172 x5106    | termination of their C programs.' - Firth

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Thank you for you answers.

Rowland Penny-5 wrote> You didn't actually post any information

Oh my, I did.

- The OS is "Debian GNU/Linux 7.3 (wheezy)".
- The DHCP server is "isc-dhcpd-4.2.2".
- The DNS server is "BIND 9.8.4-rpz2+r1005.12-P1".
- The Samba server version is "3.6.6".

Rowland Penny-5 wrote> I am not saying that you cannot revert what you have done
Thomas Simmons wrote> You can't upgrade to an Active Directory domain and go back to an NT4-style domain.


Well, it's really hard for me to understand the current situation in my LAN...

Thomas Simmons wrote> I think your best bet is to get Samba4 working.
Michael Brown wrote> I'm getting all the fiddly bits in place today


Yes, well, sometimes it takes days or weeks to put all these fiddly bits in place.

I have no LDAP server.
Have you found a tutorial that could help?

If I can't revert the situation in my LAN, I would need a tutorial that explains how to pass from DHCPD/BIND9/SAMBA3 to DHCPD?/BIND9?/SAMBA4 on a Debian server.

Thank you and best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 17/01/14 10:12, Lea Massiot wrote:

> Thank you for you answers.
>
> /Rowland Penny-5 wrote> You didn't actually post any information/
>
> Oh my, I did.
>
> - The OS is "Debian GNU/Linux 7.3 (wheezy)".
> - The DHCP server is "isc-dhcpd-4.2.2".
> - The DNS server is "BIND 9.8.4-rpz2+r1005.12-P1".
> - The Samba server version is "3.6.6".

Oh no you didn't

I asked for copies of your smb.confs etc to try and see what you where
doing, what you did and what you are trying now. Without these, I may
try getting my crystal ball out, but I don't think it is going to work.

>
> /Rowland Penny-5 wrote> I am not saying that you cannot revert what you have
> done
> Thomas Simmons wrote> You can't upgrade to an Active Directory domain and go
> back to an NT4-style domain./
>
> Well, it's really hard for me to understand the current situation in my
> LAN...
>
> /Thomas Simmons wrote> I think your best bet is to get Samba4 working.
> Michael Brown wrote> I'm getting all the fiddly bits in place today/
>
> Yes, well, sometimes it takes days or weeks to put all these fiddly bits in
> place.
>
> I have no LDAP server.
> Have you found a tutorial that could help?

You where running a PDC on smbpasswd, just how many users do you have?

Rowland

>
> If I can't revert the situation in my LAN, I would need a tutorial that
> explains how to pass from DHCPD/BIND9/SAMBA3 to DHCPD?/BIND9?/SAMBA4 on a
> Debian server.
>
> Thank you and best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659438.html
> Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Hello Rowland,

Rowland Penny-5 wrote> I asked for copies of your smb.confs etc

I'm sorry, maybe there is a misunderstanding but I posted twice my "smb.conf" configuration file.
And also I tried to describe "precisely" what I did to make the "Samba3" server work.
Maybe I did this wrong.
Maybe the confusion lies in your "etc", what do you need that I didn't send?

Rowland Penny-5 wrote> You where running a PDC on smbpasswd, just how many users do you have?
Exactly.
I have 6 users and 20 machines in the current "smbpasswd" file.

Thank you for helping.
Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Maybe you didn't see my "smb.conf" because I surrounded it with "raw" tags... it happened to me in the past... ?
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 17/01/14 10:36, Lea Massiot wrote:
> Maybe you didn't see my "smb.conf" because I surrounded it with "raw" tags...
> it happened to me in the past... ?
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659445.html
> Sent from the Samba - General mailing list archive at Nabble.com.
I cannot find any copy of your smb.conf's in any email that I have
received, please try pasting them into the email as-is

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
In reply to this post by Lea Massiot
Below is what I posted yesterday without the "raw" tags.

Below are some details about the Samba3 configuration which usually works for me.

=== MAIN CONFIGURATION FILE /etc/smb.conf ===

[global]
   workgroup = MY_DOMAIN
   server string = %h Samba server
   log level = 1
   log file = /var/log/samba/log.%m
   max log size = 1000
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   logon path =
   logon home =
   domain logons = yes
   os level = 254
   preferred master = yes
   domain master = yes
   local master = yes
   remote browse sync = yes
   passdb backend = v

[my_partage]
   comment = my_partage
   path = /my_partage
   force group = domadm
   read only = no
   create mask = 0664
   directory mask = 0775
   guest ok = yes

=== DOMAIN USERS' GROUP ===

I add a "domadm" group.

root> groupadd domadm
root> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d

I add the users the "domadm" group in "/etc/group":
domadm:x:1001:<username1>,<username2>,<username3>

=== MACHINES ===

root> groupadd machines

I add the machines on the LAN using the two commands:
root> useradd -g machines -s /dev/null -d /bin/false <machine_name>$
root> smbpasswd -a -m <machine_name>$

=== USERS ===

I add the users using the two commands:
root> useradd <username>
root> smbpasswd -a <username>

=== SHARE ===

root> mkdir -p /<my_partage>
root> chown <username>:domadm /<my_partage>
root> chmod g+w /<my_partage>


Below are some details about the BIND9 server and DHCPD server configurations which usually works for me.

- I have two zone files for name resolution and reverse name resolution.
- The BIND9 and DHCPD are set to work together: when an IP is delivered by the DHCPD server to a client machine, the BIND9 zone files are updated automatically.

Thank you for helping.
Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 17/01/14 10:41, Lea Massiot wrote:

> Below is what I posted yesterday without the "raw" tags.
>
> Below are some details about the Samba3 configuration which usually works
> for me.
>
> === MAIN CONFIGURATION FILE /etc/smb.conf ===
>
> [global]
>     workgroup = MY_DOMAIN
>     server string = %h Samba server
>     log level = 1
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     socket options = TCP_NODELAY IPTOS_LOWDELAY
>     logon path =
>     logon home =
>     domain logons = yes
>     os level = 254
>     preferred master = yes
>     domain master = yes
>     local master = yes
>     remote browse sync = yes
>     passdb backend = v
>
> [my_partage]
>     comment = my_partage
>     path = /my_partage
>     force group = domadm
>     read only = no
>     create mask = 0664
>     directory mask = 0775
>     guest ok = yes
>
> === DOMAIN USERS' GROUP ===
>
> I add a "domadm" group.
>
> root> groupadd domadm
> root> net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512
> type=d
>
> I add the users the "domadm" group in "/etc/group":
> domadm:x:1001:<username1>,<username2>,<username3>
>
> === MACHINES ===
>
> root> groupadd machines
>
> I add the machines on the LAN using the two commands:
> root> useradd -g machines -s /dev/null -d /bin/false <machine_name>$
> root> smbpasswd -a -m <machine_name>$
>
> === USERS ===
>
> I add the users using the two commands:
> root> useradd <username>
> root> smbpasswd -a <username>
>
> === SHARE ===
>
> root> mkdir -p /<my_partage>
> root> chown <username>:domadm /<my_partage>
> root> chmod g+w /<my_partage>
>
>
> Below are some details about the BIND9 server and DHCPD server
> configurations which usually works for me.
>
> - I have two zone files for name resolution and reverse name resolution.
> - The BIND9 and DHCPD are set to work together: when an IP is delivered by
> the DHCPD server to a client machine, the BIND9 zone files are updated
> automatically.
>
> Thank you for helping.
> Best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659447.html
> Sent from the Samba - General mailing list archive at Nabble.com.
OK, this time I can see your smb.conf, but I do not understand it, what
is this:

passdb backend = v

I have never heard of this backend, also you do not seem to have the
'netlogon' share that is required to be a PDC.
I personally think that you were actually running a workgroup, not a
domain and cannot see how you can get from there to an AD domain. With
only 6 users, you might as well start from scratch, set up a new samba4
AD server, create the 6 users in AD and then join the 20 machines to the
AD, this in the long run is probably  going to be the easiest way out.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Hello Rowland,

Rowland Penny-5 wrote>
> OK, this time I can see your smb.conf, but I do not understand it, what is this:
> passdb backend = v
> I have never heard of this backend, also you do not seem to have the 'netlogon' share that is required to be a PDC.

Sorry for that. I'm not lucky. I try to do things right and I do them wrong.
I think the "smb.conf" below is complete and correct this time.
I've never had a "netlogon" share.

[global]
   workgroup = MY_DOMAIN
   server string = %h Samba server
   log level = 1
   log file = /var/log/samba/log.%m
   max log size = 1000
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   logon path =
   logon home =
   domain logons = yes
   os level = 254
   preferred master = yes
   domain master = yes
   local master = yes
   remote browse sync = yes
   passdb backend = smbpasswd

[my_partage]
   comment = my_partage
   path = /my_partage
   force group = domadm
   read only = no
   create mask = 0664
   directory mask = 0775
   guest ok = yes

Rowland Penny-5 wrote>
> I personally think that you were actually running a workgroup, not a
> domain and cannot see how you can get from there to an AD domain. With
> only 6 users, you might as well start from scratch, set up a new samba4
> AD server, create the 6 users in AD and then join the 20 machines to the
> AD, this in the long run is probably  going to be the easiest way out.

When it works, it pretty much works like a domain... :)
I'm ready now to set up a new "Samba4 domain" the way you suggest.
Will I be able to keep my DHCPD and BIND9 configurations?
Can you help me?

Thank you and best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Rowland Penny-5
On 17/01/14 11:31, Lea Massiot wrote:

> Hello Rowland,
>
> Rowland Penny-5 wrote>
>> OK, this time I can see your smb.conf, but I do not understand it, what is
>> this:
>> passdb backend = v
>> I have never heard of this backend, also you do not seem to have the
>> 'netlogon' share that is required to be a PDC.
> Sorry for that. I'm not lucky. I try to do things right and I do them wrong.
> I think the "smb.conf" below is complete and correct this time.
> I've never had a "netlogon" share.
>
> [global]
>     workgroup = MY_DOMAIN
>     server string = %h Samba server
>     log level = 1
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     socket options = TCP_NODELAY IPTOS_LOWDELAY
>     logon path =
>     logon home =
>     domain logons = yes
>     os level = 254
>     preferred master = yes
>     domain master = yes
>     local master = yes
>     remote browse sync = yes
>     passdb backend = smbpasswd
>
> [my_partage]
>     comment = my_partage
>     path = /my_partage
>     force group = domadm
>     read only = no
>     create mask = 0664
>     directory mask = 0775
>     guest ok = yes
>
> Rowland Penny-5 wrote>
>> I personally think that you were actually running a workgroup, not a
>> domain and cannot see how you can get from there to an AD domain. With
>> only 6 users, you might as well start from scratch, set up a new samba4
>> AD server, create the 6 users in AD and then join the 20 machines to the
>> AD, this in the long run is probably  going to be the easiest way out.
> When it works, it pretty much works like a domain... :)

Are you sure?

> I'm ready now to set up a new "Samba4 domain" the way you suggest.
> Will I be able to keep my DHCPD and BIND9 configurations?

Probably not.

> Can you help me?

Oh yes!
First things first, what OS are you proposing to use for your samba 4
server and how where thinking of installing samba4, compiling it
yourself (highly recommended) or installing from packages?

Rowland

>
> Thank you and best regards.
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Join-Windows-machines-to-a-Samba3-domain-tp4659356p4659454.html
> Sent from the Samba - General mailing list archive at Nabble.com.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

steve-2
In reply to this post by Lea Massiot
On Fri, 2014-01-17 at 03:31 -0800, Lea Massiot wrote:

> Hello Rowland,
>
> Rowland Penny-5 wrote>
> > OK, this time I can see your smb.conf, but I do not understand it, what is
> > this:
> > passdb backend = v
> > I have never heard of this backend, also you do not seem to have the
> > 'netlogon' share that is required to be a PDC.
>
> Sorry for that. I'm not lucky. I try to do things right and I do them wrong.
> I think the "smb.conf" below is complete and correct this time.
> I've never had a "netlogon" share.
>
> [global]
>    workgroup = MY_DOMAIN
>    server string = %h Samba server
>    log level = 1
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    socket options = TCP_NODELAY IPTOS_LOWDELAY
>    logon path =
>    logon home =
>    domain logons = yes
>    os level = 254
>    preferred master = yes
>    domain master = yes
>    local master = yes
>    remote browse sync = yes
>    passdb backend = smbpasswd
>
> [my_partage]
>    comment = my_partage
>    path = /my_partage
>    force group = domadm
>    read only = no
>    create mask = 0664
>    directory mask = 0775
>    guest ok = yes
>
> Rowland Penny-5 wrote>
> > I personally think that you were actually running a workgroup, not a
> > domain and cannot see how you can get from there to an AD domain. With
> > only 6 users, you might as well start from scratch, set up a new samba4
> > AD server, create the 6 users in AD and then join the 20 machines to the
> > AD, this in the long run is probably  going to be the easiest way out.

Hi
Mmm. 6 users and 20 machines. Unless you need a domain for security
reasons, then maybe something like a cloud share would be better,
especially if you know the users.

Of course, if you wish to go ahead with Samba then don't hesitate to
post back. Give us loads of information. Even if you don't think it's
relevant. Converting the smb.conf you have to AD is easy. The most time
consuming part will probably be physically walking to each machine,
setting the dns and joining it to the domain.

Cheers,
Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Join Windows machines to a Samba3 domain

Lea Massiot
Thank you.

Rowland Penny-5 wrote>  
> First things first, what OS are you proposing to use for your samba 4 server
> and how where thinking of installing samba4, compiling it yourself (highly recommended) or installing from packages?

The OS is Debian Wheezy.
I would prefer installing from packages (it's what I do usually).
(apt-get install dhcp3-server / apt-get install bind9 / apt-get install samba).

steve-2 wrote >
> Converting the smb.conf you have to AD is easy.

That's good news.

steve-2 wrote >
> The most time consuming part will probably be physically walking to each machine, setting the dns and joining it to the domain.

It's not a problem.

Thank you for helping and best regards.